Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Had Yandex on my computer after I removed Hamster Zip. [Closed] [Solve


  • This topic is locked This topic is locked

#1
KiwiProbie

KiwiProbie

    Member

  • Member
  • PipPipPip
  • 333 posts

Hey guys,

 

Header says it all, so i just need my system checked over, malwarebytes, kaspersky free, and Adwcleaner says its clear but I still have MBLauncher in my startups.

 

Logs as per directed in the post for here:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2019
Ran by Tony (30-01-2019 23:56:47)
Running from C:\Users\GGPC\Desktop
Windows 10 Home Version 1803 17134.556 (X64) (2018-07-23 17:16:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-688862063-2713704754-1743232380-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-688862063-2713704754-1743232380-503 - Limited - Disabled)
Guest (S-1-5-21-688862063-2713704754-1743232380-501 - Limited - Disabled)
rache (S-1-5-21-688862063-2713704754-1743232380-1005 - Limited - Enabled) => C:\Users\rache.RIGGS
Tony (S-1-5-21-688862063-2713704754-1743232380-1002 - Administrator - Enabled) => C:\Users\GGPC
WDAGUtilityAccount (S-1-5-21-688862063-2713704754-1743232380-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Free (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{E267C808-4C22-457E-B74B-50EAB4AD9030}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{9486AD8F-39F4-470B-92FD-BC423ABAEC43}) (Version: 19.1.4.5 - Intel) Hidden
7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Authy Desktop (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\authy-electron) (Version: 1.7.0 - Twilio Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Call of Duty Black Ops 4 (HKLM-x32\...\Call of Duty Black Ops 4) (Version:  - Blizzard Entertainment)
CAM (HKLM-x32\...\{8F17EBED-54B3-472E-B7CF-C53B6AF38FBD}) (Version: 3.7.4 - NZXT)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
Corsair AURA DRAM Component (HKLM-x32\...\{da7ebf10-b0be-494e-a79d-568546795a51}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.)
CrystalDiskInfo 8.0.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.0.0 - Crystal Dew World)
Discord (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Discord) (Version: 0.0.304 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 417.71 - NVIDIA Corporation) Hidden
Geeks3D FurMark 1.20.2.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Glary Utilities 5.113 (HKLM-x32\...\Glary Utilities 5) (Version: 5.113.0.138 - Glarysoft Ltd)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 4520 series Basic Device Software (HKLM\...\{B46D9E8C-10FE-4873-996B-CA9EA3D7D9FE}) (Version: 40.11.1122.1796 - HP Inc.)
HP ENVY 4520 series Help (HKLM-x32\...\{201E58BD-2A1D-4C4D-BD6F-ADA7669FE3AE}) (Version: 36.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HWiNFO64 Version 6.00 (HKLM\...\HWiNFO64_is1) (Version: 6.00 - Martin Malík - REALiX)
Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1805.12.0.1097 - Intel Corporation)
Intel® Network Connections 23.0.12.0 (HKLM\...\PROSetDX) (Version: 23.0.12.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.0.1000 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Driver & Support Assistant (HKLM-x32\...\{b0134461-205a-4d62-bbdc-1fcabdd02645}) (Version: 19.1.4.5 - Intel)
IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.3.0.11 - IObit)
Kaspersky Free (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{d6cac989-7570-43fd-b147-e31d6280a3a6}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11126.20266 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mozilla Firefox 65.0 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0 (x64 en-US)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
Novabench (HKLM\...\{56C3C944-B587-49D0-87A1-412482140B33}) (Version: 4.0.6 - Novawave Inc.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.17.0.113 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.113 - NVIDIA Corporation)
NVIDIA Graphics Driver 417.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{7C4D55AF-37B4-4D85-9106-CF473CEC9BE6}) (Version: 22.1.2521 - O&O Software GmbH)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Prey Anti-Theft (HKLM-x32\...\{AC67FFDC-B1E6-45C4-B01F-32EC70DBF624}) (Version: 1.8.1 - Prey, Inc.) Hidden
Product Improvement Study for HP ENVY 4520 series (HKLM\...\{1DDC5451-BE8B-4092-AB04-E92127242886}) (Version: 40.11.1122.1796 - HP Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8295 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Spotify) (Version: 1.0.98.78.gb45d2a6b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.9025 - TeamViewer)
TP-Link TL-WN881ND Driver (HKLM-x32\...\{5656127B-0110-4450-9CBD-643E760F152D}) (Version: 1.0.0 - TP-Link)
Unigine Superposition Benchmark 1.0 (HKLM\...\Superposition_is1) (Version: 1.0 - Unigine Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 67.0 - Ubisoft)
Wargaming.net Game Center (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Wargaming.net Game Center) (Version: 18.9.1.3085 - Wargaming.net)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.6.6 64-bit (HKLM-x32\...\Wireshark) (Version: 2.6.6 - The Wireshark developer community, hxxps://www.wireshark.org)
World of Tanks ASIA (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\WOT.SG.PRODUCTION) (Version:  - Wargaming.net)
World_of_Warships_Asia (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\WOWS.ASIA.PRODUCTION) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-01-23] (Glarysoft Ltd)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers1: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2018-11-30] (O&O Software GmbH)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-01-23] (Glarysoft Ltd)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers2: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2018-11-30] (O&O Software GmbH)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-01-11] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-01-23] (Glarysoft Ltd)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2018-11-30] (O&O Software GmbH)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {050278F1-F19F-4923-B547-795AE339F714} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-17] (Microsoft Corporation)
Task: {1DE5D9D8-E11C-4937-91C5-83E4BB8A05C1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-01-10] (Piriform Ltd)
Task: {1E2A4B9D-31C0-4D5F-A7BE-D4F8D3268CF4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2019-01-17] (NVIDIA Corporation)
Task: {1E3B7427-B91C-42A4-9E8F-7A5775A0A44A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
Task: {2A04232A-0C9F-446E-830C-1FAA24EC39B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {30C5B791-F93A-40E0-BF25-E6F5B7F62A9E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2019-01-17] (NVIDIA Corporation)
Task: {3BA546E1-3801-4FBB-AE99-590D94C34E95} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2019-01-17] (NVIDIA Corporation)
Task: {3BD9EF77-DDAA-4869-B69B-4C2EACF67B7B} - System32\Tasks\CAM.Desktop => C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe [2018-11-07] ()
Task: {3F23C60B-289E-4E8A-BCD8-51E3F9B4E3F7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2019-01-17] (NVIDIA Corporation)
Task: {441B0B90-CC06-4D58-97A7-6272E5E245D0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {49A3547A-EA9D-4BD4-BF6E-36D524AD56A2} - System32\Tasks\Uninstaller_SkipUac_Tony => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2019-01-11] (IObit)
Task: {4CEE1DE6-148A-4B7A-B717-70264721C819} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe
Task: {4DE21D99-80AB-43A2-B6ED-B870D5F2A5C4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-09] (Adobe Systems Incorporated)
Task: {4E177E86-CF0F-4FF2-BA7C-1418E477F50B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-01-17] (NVIDIA Corporation)
Task: {5130ED86-ADEF-491F-87A0-56C085839005} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {53DD69FF-D38C-42F9-B2ED-E9D9E0C39380} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd)
Task: {5CD30A00-013A-49F6-A51F-3DEA0394979E} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {62F83496-16DB-4D5B-BD3C-98355D6B49A1} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {71637121-DEEA-4C68-ADCC-CB8132F79F80} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {8922BD96-9157-43E1-9564-5F9A12BC2FBB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-09] (Adobe Systems Incorporated)
Task: {8A8C00A8-972D-4074-9374-3856EC810E44} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {906FF8A9-1106-4E50-9EB3-CF71B27B89DB} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {9832A578-B78D-4F2F-AC42-EAB2333DE0BE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-17] (Microsoft Corporation)
Task: {9949CF6E-6F74-4AA7-8858-1406ABA63DA6} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2019-01-30] (AO Kaspersky Lab)
Task: {AA32106D-D81A-4C40-BB13-93CCF19208C3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-01-17] (NVIDIA Corporation)
Task: {AEF435B9-2DE1-4BCF-93C6-1B77BCDE8E22} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-17] (Microsoft Corporation)
Task: {AF96B9EB-B4E7-48E5-9FDD-E41308BDA870} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {C961E3F3-63D0-479D-8005-60CBF10F81B9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2019-01-17] (Microsoft Corporation)
Task: {CB2B7FB5-2200-4AF0-989E-201899F73E83} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {D236F739-04B4-4C90-B875-159B70C1DD27} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2019-01-17] (NVIDIA Corporation)
Task: {D3CF7EEF-4D89-459C-8ACE-9D3C5A20CA67} - System32\Tasks\S-1-5-21-688862063-2713704754-1743232380-1002\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Corporation)
Task: {D61A42BD-D84B-4555-81F4-F7ACB1A0E956} - System32\Tasks\HPCustParticipation HP ENVY 4520 series => C:\Program Files\HP\HP ENVY 4520 series\Bin\HPCustPartic.exe [2017-04-06] (HP Inc.)
Task: {DD13E469-4407-4DCF-B45A-FA7490AC8550} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-17] (Microsoft Corporation)
Task: {E19E9D71-4410-4A8D-A6B7-8598BEA1A3B5} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {F1ECCC82-C657-44D2-B4B4-98744D12CCE0} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel® Management Engine Components\iCLS\IntelPTTEKRecertification.exe [2017-11-16] (Intel® Corporation)
Task: {F317D034-A7ED-431D-9ADF-CE6BF942DEEE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-19 19:01 - 2018-12-19 19:01 - 000195832 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
2018-07-24 06:13 - 2019-01-17 00:13 - 001315024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-01-22 16:10 - 2018-01-22 16:10 - 000453120 ____R () C:\Program Files\Intel\Wired Networking\NCS2\WMIPROV\Ncs2Provider.dll
2018-01-22 16:08 - 2018-01-22 16:08 - 000419328 ____R () C:\Program Files\Intel\Wired Networking\NCS2\Agent\AdapterAgnt.DLL
2018-04-12 12:34 - 2018-04-12 12:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 12:34 - 2018-04-12 12:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-11-29 10:05 - 2018-11-09 15:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-16 09:44 - 2019-01-09 21:10 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-07 18:38 - 2018-11-07 18:38 - 001955328 _____ () C:\Program Files (x86)\NZXT\CAM\Launcher\ffmpeg.dll
2018-11-07 18:38 - 2018-11-07 18:38 - 003687936 _____ () C:\Program Files (x86)\NZXT\CAM\Launcher\libglesv2.dll
2018-11-07 18:38 - 2018-11-07 18:38 - 000017920 _____ () C:\Program Files (x86)\NZXT\CAM\Launcher\libegl.dll
2018-11-07 18:38 - 2018-11-07 18:38 - 000332912 _____ () C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe
2018-11-29 10:29 - 2018-10-31 07:06 - 001057056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
2018-11-29 10:29 - 2018-09-23 13:00 - 102804768 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2018-11-29 10:29 - 2018-09-23 13:00 - 004866336 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2018-11-29 10:29 - 2018-09-23 13:00 - 000116000 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000937208 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
2018-12-19 19:01 - 2018-12-19 19:01 - 002329336 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000282360 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000578296 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000616696 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000267000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000323832 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000978680 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000243960 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_winstat_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000750840 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_upnp_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000411384 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000558840 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sgx_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000665336 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sampler_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000853240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000636152 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000303864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000778488 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000863480 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
2018-12-19 19:01 - 2018-12-19 19:01 - 000312568 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000555768 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_events_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000636152 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll
2018-11-29 12:05 - 2018-11-29 12:05 - 000899584 _____ () \\?\C:\Windows\Prey\versions\1.8.2\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node
2018-07-24 06:13 - 2019-01-17 00:13 - 001032912 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-11-29 10:29 - 2018-10-31 07:06 - 000879904 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-11-29 10:29 - 2019-01-05 12:33 - 002650400 _____ () C:\Program Files (x86)\Steam\video.dll
2018-11-29 10:29 - 2016-09-01 14:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-11-29 10:29 - 2017-12-20 14:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-11-29 10:29 - 2017-12-20 14:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-11-29 10:29 - 2017-12-20 14:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-11-29 10:29 - 2017-12-20 14:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-11-29 10:29 - 2017-12-20 14:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-11-29 10:29 - 2016-09-01 14:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-11-29 10:29 - 2016-09-01 14:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-11-29 10:29 - 2019-01-05 12:33 - 001028384 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-11-29 10:29 - 2016-07-05 11:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-04-25 12:13 - 2018-04-25 12:13 - 000252184 _____ () C:\Program Files (x86)\NZXT\CAM\libuv.DLL
2018-12-01 15:11 - 2018-05-02 17:42 - 000442128 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2018-12-01 15:11 - 2018-05-02 17:42 - 000210704 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2018-12-01 15:11 - 2018-05-02 17:42 - 000059664 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2018-01-31 19:52 - 2018-01-31 19:52 - 001604240 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:84098FD3 [133]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 12:38 - 2018-12-26 18:44 - 000001052 _____ C:\Windows\system32\drivers\etc\hosts

0.0.0.0    incoming.telemetry.mozilla.org

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\GGPC\Pictures\Follower of the way things\5.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "O&O Defrag Tray.lnk"
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKLM\...\StartupApproved\Run32: => "OnScreen Control"
HKLM\...\StartupApproved\Run32: => "IseUI"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "HP ENVY 4520 series (NET)"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "Browser Manager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2B94ABA8-9DAC-4FCE-A779-EE57306C452B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{CA3AE165-2F9E-4986-8086-49C8F1FFC5BA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{9342342A-A339-4913-B609-64E055C75AED}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{FE593D69-3751-4BC5-BE72-B19F9F53C94D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [TCP Query User{13AF986A-6D70-49EC-8AFB-A7474243E044}D:\program files (x86)\call of duty black ops 4\blackops4.exe] => (Allow) D:\program files (x86)\call of duty black ops 4\blackops4.exe (Activision Publishing, Inc.)
FirewallRules: [UDP Query User{EA52114C-9B36-49F7-BA90-4FEA3593F322}D:\program files (x86)\call of duty black ops 4\blackops4.exe] => (Allow) D:\program files (x86)\call of duty black ops 4\blackops4.exe (Activision Publishing, Inc.)
FirewallRules: [TCP Query User{50EFA744-7CA1-4560-B3B5-96E003BCA909}D:\steam\steamapps\common\rise of the tomb raider\rottr.exe] => (Allow) D:\steam\steamapps\common\rise of the tomb raider\rottr.exe (Eidos Inc.)
FirewallRules: [UDP Query User{0026212E-61E5-4347-A542-7E64144980B8}D:\steam\steamapps\common\rise of the tomb raider\rottr.exe] => (Allow) D:\steam\steamapps\common\rise of the tomb raider\rottr.exe (Eidos Inc.)
FirewallRules: [TCP Query User{50AA50D6-95AA-4CF5-B198-0DE299A50EA8}D:\steam\steamapps\common\the crew 2\thecrew2.exe] => (Allow) D:\steam\steamapps\common\the crew 2\thecrew2.exe (UBISoft)
FirewallRules: [UDP Query User{01F558B5-DAF0-407D-97D7-9710F7E64F8E}D:\steam\steamapps\common\the crew 2\thecrew2.exe] => (Allow) D:\steam\steamapps\common\the crew 2\thecrew2.exe (UBISoft)
FirewallRules: [{FE1D770A-0A51-43E6-9AFF-FF33B2E9DD71}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [{444C56EC-FEC5-4F55-B4AC-52916B47970A}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [TCP Query User{8B28E81F-9E4E-40C1-BF03-4358AC0DFA70}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [UDP Query User{8C43F5E1-32F6-47DE-8E72-8578CCF90D7F}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [TCP Query User{0FF21A64-1182-4152-A306-72EABB6EE01E}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net)
FirewallRules: [UDP Query User{8C9BF5FF-7398-438E-8A02-584910A0FF9A}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net)
FirewallRules: [{73F4E2D5-58B9-4D0D-853B-8155C3356A0F}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{612A7A36-31A2-44BB-A1C9-413ACBB13ED6}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{4D96F7A3-4755-4C6E-AF46-E0EC8A0E1D86}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{17AAE4E7-C69C-480D-A0CB-BE6A4889623F}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{7B43B956-CA5B-4770-846E-88071A77198E}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes)
FirewallRules: [{530234E2-DE8F-4775-93CB-8959C9A2B891}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe ()
FirewallRules: [{97D56D38-F8E3-4B8C-9C6C-07C95FCE9EA3}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{E2EC7159-D90D-46A8-9095-29A1DB738383}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{157437F7-AE3F-43A7-8BD4-4D850A5C0C9C}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{FCE8FFFA-88CE-4BF4-AE2F-01BF47F678D7}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{C21B7C76-5175-488C-8177-AAE18B8B7169}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes)
FirewallRules: [{6C7AC74D-D7FF-4BD1-A705-FE3A2E83988A}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe ()
FirewallRules: [TCP Query User{843D723D-43F4-4FD3-925F-221D8CB2A9E9}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe (HP Inc.)
FirewallRules: [UDP Query User{79D47BD0-30B9-407B-818C-149B73320733}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe (HP Inc.)
FirewallRules: [{A21EB030-A934-49E7-A5E6-FCF29C15E041}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{27AF4214-3EDD-4B1C-9D3D-C9C46C11D6C2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{443C902A-D1A9-4576-BF33-9F47BD918784}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{8202DCCD-49CA-42F9-B909-F59E756EA2B2}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\game.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{53EF0401-9B05-4FC7-9B01-8A39DB059A9F}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\game.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{1BB581D6-4825-4F61-9D69-78FC8FDE9559}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\startup_setting.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{50793547-7ECF-4B26-A0B5-BB6955BA3769}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\startup_setting.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{58649AE4-B7F0-4447-A188-7B771D3200AC}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{27F0ABF9-7CCF-44F0-8E54-1B824D5093DE}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{5F1EADCC-7156-49D8-8744-9C13608BF5A4}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{3489DD16-5F57-408B-B8CC-8F2270F5B7ED}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{01128158-5678-47F4-8BA4-1768CD727EF1}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe (UNIGINE Corp.)
FirewallRules: [{C6232BA7-025E-483A-8DEC-C58D1671AC0B}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe (UNIGINE Corp.)
FirewallRules: [{6F2CB973-A9FB-46AE-910D-A97D8A869EFF}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe (UNIGINE Corp.)
FirewallRules: [{0F224C75-2435-4E45-92B2-1EDAF1355B69}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe (UNIGINE Corp.)
FirewallRules: [{AA4A0295-11DE-47FC-8F75-1AF20E03A3D8}] => (Allow) LPort=38518
FirewallRules: [{5A9D2A7D-3597-463D-8453-42CE0B63EC40}] => (Allow) LPort=9142
FirewallRules: [TCP Query User{2F335881-82A1-47BC-8D51-192E83B92847}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [UDP Query User{DDDF13D4-2855-48B4-98EC-2BCC6E559485}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [{6DC752F5-35B2-4E26-A214-66B0741E5E33}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{37412D99-5092-40E9-A192-5BE1CCABABD2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [TCP Query User{059EAB64-7416-4CAF-A50C-C52150A92EF2}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Block) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [UDP Query User{6357CE5B-D35C-49A1-B8BA-4BE936EF8FE4}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Block) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [{D58EF62D-93A5-437B-A07C-A077621A9B82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{ECC888D2-DBDA-4449-B759-D6DCC148A964}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{EF54B106-204D-4C40-B7C9-287F6455C476}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{3090BF6E-FB80-4B25-86E2-686AEA87A53C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{727D26E6-D7FC-4B4A-A7C2-035FA574B504}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{C32A92CE-6174-4AFB-B4C5-FB3EC87BE71A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{238BA241-13EC-4922-A8CF-0EA4622D49F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{3810CEA8-0AC8-4E8C-899E-E5F86585AF7E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{29D6775C-F710-4413-BFD0-AB7D94A8B117}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [{2A9DD94D-A69F-4D01-9D08-707B73652AAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [TCP Query User{84C4D4D1-F6D3-409F-B041-C5EDF5B41C8A}C:\users\ggpc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ggpc\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [UDP Query User{8C9FB145-492D-40C0-A0AC-1A649228B329}C:\users\ggpc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ggpc\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [{42265327-0B9E-4855-B6DA-1E4E427788A6}] => (Allow) C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)

==================== Restore Points =========================

26-01-2019 13:37:51 Intel® Driver & Support Assistant
30-01-2019 18:16:34 Intel® Driver & Support Assistant
30-01-2019 22:26:25 Installed O&O Defrag Professional
30-01-2019 23:14:04 Installed Novabench

==================== Faulty Device Manager Devices =============

Name: TP-Link Wireless N PCI Express Adapter #2
Description: TP-Link Wireless N PCI Express Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TP-Link Technologies Co., Ltd.
Service: RTWlanE
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Kaspersky Security Data Escort Adapter
Description: Kaspersky Security Data Escort Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Kaspersky Security Data Escort Provider
Service: kltap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2019 11:54:22 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/30/2019 11:54:22 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (01/30/2019 11:54:22 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\Windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/30/2019 11:54:22 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/30/2019 11:54:22 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\Windows\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/30/2019 11:15:06 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/30/2019 11:15:06 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (01/30/2019 11:15:06 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\Windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (01/30/2019 11:52:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/30/2019 11:50:49 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/30/2019 11:50:48 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/30/2019 11:50:47 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/30/2019 11:50:47 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/30/2019 11:50:47 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/30/2019 11:49:10 PM) (Source: DCOM) (EventID: 10005) (User: ZAKELA)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (01/30/2019 11:49:07 PM) (Source: DCOM) (EventID: 10005) (User: ZAKELA)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}


Windows Defender:
===================================
Date: 2018-09-20 07:35:45.721
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

Date: 2018-09-20 07:26:12.892
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-09-20 07:26:12.891
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-09-20 07:26:12.891
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-09-20 07:26:12.819
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-01-30 23:11:23.634
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2019-01-30 22:13:42.183
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2019-01-28 16:16:42.262
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-01-28 16:16:42.255
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-01-28 16:16:42.192
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-01-19 22:31:48.552
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2019-01-19 22:28:10.555
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2019-01-18 19:46:54.877
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

==================== Memory info ===========================

Processor: Intel® Core™ i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 23%
Total physical RAM: 16317.21 MB
Available physical RAM: 12494.03 MB
Total Virtual: 18749.21 MB
Available Virtual: 13373.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.97 GB) (Free:166.77 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:1862.89 GB) (Free:1488.09 GB) NTFS

\\?\Volume{759e9880-0ca3-4f59-876c-1646ea55761d}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{0095f199-42bf-423d-a6c5-269029a5bf07}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 419 posts

Welcome to the Geeks To Go malware removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions completely before you complete them.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, remove it now. It is one is the leading causes of malware infecting a computer.
  • If you have questions about anything, please ask.
--------------------

Please post the contents of the FRST.txt log created when you ran FRST. It should be in the same location as FRST64.exe.

Thanks.
  • 0

#3
KiwiProbie

KiwiProbie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts

Isn't that what I did above?


  • 0

#4
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 419 posts
Hi,

I don't see FRST.txt above, just Addition.txt.
  • 0

#5
KiwiProbie

KiwiProbie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts

I'll do both logs again:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30.01.2019
Ran by Tony (administrator) on ZAKELA (31-01-2019 13:20:33)
Running from C:\Users\GGPC\Desktop
Loaded Profiles: Tony (Available Profiles: Tony & rache)
Platform: Windows 10 Home Version 1803 17134.556 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Novawave Inc.) C:\Program Files\Novawave\Novabench\NovabenchService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Prey, Inc.) C:\Windows\Prey\wpxsvc.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
(Node.js) C:\Windows\Prey\versions\1.8.2\bin\node.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.8.2\node_modules\os-triggers\bin\lightevt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(NZXT) C:\Program Files (x86)\NZXT\CAM\Launcher\CAM.exe
(NZXT) C:\Program Files (x86)\NZXT\CAM\Launcher\CAM.exe
() C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(NZXT) C:\Program Files (x86)\NZXT\CAM\Launcher\CAM.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Microsoft Corporation) C:\Users\GGPC\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-11-09] (Realtek Semiconductor)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [5126944 2018-11-30] (O&O Software GmbH)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [319520 2018-12-06] (Intel Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [126200 2019-01-28] (Intel)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Run: [Discord] => C:\Users\GGPC\AppData\Local\Discord\app-0.0.304\Discord.exe [81747288 2019-01-15] (Discord Inc.)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2019-01-25] (Glarysoft Ltd)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3133216 2019-01-05] (Valve Corporation)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (HP Inc.)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Run: [CAM] => C:\Program Files (x86)\NZXT\CAM\Launcher\CAM.exe [67662960 2018-11-07] (NZXT)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [217088 2018-04-12] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2019-01-30]
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{7C4D55AF-37B4-4D85-9106-CF473CEC9BE6}\app_icon.exe ()
Startup: C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greetings.vbs [2018-05-30] ()
Startup: C:\Users\rache.RIGGS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greetings.vbs [2018-12-03] ()
BootExecute: autocheck autochk *  
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-688862063-2713704754-1743232380-1002\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.0    incoming.telemetry.mozilla.org
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ab82696e-f51d-4413-a96c-f4da4d001a9e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b946f319-c774-4c65-a16b-0b261cf9cda8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c644551a-f22e-4b26-b9ad-223dfde4ce8e}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yandex.ru/?win=370&clid=2310121-135
SearchScopes: HKU\S-1-5-21-688862063-2713704754-1743232380-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://yandex.ru/search/?win=370&clid=2310122-135&text={searchTerms}
SearchScopes: HKU\S-1-5-21-688862063-2713704754-1743232380-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://yandex.ru/search/?win=370&clid=2310122-135&text={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-11-29] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-688862063-2713704754-1743232380-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-17] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-17] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-17] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-688862063-2713704754-1743232380-1002 -> hxxp://www.facebook.com/

FireFox:
========
FF DefaultProfile: gekoak68.default-1543477652566
FF ProfilePath: C:\Users\GGPC\AppData\Roaming\Mozilla\Firefox\Profiles\gekoak68.default-1543477652566 [2019-01-31]
FF Homepage: Mozilla\Firefox\Profiles\gekoak68.default-1543477652566 -> hxxps://www.facebook.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\gekoak68.default-1543477652566 -> type", 0
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\GGPC\AppData\Roaming\Mozilla\Firefox\Profiles\gekoak68.default-1543477652566\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-01-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-01-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-29] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-09] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-11-29] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-05] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2018-12-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2019-01-30] <==== ATTENTION

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

Opera:
=======
OPR StartupUrls: "hxxps:\/\/www.yandex.ru\/?win=370&clid=2310121-135"

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7206312 2018-12-02] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619816 2019-01-04] (Microsoft Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [6886472 2018-11-29] (Prey, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23288 2019-01-28] (Intel)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17440 2018-12-06] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-16] (Intel® Corporation)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [505856 2018-01-22] (Intel Corporation) [File not signed]
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-16] (Intel® Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [153360 2018-09-25] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [214672 2018-01-31] (Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe [414352 2019-01-30] (AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
R2 NovabenchService; C:\Program Files\Novawave\Novabench\NovabenchService.exe [330288 2018-10-06] (Novawave Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790736 2019-01-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790736 2019-01-17] (NVIDIA Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1721632 2018-11-30] (O&O Software GmbH)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] ()
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [195832 2018-12-19] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-17] (TeamViewer GmbH)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-27] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-27] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [18264 2017-09-27] (Intel® Corporation)
S4 asComSvc; "C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33504 2019-01-01] ()
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
R3 cpuz147; C:\Windows\temp\cpuz147\cpuz147_x64.sys [53848 2019-01-31] (CPUID)
S3 gdrv2; C:\Windows\gdrv2.sys [32720 2019-01-12] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [19392 2018-04-23] ()
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2018-11-29] (Glarysoft Ltd)
R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO64A.SYS [65320 2018-12-25] (REALiX™)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [123544 2017-10-15] (Intel Corporation)
R0 iaStorAC; C:\Windows\System32\drivers\iaStorAC.sys [1094792 2018-12-06] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [38424 2017-09-15] (Intel Corporation)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37184 2018-10-16] (IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [43392 2018-10-16] (IObit)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [73416 2018-12-05] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [123152 2018-12-05] (AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [89168 2018-12-05] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [219744 2019-01-30] (AO Kaspersky Lab)
R1 KLHK; C:\Windows\System32\drivers\klhk.sys [1214752 2019-01-30] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [190784 2019-01-30] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1113696 2019-01-30] (AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [45768 2018-12-05] (AO Kaspersky Lab)
S3 kltap; C:\Windows\System32\drivers\kltap.sys [48080 2018-02-12] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [238528 2019-01-30] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [100136 2019-01-30] (AO Kaspersky Lab)
S3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [289856 2019-01-30] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [110640 2019-01-30] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [193168 2019-01-30] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [176976 2018-12-05] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
R3 NovabenchDriver; C:\Program Files\Novawave\Novabench\NovabenchDriverWin10.sys [28216 2018-03-28] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5db32447b43ce666\nvlddmkm.sys [20461984 2019-01-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-02] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2018-10-04] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [6831056 2017-06-20] (Realtek Semiconductor Corporation )
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [43008 2018-12-19] ()
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46680 2018-12-27] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [330936 2018-12-27] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-27] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Program Files (x86)\NZXT\CAM\OpenHardwareMonitorLib.sys [14544 2019-01-31] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-31 13:20 - 2019-01-31 13:20 - 000022860 _____ C:\Users\GGPC\Desktop\FRST.txt
2019-01-31 13:20 - 2019-01-31 13:20 - 000000000 ____D C:\Users\GGPC\Desktop\FRST-OlderVersion
2019-01-31 13:16 - 2019-01-31 13:16 - 000000000 ___HD C:\OneDriveTemp
2019-01-31 10:17 - 2019-01-31 10:17 - 000003392 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2019-01-31 10:16 - 2019-01-31 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2019-01-31 00:55 - 2019-01-31 00:55 - 000907040 _____ (O&O Software GmbH) C:\Users\GGPC\Downloads\Shutup.exe
2019-01-31 00:04 - 2019-01-31 00:04 - 000000000 ____D C:\ProgramData\GlarySoft
2019-01-30 23:56 - 2019-01-31 13:20 - 000000000 ____D C:\FRST
2019-01-30 23:55 - 2019-01-31 13:20 - 002428928 _____ (Farbar) C:\Users\GGPC\Desktop\FRST64.exe
2019-01-30 23:47 - 2019-01-30 23:49 - 000332226 _____ C:\Windows\ntbtlog.txt
2019-01-30 23:14 - 2019-01-30 23:15 - 000000000 ____D C:\ProgramData\Novabench
2019-01-30 23:14 - 2019-01-30 23:14 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novabench.lnk
2019-01-30 23:14 - 2019-01-30 23:14 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Novabench
2019-01-30 23:14 - 2019-01-30 23:14 - 000000000 ____D C:\Users\GGPC\AppData\Local\Novabench
2019-01-30 23:14 - 2019-01-30 23:14 - 000000000 ____D C:\Program Files\Novawave
2019-01-30 23:13 - 2019-01-30 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-01-30 23:13 - 2019-01-30 23:13 - 000000000 ____D C:\Program Files\7-Zip
2019-01-30 23:10 - 2019-01-31 01:02 - 000162708 _____ C:\Windows\system32\oodbs.lor
2019-01-30 23:07 - 2019-01-30 23:07 - 097783808 _____ C:\Users\GGPC\Downloads\Novabench.msi
2019-01-30 23:05 - 2019-01-30 23:09 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex
2019-01-30 23:05 - 2019-01-30 23:05 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Opera Software
2019-01-30 23:03 - 2019-01-30 23:03 - 001443680 _____ (Igor Pavlov) C:\Users\GGPC\Downloads\7-Zip.exe
2019-01-30 22:27 - 2019-01-30 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
2019-01-30 22:27 - 2019-01-30 22:27 - 000000000 ____D C:\Program Files\OO Software
2019-01-30 22:17 - 2019-01-30 22:17 - 000289856 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2019-01-30 22:13 - 2019-01-30 22:13 - 000238528 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2019-01-30 22:13 - 2019-01-30 22:13 - 000193168 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2019-01-30 22:13 - 2019-01-30 22:13 - 000110640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2019-01-30 22:13 - 2019-01-30 22:13 - 000100136 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys
2019-01-30 22:13 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2019-01-30 22:12 - 2019-01-30 22:12 - 001214752 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2019-01-30 22:12 - 2019-01-30 22:12 - 001113696 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2019-01-30 22:12 - 2019-01-30 22:12 - 000219744 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2019-01-30 22:12 - 2019-01-30 22:12 - 000152960 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll
2019-01-30 22:10 - 2019-01-30 22:10 - 002536320 _____ (Kaspersky Lab) C:\Users\GGPC\Downloads\KAF.exe
2019-01-30 18:16 - 2019-01-30 18:16 - 015341312 _____ (Intel) C:\Users\GGPC\Downloads\Intel Driver and Support Assistant Installer.exe
2019-01-30 10:33 - 2019-01-30 10:33 - 000000000 ____D C:\ProgramData\Mozilla
2019-01-29 22:22 - 2019-01-30 12:01 - 000000000 ____D C:\Users\GGPC\AppData\Local\Spotify
2019-01-29 22:22 - 2019-01-30 11:30 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Spotify
2019-01-29 22:22 - 2019-01-29 22:22 - 000001867 _____ C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2019-01-29 22:21 - 2019-01-29 22:21 - 000742728 _____ (Spotify Ltd) C:\Users\GGPC\Downloads\Spotify.exe
2019-01-28 10:23 - 2019-01-28 10:23 - 001817208 _____ (CPUID, Inc. ) C:\Users\GGPC\Downloads\CPU-Z.exe
2019-01-28 10:23 - 2019-01-28 10:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2019-01-28 10:23 - 2019-01-28 10:23 - 000000000 ____D C:\Program Files\CPUID
2019-01-26 17:47 - 2019-01-26 17:53 - 000000000 ____D C:\Users\GGPC\Documents\Rise of the Tomb Raider
2019-01-26 13:38 - 2019-01-30 19:51 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2019-01-26 13:38 - 2019-01-30 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2019-01-26 11:48 - 2019-01-26 11:48 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Google
2019-01-26 11:42 - 2019-01-30 23:05 - 000000000 ____D C:\Users\GGPC\AppData\Local\Google
2019-01-24 12:52 - 2019-01-24 12:52 - 000000000 ____D C:\Users\GGPC\AppData\Local\EVGA_Co.,_Ltd
2019-01-24 12:51 - 2019-01-24 12:56 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA
2019-01-24 12:51 - 2019-01-24 12:56 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\EVGA
2019-01-24 12:51 - 2019-01-24 12:51 - 000000000 ____D C:\Program Files\EVGA
2019-01-24 10:17 - 2019-01-29 16:52 - 017558880 _____ (Glarysoft Ltd) C:\Users\GGPC\Downloads\Glary Utilities.exe
2019-01-20 23:43 - 2019-01-20 23:53 - 000000000 ____D C:\AdwCleaner
2019-01-20 23:42 - 2019-01-20 23:42 - 007320272 _____ (Malwarebytes) C:\Users\GGPC\Downloads\Adwcleaner.exe
2019-01-20 23:32 - 2019-01-20 23:33 - 000332221 _____ C:\Windows\system32\log.csv
2019-01-20 23:28 - 2019-01-20 23:28 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled
2019-01-18 17:53 - 2019-01-18 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2019-01-18 17:53 - 2019-01-18 17:53 - 000000000 ____D C:\Program Files (x86)\Geeks3D
2019-01-18 13:36 - 2019-01-31 13:16 - 000308736 _____ C:\Windows\SysWOW64\NVAPIHelper.dll
2019-01-18 13:36 - 2019-01-31 13:16 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\CAM
2019-01-18 13:36 - 2019-01-26 19:41 - 000003346 _____ C:\Windows\System32\Tasks\CAM.Desktop
2019-01-18 13:36 - 2019-01-18 13:36 - 000001184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAM.lnk
2019-01-18 13:36 - 2019-01-18 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAM
2019-01-18 13:36 - 2019-01-18 13:36 - 000000000 ____D C:\Program Files (x86)\NZXT
2019-01-18 13:35 - 2019-01-18 13:35 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\NZXT
2019-01-18 10:38 - 2019-01-18 10:44 - 000000000 ____D C:\Users\GGPC\Superposition
2019-01-18 10:38 - 2019-01-18 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
2019-01-18 10:37 - 2019-01-18 10:37 - 000000000 ____D C:\Program Files\Unigine
2019-01-17 08:57 - 2019-01-17 08:57 - 000002678 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2019-01-16 09:44 - 2019-01-10 07:08 - 000309560 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-01-16 09:44 - 2019-01-10 06:57 - 004527584 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-01-16 09:44 - 2019-01-10 06:57 - 000720536 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-01-16 09:44 - 2019-01-10 06:42 - 004716032 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2019-01-16 09:44 - 2019-01-10 06:41 - 012730368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-01-16 09:44 - 2019-01-10 06:41 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2019-01-16 09:44 - 2019-01-10 06:40 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2019-01-16 09:44 - 2019-01-10 06:36 - 003649024 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-01-16 09:44 - 2019-01-10 06:36 - 001054720 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2019-01-16 09:44 - 2019-01-10 06:35 - 002919936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2019-01-16 09:44 - 2019-01-10 06:35 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-01-16 09:44 - 2019-01-10 03:50 - 001008640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MixedRealityCapture.dll
2019-01-16 09:44 - 2019-01-09 23:14 - 000607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-01-16 09:44 - 2019-01-09 22:55 - 011919872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-01-16 09:44 - 2019-01-09 22:55 - 000150016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2019-01-16 09:44 - 2019-01-09 22:51 - 002891776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-01-16 09:44 - 2019-01-09 21:55 - 001285432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2019-01-16 09:44 - 2019-01-09 21:50 - 000134968 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-01-16 09:44 - 2019-01-09 21:48 - 000527368 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-01-16 09:44 - 2019-01-09 21:46 - 001457240 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-01-16 09:44 - 2019-01-09 21:46 - 001257880 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-01-16 09:44 - 2019-01-09 21:44 - 009084216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-01-16 09:44 - 2019-01-09 21:24 - 025855488 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-01-16 09:44 - 2019-01-09 21:11 - 007573504 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-01-16 09:44 - 2019-01-09 21:06 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-01-16 09:44 - 2019-01-09 20:03 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-01-16 09:44 - 2019-01-09 18:59 - 000611848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2019-01-16 09:44 - 2019-01-09 18:44 - 000078688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wldp.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 006567768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 006043496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 004789944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 002253480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 001981280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 001620264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 001130568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000607376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000581592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000287640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000129088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000127744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000071456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2019-01-16 09:44 - 2019-01-09 18:42 - 001035232 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-01-16 09:44 - 2019-01-09 18:42 - 000092704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2019-01-16 09:44 - 2019-01-09 18:41 - 001140680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-01-16 09:44 - 2019-01-09 18:41 - 000983120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-01-16 09:44 - 2019-01-09 18:41 - 000076296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-01-16 09:44 - 2019-01-09 18:40 - 002765336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-01-16 09:44 - 2019-01-09 18:40 - 001221432 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-01-16 09:44 - 2019-01-09 18:40 - 001063224 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2019-01-16 09:44 - 2019-01-09 18:40 - 001029944 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-01-16 09:44 - 2019-01-09 18:40 - 000566568 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-01-16 09:44 - 2019-01-09 18:40 - 000432952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-01-16 09:44 - 2019-01-09 18:40 - 000226104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-01-16 09:44 - 2019-01-09 18:40 - 000090872 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 007519888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 007436016 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 004404720 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 002571632 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 001943128 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 001098056 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000789696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000713264 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000349656 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000269624 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000260800 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000175416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spacedump.sys
2019-01-16 09:44 - 2019-01-09 18:39 - 000164192 _____ (Microsoft Corporation) C:\Windows\system32\rmclient.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000144072 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-01-16 09:44 - 2019-01-09 18:39 - 000085472 _____ (Microsoft Corporation) C:\Windows\system32\svchost.exe
2019-01-16 09:44 - 2019-01-09 18:34 - 022016512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-01-16 09:44 - 2019-01-09 18:33 - 016597504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-01-16 09:44 - 2019-01-09 18:32 - 013878272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-01-16 09:44 - 2019-01-09 18:29 - 008188928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2019-01-16 09:44 - 2019-01-09 18:29 - 002500096 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe
2019-01-16 09:44 - 2019-01-09 18:27 - 004710912 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2019-01-16 09:44 - 2019-01-09 18:27 - 004384256 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-01-16 09:44 - 2019-01-09 18:27 - 001587712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2019-01-16 09:44 - 2019-01-09 18:26 - 006661632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2019-01-16 09:44 - 2019-01-09 18:26 - 003396608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-01-16 09:44 - 2019-01-09 18:26 - 002966016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2019-01-16 09:44 - 2019-01-09 18:25 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\spacebridge.dll
2019-01-16 09:44 - 2019-01-09 18:24 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2019-01-16 09:44 - 2019-01-09 18:24 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_CapabilityAccess.dll
2019-01-16 09:44 - 2019-01-09 18:24 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spacebridge.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 005775872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 005307392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 002368000 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 001189888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\srpapi.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManagerClient.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 000067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CapabilityAccessManagerClient.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 001551360 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 001395200 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000808448 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000624640 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicSvc.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManager.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000138752 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srpapi.dll
2019-01-16 09:44 - 2019-01-09 18:21 - 002173440 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-01-16 09:44 - 2019-01-09 18:21 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-01-16 09:44 - 2019-01-09 18:21 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\smartscreenps.dll
2019-01-16 09:44 - 2019-01-09 18:21 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 004940288 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 004516352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 001000448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 000916480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 000135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smartscreenps.dll
2019-01-16 09:44 - 2019-01-09 18:19 - 000883712 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2019-01-16 09:44 - 2019-01-09 18:19 - 000678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-01-16 09:44 - 2019-01-09 18:19 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2019-01-16 09:44 - 2019-01-09 18:19 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2019-01-16 09:44 - 2019-01-09 18:19 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2019-01-16 09:44 - 2019-01-09 18:18 - 000195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2019-01-16 09:44 - 2019-01-09 17:34 - 000806320 _____ C:\Windows\SysWOW64\locale.nls
2019-01-16 09:44 - 2019-01-09 17:34 - 000806320 _____ C:\Windows\system32\locale.nls
2019-01-16 09:44 - 2019-01-09 17:34 - 000001310 _____ C:\Windows\system32\tcbres.wim
2019-01-15 23:18 - 2019-01-15 23:18 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-01-15 23:18 - 2019-01-11 22:22 - 005363000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 002623880 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 001767464 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 000650608 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 000451056 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 000125320 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 000083336 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-01-15 23:18 - 2019-01-10 02:45 - 008472342 _____ C:\Windows\system32\nvcoproc.bin
2019-01-15 23:18 - 2018-11-21 18:13 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-01-15 23:16 - 2019-01-12 17:05 - 000978336 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000978336 _____ C:\Windows\system32\vulkan-1.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000845216 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000845216 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000552536 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000456848 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000268192 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-01-15 23:16 - 2019-01-12 17:05 - 000268192 _____ C:\Windows\system32\vulkaninfo.exe
2019-01-15 23:16 - 2019-01-12 17:05 - 000243616 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-01-15 23:16 - 2019-01-12 17:05 - 000243616 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-01-15 23:16 - 2019-01-12 17:04 - 004946232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 004316304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 002018392 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6441771.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 002003600 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 001512352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 001467864 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6441771.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 001461152 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 001126544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 000750520 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 000631896 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 000609368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 000521688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-01-15 23:16 - 2019-01-12 17:03 - 040262912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-01-15 23:16 - 2019-01-12 17:03 - 035158736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-01-15 23:16 - 2019-01-12 13:03 - 015911384 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 013205768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 001471424 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 001462024 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 001167584 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 001151984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 001145536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 000914400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 000822392 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 000794448 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 000637664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-01-15 23:16 - 2019-01-12 13:01 - 019717352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-01-15 23:16 - 2019-01-12 13:01 - 016993240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-01-15 23:16 - 2019-01-12 13:01 - 005003032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-01-15 23:16 - 2019-01-12 13:01 - 004260704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-01-15 23:16 - 2019-01-12 00:06 - 001682896 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2019-01-15 23:16 - 2019-01-12 00:06 - 000227896 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2019-01-15 23:16 - 2019-01-12 00:06 - 000048472 _____ C:\Windows\system32\nvinfo.pb
2019-01-15 23:16 - 2019-01-12 00:06 - 000047384 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2019-01-15 23:16 - 2018-10-04 08:28 - 000066792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2019-01-12 18:47 - 2019-01-12 18:47 - 000000000 ____D C:\Users\Public\Documents\Creative
2019-01-12 18:43 - 2019-01-12 18:54 - 000000000 ____D C:\Program Files (x86)\GIGABYTE
2019-01-12 18:43 - 2019-01-12 18:46 - 000000000 ____D C:\Users\GGPC\AppData\Local\Downloaded Installations
2019-01-12 18:43 - 2019-01-12 18:43 - 000032720 ____N (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\gdrv2.sys
2019-01-12 18:43 - 2019-01-12 18:43 - 000000000 ____D C:\Intel
2019-01-12 18:43 - 2015-06-02 10:50 - 000005120 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\acpimof_ocpanel.dll
2019-01-12 18:24 - 2019-01-01 22:47 - 000033504 _____ C:\Windows\system32\Drivers\AsIO2.sys
2019-01-12 18:24 - 2018-12-27 23:39 - 000100800 _____ C:\Windows\system32\AsIO2.dll
2019-01-12 18:24 - 2018-12-27 23:38 - 000084928 _____ C:\Windows\SysWOW64\AsIO2.dll
2019-01-12 18:24 - 2018-04-23 15:12 - 000019392 _____ C:\Windows\system32\Drivers\GLCKIO2.sys
2019-01-11 11:48 - 2019-01-11 11:48 - 000000000 ____D C:\Users\GGPC\Documents\KoeiTecmo
2019-01-09 19:55 - 2019-01-09 19:55 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2019-01-09 17:21 - 2019-01-02 02:47 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\windowslivelogin.dll
2019-01-09 17:21 - 2019-01-02 02:45 - 000714752 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2019-01-09 17:21 - 2019-01-02 02:45 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\wlidcredprov.dll
2019-01-09 17:21 - 2019-01-02 02:20 - 000165888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windowslivelogin.dll
2019-01-09 17:21 - 2019-01-02 02:18 - 000500736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2019-01-09 17:21 - 2019-01-02 02:17 - 000231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcredprov.dll
2019-01-09 17:21 - 2019-01-01 20:13 - 003292152 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2019-01-09 17:21 - 2019-01-01 20:13 - 001363536 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2019-01-09 17:21 - 2019-01-01 20:13 - 000709728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-01-09 17:21 - 2019-01-01 20:13 - 000436024 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-01-09 17:21 - 2019-01-01 20:13 - 000170808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-01-09 17:21 - 2019-01-01 20:12 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-01-09 17:21 - 2019-01-01 20:12 - 002421288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-01-09 17:21 - 2019-01-01 20:12 - 000128824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2019-01-09 17:21 - 2019-01-01 20:12 - 000043536 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2019-01-09 17:21 - 2019-01-01 19:50 - 022715392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-01-09 17:21 - 2019-01-01 19:48 - 000342528 _____ (Microsoft Corporation) C:\Windows\system32\browserexport.exe
2019-01-09 17:21 - 2019-01-01 19:48 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-01-09 17:21 - 2019-01-01 19:48 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\Print.Workflow.Source.dll
2019-01-09 17:21 - 2019-01-01 19:47 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2019-01-09 17:21 - 2019-01-01 19:46 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountTokenProvider.dll
2019-01-09 17:21 - 2019-01-01 19:46 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2019-01-09 17:21 - 2019-01-01 19:45 - 000352768 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-01-09 17:21 - 2019-01-01 19:44 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-01-09 17:21 - 2019-01-01 19:44 - 000662528 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2019-01-09 17:21 - 2019-01-01 19:44 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-09 17:21 - 2019-01-01 19:43 - 001805312 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-01-09 17:21 - 2019-01-01 19:42 - 002247680 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2019-01-09 17:21 - 2019-01-01 19:42 - 001371136 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2019-01-09 17:21 - 2019-01-01 19:42 - 000717312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2019-01-09 17:21 - 2019-01-01 19:41 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-01-09 17:21 - 2019-01-01 19:41 - 000899072 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-01-09 17:21 - 2019-01-01 19:41 - 000895488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-09 17:21 - 2019-01-01 19:37 - 002478664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2019-01-09 17:21 - 2019-01-01 19:37 - 001989040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-01-09 17:21 - 2019-01-01 19:37 - 000880048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2019-01-09 17:21 - 2019-01-01 19:37 - 000381240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-01-09 17:21 - 2019-01-01 19:22 - 019405312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-01-09 17:21 - 2019-01-01 19:17 - 000153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-09 17:21 - 2019-01-01 19:16 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2019-01-09 17:21 - 2019-01-01 19:15 - 000317440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2019-01-09 17:21 - 2019-01-01 19:14 - 000330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-09 17:21 - 2019-01-01 19:13 - 001628160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-01-09 17:21 - 2019-01-01 19:13 - 000594432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2019-01-09 17:21 - 2019-01-01 19:12 - 001036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2019-01-09 17:21 - 2019-01-01 19:12 - 000795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-09 17:21 - 2019-01-01 19:12 - 000778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-01-09 17:21 - 2019-01-01 19:12 - 000516608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll
2019-01-09 17:21 - 2018-12-19 17:49 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-01-09 17:19 - 2018-09-20 17:12 - 001483576 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2019-01-04 23:50 - 2019-01-04 23:50 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\MAXON
2019-01-04 11:54 - 2018-12-24 14:57 - 000035792 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
2019-01-01 23:40 - 2019-01-01 23:40 - 000000000 ____D C:\Users\GGPC\AppData\Local\Intel Telemetry
2019-01-01 23:40 - 2019-01-01 23:40 - 000000000 ____D C:\ProgramData\Intel Telemetry
2019-01-01 23:38 - 2019-01-01 23:38 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2019-01-01 23:38 - 2019-01-01 23:38 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-31 13:19 - 2018-07-23 14:08 - 000840440 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-31 13:19 - 2018-04-12 12:36 - 000000000 ____D C:\Windows\INF
2019-01-31 13:17 - 2018-07-24 06:12 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-31 13:16 - 2018-12-27 19:12 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-01-31 13:16 - 2018-11-29 10:29 - 000000000 ____D C:\Program Files (x86)\Steam
2019-01-31 13:16 - 2018-11-29 09:40 - 000000000 ____D C:\Users\GGPC\AppData\LocalLow\Mozilla
2019-01-31 13:16 - 2018-07-24 06:19 - 000000000 ___RD C:\Users\GGPC\OneDrive
2019-01-31 13:15 - 2018-11-29 10:19 - 000000000 ____D C:\Windows\Prey
2019-01-31 13:15 - 2018-11-29 10:09 - 000000000 ____D C:\Program Files\Common Files\AV
2019-01-31 13:15 - 2018-11-29 10:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-01-31 13:15 - 2018-07-23 14:02 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-31 13:15 - 2018-04-12 10:04 - 001048576 _____ C:\Windows\system32\config\BBI
2019-01-31 12:31 - 2018-07-23 14:02 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-01-31 11:28 - 2018-04-12 10:04 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-01-31 10:36 - 2018-12-27 19:10 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-01-31 09:43 - 2018-04-12 12:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-31 01:06 - 2018-11-29 10:45 - 000000000 ____D C:\Users\GGPC\AppData\Local\D3DSCache
2019-01-31 01:05 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\LiveKernelReports
2019-01-31 00:59 - 2018-11-29 10:01 - 000007660 _____ C:\OOSU10.ini
2019-01-31 00:55 - 2018-12-19 23:18 - 000907040 _____ (O&O Software GmbH) C:\Shutup.exe
2019-01-31 00:01 - 2018-11-29 10:17 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2019-01-30 23:48 - 2018-12-30 15:00 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2019-01-30 23:42 - 2018-12-20 09:29 - 000000000 ___HD C:\Users\GGPC\MicrosoftEdgeBackups
2019-01-30 23:05 - 2018-11-29 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamster Soft
2019-01-30 23:05 - 2018-11-29 11:03 - 000000000 ____D C:\Program Files (x86)\Hamster Soft
2019-01-30 23:01 - 2018-11-29 10:15 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\discord
2019-01-30 22:47 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\AppReadiness
2019-01-30 22:12 - 2018-12-27 19:12 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-01-30 22:12 - 2018-04-12 12:38 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-01-30 21:41 - 2018-11-29 12:38 - 000000000 ____D C:\Users\rache
2019-01-30 19:46 - 2018-04-12 12:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-30 19:46 - 2017-08-14 12:02 - 000000000 ____D C:\Users\GGPC\Documents\Budgeting and Goals
2019-01-30 19:46 - 2017-08-14 12:02 - 000000000 ____D C:\Users\GGPC\Documents\Board and Rent Payments
2019-01-30 19:42 - 2018-11-29 09:25 - 000003356 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-688862063-2713704754-1743232380-1002
2019-01-30 19:42 - 2018-07-24 06:17 - 000002396 _____ C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-30 19:40 - 2018-11-29 09:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-01-30 19:40 - 2018-11-29 09:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-30 18:17 - 2018-07-24 06:00 - 000000000 ____D C:\ProgramData\Package Cache
2019-01-30 18:15 - 2016-07-21 17:07 - 000000000 ____D C:\Users\GGPC\Documents\For External
2019-01-30 11:19 - 2018-12-03 10:42 - 000000000 ____D C:\Users\GGPC\AppData\Local\Battle.net
2019-01-30 10:33 - 2018-11-29 09:40 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-01-29 16:53 - 2018-11-29 10:17 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2019-01-28 14:27 - 2018-12-01 15:11 - 000000000 ____D C:\ProgramData\ProductData
2019-01-28 13:26 - 2016-05-02 23:25 - 000000000 ____D C:\Users\GGPC\Documents\Power Bill
2019-01-28 11:38 - 2017-08-14 12:02 - 000000000 ____D C:\Users\GGPC\Documents\Network Access
2019-01-26 23:46 - 2018-07-24 06:17 - 000000000 ____D C:\Users\GGPC
2019-01-26 22:39 - 2018-07-24 06:12 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-01-26 22:32 - 2018-12-14 09:39 - 000000000 ____D C:\Users\GGPC\AppData\Local\ElevatedDiagnostics
2019-01-26 12:57 - 2018-07-24 06:11 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-01-26 12:56 - 2018-07-24 06:18 - 000000000 ____D C:\Users\GGPC\AppData\Local\Packages
2019-01-26 12:56 - 2018-07-24 06:13 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000004106 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003976 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:10 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-01-26 12:12 - 2018-07-24 06:28 - 000000000 ____D C:\Program Files (x86)\Google
2019-01-24 12:57 - 2018-12-28 09:26 - 000000000 ____D C:\Program Files (x86)\EVGA
2019-01-24 12:54 - 2018-11-29 16:58 - 000000000 ____D C:\Users\GGPC\AppData\Local\CrashDumps
2019-01-24 11:54 - 2018-07-23 14:04 - 000000000 ____D C:\ProgramData\Packages
2019-01-23 14:52 - 2018-11-29 10:09 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-01-23 11:46 - 2018-11-29 10:04 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-01-23 11:24 - 2018-07-24 06:19 - 000000000 ____D C:\Users\GGPC\AppData\Local\MicrosoftEdge
2019-01-22 16:32 - 2018-12-28 15:04 - 000000000 ____D C:\Users\GGPC\Downloads\Dekstop drivers
2019-01-22 16:06 - 2016-05-02 23:25 - 000000000 ____D C:\Users\GGPC\Documents\Phone Bill
2019-01-20 23:53 - 2018-12-01 15:09 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\IObit
2019-01-20 23:53 - 2018-12-01 15:09 - 000000000 ____D C:\ProgramData\IObit
2019-01-20 23:26 - 2018-12-01 15:11 - 000001424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2019-01-20 23:26 - 2018-12-01 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2019-01-19 16:59 - 2018-07-24 06:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-01-18 18:04 - 2018-07-24 06:18 - 000000000 ____D C:\Users\GGPC\AppData\Local\VirtualStore
2019-01-18 13:56 - 2018-11-29 09:27 - 000000000 ____D C:\Program Files\rempl
2019-01-18 13:36 - 2018-07-24 06:00 - 000000000 ____D C:\Program Files (x86)\Intel
2019-01-17 18:16 - 2018-11-29 09:40 - 000000000 ____D C:\Users\GGPC\AppData\Local\NVIDIA
2019-01-17 16:14 - 2018-11-29 10:29 - 000000000 ____D C:\Program Files\Microsoft Office
2019-01-17 10:29 - 2018-11-29 18:20 - 000003834 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-01-17 08:57 - 2018-11-29 15:21 - 000003762 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-01-17 08:57 - 2018-11-29 15:21 - 000003528 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-01-17 00:13 - 2018-07-24 06:13 - 002938576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2019-01-17 00:13 - 2018-07-24 06:13 - 002326736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2019-01-17 00:13 - 2018-07-24 06:13 - 001323216 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2019-01-16 21:32 - 2018-11-29 10:15 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-01-16 21:32 - 2018-11-29 10:15 - 000000000 ____D C:\Users\GGPC\AppData\Local\Discord
2019-01-16 21:30 - 2018-12-20 14:15 - 000000000 ____D C:\Users\GGPC\AppData\Local\Warframe
2019-01-16 20:51 - 2018-07-23 14:02 - 000412208 _____ C:\Windows\system32\FNTCACHE.DAT
2019-01-16 14:48 - 2018-12-25 11:05 - 000000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ___SD C:\Windows\SysWOW64\F12
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ___SD C:\Windows\system32\F12
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\TextInput
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\ShellExperiences
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\bcastdvr
2019-01-16 09:46 - 2018-04-12 12:30 - 000000000 ____D C:\Windows\CbsTemp
2019-01-16 00:13 - 2018-07-24 06:13 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2019-01-15 23:18 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\Help
2019-01-13 15:05 - 2018-04-12 12:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-01-12 18:54 - 2018-07-24 06:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-11 11:44 - 2018-11-29 11:10 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-01-09 23:37 - 2018-11-29 10:17 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\GlarySoft
2019-01-09 19:56 - 2018-11-29 13:50 - 000004566 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-09 19:56 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-01-09 19:56 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\system32\Macromed
2019-01-09 19:55 - 2018-11-29 10:04 - 000000000 ____D C:\Program Files\Wireshark
2019-01-09 17:24 - 2018-11-29 09:29 - 000000000 ____D C:\Windows\system32\MRT
2019-01-09 17:23 - 2018-11-29 09:29 - 132790320 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-08 22:37 - 2018-12-06 14:09 - 000000000 ____D C:\Users\GGPC\Heaven
2019-01-08 22:04 - 2018-12-06 14:08 - 001065984 _____ C:\Users\GGPC\AppData\Local\file__0.localstorage
2019-01-04 13:53 - 2018-11-29 10:34 - 000000000 ____D C:\ProgramData\HP
2019-01-04 12:27 - 2018-11-29 11:09 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-04 11:54 - 2018-04-12 10:04 - 100139008 _____ C:\Windows\system32\config\SOFTWARE.gu.bak
2019-01-04 11:54 - 2018-04-12 10:04 - 021233664 _____ C:\Windows\system32\config\SYSTEM.gu.bak
2019-01-04 11:54 - 2018-04-12 10:04 - 001048576 _____ C:\Windows\system32\config\DEFAULT.gu.bak
2019-01-04 11:54 - 2018-04-12 10:04 - 000131072 _____ C:\Windows\system32\config\SAM.gu.bak
2019-01-04 11:54 - 2018-04-12 10:04 - 000065536 _____ C:\Windows\system32\config\SECURITY.gu.bak
2019-01-03 17:49 - 2018-12-03 00:53 - 000000000 ____D C:\Users\GGPC\AppData\Local\Ubisoft Game Launcher
2019-01-03 08:41 - 2018-04-12 12:41 - 000835480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-01-03 08:41 - 2018-04-12 12:41 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-01 23:44 - 2018-12-18 10:02 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-01-01 23:39 - 2018-07-24 06:00 - 000000000 ____D C:\ProgramData\Intel
2019-01-01 13:15 - 2018-12-01 01:07 - 000007601 _____ C:\Users\GGPC\AppData\Local\resmon.resmoncfg

==================== Files in the root of some directories =======

2018-12-06 14:08 - 2019-01-08 22:04 - 001065984 _____ () C:\Users\GGPC\AppData\Local\file__0.localstorage
2018-12-01 01:07 - 2019-01-01 13:15 - 000007601 _____ () C:\Users\GGPC\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-23 14:02

==================== End of FRST.txt ============================

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019
Ran by Tony (31-01-2019 13:21:00)
Running from C:\Users\GGPC\Desktop
Windows 10 Home Version 1803 17134.556 (X64) (2018-07-23 17:16:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-688862063-2713704754-1743232380-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-688862063-2713704754-1743232380-503 - Limited - Disabled)
Guest (S-1-5-21-688862063-2713704754-1743232380-501 - Limited - Disabled)
rache (S-1-5-21-688862063-2713704754-1743232380-1005 - Limited - Enabled) => C:\Users\rache.RIGGS
Tony (S-1-5-21-688862063-2713704754-1743232380-1002 - Administrator - Enabled) => C:\Users\GGPC
WDAGUtilityAccount (S-1-5-21-688862063-2713704754-1743232380-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{E267C808-4C22-457E-B74B-50EAB4AD9030}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{9486AD8F-39F4-470B-92FD-BC423ABAEC43}) (Version: 19.1.4.5 - Intel) Hidden
7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Authy Desktop (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\authy-electron) (Version: 1.7.0 - Twilio Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Call of Duty Black Ops 4 (HKLM-x32\...\Call of Duty Black Ops 4) (Version:  - Blizzard Entertainment)
CAM (HKLM-x32\...\{8F17EBED-54B3-472E-B7CF-C53B6AF38FBD}) (Version: 3.7.4 - NZXT)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
Corsair AURA DRAM Component (HKLM-x32\...\{da7ebf10-b0be-494e-a79d-568546795a51}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.)
CrystalDiskInfo 8.0.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.0.0 - Crystal Dew World)
Discord (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Discord) (Version: 0.0.304 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 417.71 - NVIDIA Corporation) Hidden
Geeks3D FurMark 1.20.2.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Glary Utilities 5.113 (HKLM-x32\...\Glary Utilities 5) (Version: 5.113.0.138 - Glarysoft Ltd)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 4520 series Basic Device Software (HKLM\...\{B46D9E8C-10FE-4873-996B-CA9EA3D7D9FE}) (Version: 40.11.1122.1796 - HP Inc.)
HP ENVY 4520 series Help (HKLM-x32\...\{201E58BD-2A1D-4C4D-BD6F-ADA7669FE3AE}) (Version: 36.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HWiNFO64 Version 6.00 (HKLM\...\HWiNFO64_is1) (Version: 6.00 - Martin Malík - REALiX)
Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1805.12.0.1097 - Intel Corporation)
Intel® Network Connections 23.0.12.0 (HKLM\...\PROSetDX) (Version: 23.0.12.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.0.1000 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Driver & Support Assistant (HKLM-x32\...\{b0134461-205a-4d62-bbdc-1fcabdd02645}) (Version: 19.1.4.5 - Intel)
IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.3.0.11 - IObit)
Kaspersky Free (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{d6cac989-7570-43fd-b147-e31d6280a3a6}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11126.20266 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mozilla Firefox 65.0 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0 (x64 en-US)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
Novabench (HKLM\...\{56C3C944-B587-49D0-87A1-412482140B33}) (Version: 4.0.6 - Novawave Inc.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.17.0.113 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.113 - NVIDIA Corporation)
NVIDIA Graphics Driver 417.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{7C4D55AF-37B4-4D85-9106-CF473CEC9BE6}) (Version: 22.1.2521 - O&O Software GmbH)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Prey Anti-Theft (HKLM-x32\...\{AC67FFDC-B1E6-45C4-B01F-32EC70DBF624}) (Version: 1.8.1 - Prey, Inc.) Hidden
Product Improvement Study for HP ENVY 4520 series (HKLM\...\{1DDC5451-BE8B-4092-AB04-E92127242886}) (Version: 40.11.1122.1796 - HP Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8295 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Spotify) (Version: 1.0.98.78.gb45d2a6b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.9025 - TeamViewer)
TP-Link TL-WN881ND Driver (HKLM-x32\...\{5656127B-0110-4450-9CBD-643E760F152D}) (Version: 1.0.0 - TP-Link)
Unigine Superposition Benchmark 1.0 (HKLM\...\Superposition_is1) (Version: 1.0 - Unigine Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 67.0 - Ubisoft)
Wargaming.net Game Center (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Wargaming.net Game Center) (Version: 18.9.1.3085 - Wargaming.net)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.6.6 64-bit (HKLM-x32\...\Wireshark) (Version: 2.6.6 - The Wireshark developer community, hxxps://www.wireshark.org)
World of Tanks ASIA (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\WOT.SG.PRODUCTION) (Version:  - Wargaming.net)
World_of_Warships_Asia (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\WOWS.ASIA.PRODUCTION) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-01-23] (Glarysoft Ltd)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers1: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2018-11-30] (O&O Software GmbH)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-01-23] (Glarysoft Ltd)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers2: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2018-11-30] (O&O Software GmbH)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-01-11] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-01-23] (Glarysoft Ltd)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2018-11-30] (O&O Software GmbH)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {050278F1-F19F-4923-B547-795AE339F714} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-17] (Microsoft Corporation)
Task: {1DE5D9D8-E11C-4937-91C5-83E4BB8A05C1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-01-10] (Piriform Ltd)
Task: {1E2A4B9D-31C0-4D5F-A7BE-D4F8D3268CF4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2019-01-17] (NVIDIA Corporation)
Task: {1E3B7427-B91C-42A4-9E8F-7A5775A0A44A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
Task: {2A04232A-0C9F-446E-830C-1FAA24EC39B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {30C5B791-F93A-40E0-BF25-E6F5B7F62A9E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2019-01-17] (NVIDIA Corporation)
Task: {3BA546E1-3801-4FBB-AE99-590D94C34E95} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2019-01-17] (NVIDIA Corporation)
Task: {3BD9EF77-DDAA-4869-B69B-4C2EACF67B7B} - System32\Tasks\CAM.Desktop => C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe [2018-11-07] ()
Task: {3F23C60B-289E-4E8A-BCD8-51E3F9B4E3F7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2019-01-17] (NVIDIA Corporation)
Task: {441B0B90-CC06-4D58-97A7-6272E5E245D0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {49A3547A-EA9D-4BD4-BF6E-36D524AD56A2} - System32\Tasks\Uninstaller_SkipUac_Tony => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2019-01-11] (IObit)
Task: {4CEE1DE6-148A-4B7A-B717-70264721C819} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe
Task: {4DE21D99-80AB-43A2-B6ED-B870D5F2A5C4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-09] (Adobe Systems Incorporated)
Task: {4E177E86-CF0F-4FF2-BA7C-1418E477F50B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-01-17] (NVIDIA Corporation)
Task: {5130ED86-ADEF-491F-87A0-56C085839005} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {53DD69FF-D38C-42F9-B2ED-E9D9E0C39380} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd)
Task: {5CD30A00-013A-49F6-A51F-3DEA0394979E} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {62F83496-16DB-4D5B-BD3C-98355D6B49A1} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6BF97351-4629-408A-A574-3CDA713C70A6} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
Task: {71637121-DEEA-4C68-ADCC-CB8132F79F80} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {8922BD96-9157-43E1-9564-5F9A12BC2FBB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-09] (Adobe Systems Incorporated)
Task: {8A8C00A8-972D-4074-9374-3856EC810E44} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {906FF8A9-1106-4E50-9EB3-CF71B27B89DB} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {9832A578-B78D-4F2F-AC42-EAB2333DE0BE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-17] (Microsoft Corporation)
Task: {AA32106D-D81A-4C40-BB13-93CCF19208C3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-01-17] (NVIDIA Corporation)
Task: {AEF435B9-2DE1-4BCF-93C6-1B77BCDE8E22} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-17] (Microsoft Corporation)
Task: {AF96B9EB-B4E7-48E5-9FDD-E41308BDA870} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {C961E3F3-63D0-479D-8005-60CBF10F81B9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2019-01-17] (Microsoft Corporation)
Task: {CB2B7FB5-2200-4AF0-989E-201899F73E83} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {D236F739-04B4-4C90-B875-159B70C1DD27} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2019-01-17] (NVIDIA Corporation)
Task: {D3CF7EEF-4D89-459C-8ACE-9D3C5A20CA67} - System32\Tasks\S-1-5-21-688862063-2713704754-1743232380-1002\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Corporation)
Task: {D61A42BD-D84B-4555-81F4-F7ACB1A0E956} - System32\Tasks\HPCustParticipation HP ENVY 4520 series => C:\Program Files\HP\HP ENVY 4520 series\Bin\HPCustPartic.exe [2017-04-06] (HP Inc.)
Task: {DD13E469-4407-4DCF-B45A-FA7490AC8550} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-17] (Microsoft Corporation)
Task: {E19E9D71-4410-4A8D-A6B7-8598BEA1A3B5} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {F1ECCC82-C657-44D2-B4B4-98744D12CCE0} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel® Management Engine Components\iCLS\IntelPTTEKRecertification.exe [2017-11-16] (Intel® Corporation)
Task: {F317D034-A7ED-431D-9ADF-CE6BF942DEEE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-19 19:01 - 2018-12-19 19:01 - 000195832 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
2018-07-24 06:13 - 2019-01-17 00:13 - 001315024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-01-22 16:10 - 2018-01-22 16:10 - 000453120 ____R () C:\Program Files\Intel\Wired Networking\NCS2\WMIPROV\Ncs2Provider.dll
2018-01-22 16:08 - 2018-01-22 16:08 - 000419328 ____R () C:\Program Files\Intel\Wired Networking\NCS2\Agent\AdapterAgnt.DLL
2018-04-12 12:34 - 2018-04-12 12:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 12:34 - 2018-04-12 12:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-11-29 10:05 - 2018-11-09 15:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-16 09:44 - 2019-01-09 21:10 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-29 10:29 - 2018-10-31 07:06 - 001057056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
2018-11-29 10:29 - 2018-09-23 13:00 - 102804768 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2018-11-29 10:29 - 2018-09-23 13:00 - 004866336 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2018-11-29 10:29 - 2018-09-23 13:00 - 000116000 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2018-11-07 18:38 - 2018-11-07 18:38 - 001955328 _____ () C:\Program Files (x86)\NZXT\CAM\Launcher\ffmpeg.dll
2018-11-07 18:38 - 2018-11-07 18:38 - 003687936 _____ () C:\Program Files (x86)\NZXT\CAM\Launcher\libglesv2.dll
2018-11-07 18:38 - 2018-11-07 18:38 - 000017920 _____ () C:\Program Files (x86)\NZXT\CAM\Launcher\libegl.dll
2018-11-07 18:38 - 2018-11-07 18:38 - 000332912 _____ () C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe
2018-12-19 19:01 - 2018-12-19 19:01 - 000937208 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
2018-12-19 19:01 - 2018-12-19 19:01 - 002329336 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000282360 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000578296 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000616696 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000267000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000323832 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000978680 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000243960 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_winstat_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000750840 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_upnp_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000411384 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000558840 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sgx_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000665336 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sampler_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000853240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000636152 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000303864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000778488 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000863480 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
2018-12-19 19:01 - 2018-12-19 19:01 - 000312568 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000555768 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_events_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000636152 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll
2018-11-29 12:05 - 2018-11-29 12:05 - 000899584 _____ () \\?\C:\Windows\Prey\versions\1.8.2\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node
2018-07-24 06:13 - 2019-01-17 00:13 - 001032912 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-11-29 10:29 - 2018-10-31 07:06 - 000879904 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-11-29 10:29 - 2019-01-05 12:33 - 002650400 _____ () C:\Program Files (x86)\Steam\video.dll
2018-11-29 10:29 - 2016-09-01 14:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-11-29 10:29 - 2017-12-20 14:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-11-29 10:29 - 2017-12-20 14:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-11-29 10:29 - 2017-12-20 14:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-11-29 10:29 - 2017-12-20 14:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-11-29 10:29 - 2017-12-20 14:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-11-29 10:29 - 2016-09-01 14:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-11-29 10:29 - 2016-09-01 14:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-11-29 10:29 - 2019-01-05 12:33 - 001028384 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-11-29 10:29 - 2016-07-05 11:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-04-25 12:13 - 2018-04-25 12:13 - 000252184 _____ () C:\Program Files (x86)\NZXT\CAM\libuv.DLL
2018-12-01 15:11 - 2018-05-02 17:42 - 000442128 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2018-12-01 15:11 - 2018-05-02 17:42 - 000210704 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2018-12-01 15:11 - 2018-05-02 17:42 - 000059664 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2018-01-31 19:52 - 2018-01-31 19:52 - 001604240 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-07-13 16:23 - 2017-07-13 16:23 - 000042744 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32api.pyd
2017-07-13 16:22 - 2017-07-13 16:22 - 000060664 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywintypes27.dll
2017-07-13 16:22 - 2017-07-13 16:22 - 000126712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pythoncom27.dll
2017-07-13 16:23 - 2017-07-13 16:23 - 000024312 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pyd
2017-07-13 16:23 - 2017-07-13 16:23 - 000047352 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pyd
2017-07-13 16:23 - 2017-07-13 16:23 - 000026872 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32service.pyd
2017-07-13 16:22 - 2017-07-13 16:22 - 000023800 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\servicemanager.pyd
2017-07-13 16:23 - 2017-07-13 16:23 - 000031992 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pyd
2017-07-13 16:23 - 2017-07-13 16:23 - 000506616 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pyd
2017-07-13 16:23 - 2017-07-13 16:23 - 000360184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pyd
2017-07-13 16:22 - 2017-07-13 16:22 - 000019192 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pyd
2017-07-13 16:23 - 2017-07-13 16:23 - 000021240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32pipe.pyd
2017-07-13 16:23 - 2017-07-13 16:23 - 000045816 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32file.pyd
2017-07-13 16:23 - 2017-07-13 16:23 - 000018680 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32event.pyd
2017-07-13 16:23 - 2017-07-13 16:23 - 000025336 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32process.pyd
2017-07-13 16:23 - 2017-07-13 16:23 - 000021240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32ts.pyd
2017-07-13 16:23 - 2017-07-13 16:23 - 000019704 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32profile.pyd
2017-07-13 16:23 - 2017-07-13 16:23 - 000043768 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32security.pyd
2017-07-13 16:23 - 2017-07-13 16:23 - 000025848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32inet.pyd
2017-07-13 16:22 - 2017-07-13 16:22 - 000191736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:84098FD3 [133]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 12:38 - 2018-12-26 18:44 - 000001052 _____ C:\Windows\system32\drivers\etc\hosts

0.0.0.0    incoming.telemetry.mozilla.org

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\GGPC\Pictures\Follower of the way things\6.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKLM\...\StartupApproved\Run32: => "OnScreen Control"
HKLM\...\StartupApproved\Run32: => "IseUI"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "HP ENVY 4520 series (NET)"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "Browser Manager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2B94ABA8-9DAC-4FCE-A779-EE57306C452B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{CA3AE165-2F9E-4986-8086-49C8F1FFC5BA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{9342342A-A339-4913-B609-64E055C75AED}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{FE593D69-3751-4BC5-BE72-B19F9F53C94D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [TCP Query User{13AF986A-6D70-49EC-8AFB-A7474243E044}D:\program files (x86)\call of duty black ops 4\blackops4.exe] => (Allow) D:\program files (x86)\call of duty black ops 4\blackops4.exe (Activision Publishing, Inc.)
FirewallRules: [UDP Query User{EA52114C-9B36-49F7-BA90-4FEA3593F322}D:\program files (x86)\call of duty black ops 4\blackops4.exe] => (Allow) D:\program files (x86)\call of duty black ops 4\blackops4.exe (Activision Publishing, Inc.)
FirewallRules: [TCP Query User{50EFA744-7CA1-4560-B3B5-96E003BCA909}D:\steam\steamapps\common\rise of the tomb raider\rottr.exe] => (Allow) D:\steam\steamapps\common\rise of the tomb raider\rottr.exe (Eidos Inc.)
FirewallRules: [UDP Query User{0026212E-61E5-4347-A542-7E64144980B8}D:\steam\steamapps\common\rise of the tomb raider\rottr.exe] => (Allow) D:\steam\steamapps\common\rise of the tomb raider\rottr.exe (Eidos Inc.)
FirewallRules: [TCP Query User{50AA50D6-95AA-4CF5-B198-0DE299A50EA8}D:\steam\steamapps\common\the crew 2\thecrew2.exe] => (Allow) D:\steam\steamapps\common\the crew 2\thecrew2.exe (UBISoft)
FirewallRules: [UDP Query User{01F558B5-DAF0-407D-97D7-9710F7E64F8E}D:\steam\steamapps\common\the crew 2\thecrew2.exe] => (Allow) D:\steam\steamapps\common\the crew 2\thecrew2.exe (UBISoft)
FirewallRules: [{FE1D770A-0A51-43E6-9AFF-FF33B2E9DD71}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [{444C56EC-FEC5-4F55-B4AC-52916B47970A}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [TCP Query User{8B28E81F-9E4E-40C1-BF03-4358AC0DFA70}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [UDP Query User{8C43F5E1-32F6-47DE-8E72-8578CCF90D7F}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [TCP Query User{0FF21A64-1182-4152-A306-72EABB6EE01E}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net)
FirewallRules: [UDP Query User{8C9BF5FF-7398-438E-8A02-584910A0FF9A}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net)
FirewallRules: [{73F4E2D5-58B9-4D0D-853B-8155C3356A0F}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{612A7A36-31A2-44BB-A1C9-413ACBB13ED6}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{4D96F7A3-4755-4C6E-AF46-E0EC8A0E1D86}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{17AAE4E7-C69C-480D-A0CB-BE6A4889623F}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{7B43B956-CA5B-4770-846E-88071A77198E}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes)
FirewallRules: [{530234E2-DE8F-4775-93CB-8959C9A2B891}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe ()
FirewallRules: [{97D56D38-F8E3-4B8C-9C6C-07C95FCE9EA3}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{E2EC7159-D90D-46A8-9095-29A1DB738383}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{157437F7-AE3F-43A7-8BD4-4D850A5C0C9C}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{FCE8FFFA-88CE-4BF4-AE2F-01BF47F678D7}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{C21B7C76-5175-488C-8177-AAE18B8B7169}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes)
FirewallRules: [{6C7AC74D-D7FF-4BD1-A705-FE3A2E83988A}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe ()
FirewallRules: [TCP Query User{843D723D-43F4-4FD3-925F-221D8CB2A9E9}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe (HP Inc.)
FirewallRules: [UDP Query User{79D47BD0-30B9-407B-818C-149B73320733}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe (HP Inc.)
FirewallRules: [{A21EB030-A934-49E7-A5E6-FCF29C15E041}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{27AF4214-3EDD-4B1C-9D3D-C9C46C11D6C2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{443C902A-D1A9-4576-BF33-9F47BD918784}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{8202DCCD-49CA-42F9-B909-F59E756EA2B2}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\game.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{53EF0401-9B05-4FC7-9B01-8A39DB059A9F}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\game.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{1BB581D6-4825-4F61-9D69-78FC8FDE9559}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\startup_setting.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{50793547-7ECF-4B26-A0B5-BB6955BA3769}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\startup_setting.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{58649AE4-B7F0-4447-A188-7B771D3200AC}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{27F0ABF9-7CCF-44F0-8E54-1B824D5093DE}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{5F1EADCC-7156-49D8-8744-9C13608BF5A4}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{3489DD16-5F57-408B-B8CC-8F2270F5B7ED}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{01128158-5678-47F4-8BA4-1768CD727EF1}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe (UNIGINE Corp.)
FirewallRules: [{C6232BA7-025E-483A-8DEC-C58D1671AC0B}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe (UNIGINE Corp.)
FirewallRules: [{6F2CB973-A9FB-46AE-910D-A97D8A869EFF}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe (UNIGINE Corp.)
FirewallRules: [{0F224C75-2435-4E45-92B2-1EDAF1355B69}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe (UNIGINE Corp.)
FirewallRules: [{AA4A0295-11DE-47FC-8F75-1AF20E03A3D8}] => (Allow) LPort=38518
FirewallRules: [{5A9D2A7D-3597-463D-8453-42CE0B63EC40}] => (Allow) LPort=9142
FirewallRules: [TCP Query User{2F335881-82A1-47BC-8D51-192E83B92847}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [UDP Query User{DDDF13D4-2855-48B4-98EC-2BCC6E559485}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [{6DC752F5-35B2-4E26-A214-66B0741E5E33}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{37412D99-5092-40E9-A192-5BE1CCABABD2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [TCP Query User{059EAB64-7416-4CAF-A50C-C52150A92EF2}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Block) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [UDP Query User{6357CE5B-D35C-49A1-B8BA-4BE936EF8FE4}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Block) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [{D58EF62D-93A5-437B-A07C-A077621A9B82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{ECC888D2-DBDA-4449-B759-D6DCC148A964}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{EF54B106-204D-4C40-B7C9-287F6455C476}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{3090BF6E-FB80-4B25-86E2-686AEA87A53C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{727D26E6-D7FC-4B4A-A7C2-035FA574B504}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{C32A92CE-6174-4AFB-B4C5-FB3EC87BE71A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{238BA241-13EC-4922-A8CF-0EA4622D49F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{3810CEA8-0AC8-4E8C-899E-E5F86585AF7E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{29D6775C-F710-4413-BFD0-AB7D94A8B117}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [{2A9DD94D-A69F-4D01-9D08-707B73652AAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [TCP Query User{84C4D4D1-F6D3-409F-B041-C5EDF5B41C8A}C:\users\ggpc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ggpc\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [UDP Query User{8C9FB145-492D-40C0-A0AC-1A649228B329}C:\users\ggpc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ggpc\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [{26A8192D-E9B1-4F07-B5B6-04E942AD7664}] => (Allow) C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: TP-Link Wireless N PCI Express Adapter #2
Description: TP-Link Wireless N PCI Express Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TP-Link Technologies Co., Ltd.
Service: RTWlanE
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Kaspersky Security Data Escort Adapter
Description: Kaspersky Security Data Escort Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Kaspersky Security Data Escort Provider
Service: kltap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2019 01:19:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/31/2019 01:19:56 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (01/31/2019 01:19:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\Windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/31/2019 01:19:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/31/2019 01:19:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\Windows\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/31/2019 05:06:22 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/31/2019 01:07:18 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/31/2019 01:07:18 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.


System errors:
=============
Error: (01/31/2019 01:17:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 01:16:21 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 01:16:19 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 01:16:18 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 01:16:18 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 01:16:13 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 01:05:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 01:03:40 AM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-09-20 07:35:45.721
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

Date: 2018-09-20 07:26:12.892
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-09-20 07:26:12.891
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-09-20 07:26:12.891
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-09-20 07:26:12.819
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-01-31 10:16:14.228
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\Windows\Temp\{F1E57239-A8CE-4334-93FC-F0ED0C0ACAC6}\cleanapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-01-31 10:16:10.804
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\Windows\Temp\{B2F1D985-4BFE-46E1-AD9A-31881173ECCA}\cleanapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-01-31 10:16:07.333
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\Windows\Temp\{B0CBE093-9FD2-4C17-B8A0-830028EC91F6}\cleanapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-01-30 23:11:23.634
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2019-01-30 22:13:42.183
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2019-01-28 16:16:42.262
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-01-28 16:16:42.255
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-01-28 16:16:42.192
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 24%
Total physical RAM: 16317.21 MB
Available physical RAM: 12299.66 MB
Total Virtual: 18749.21 MB
Available Virtual: 12904.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.97 GB) (Free:173.46 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:1862.89 GB) (Free:1487.76 GB) NTFS

\\?\Volume{759e9880-0ca3-4f59-876c-1646ea55761d}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{0095f199-42bf-423d-a6c5-269029a5bf07}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

 


  • 0

#6
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 419 posts

Hi,

Thanks for the logs.

 

Do you recognize these files?

 

Startup: C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greetings.vbs [2018-05-30] ()
Startup: C:\Users\rache.RIGGS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greetings.vbs [2018-12-03] ()

 

Did you set these Group Policy restrictions?
 

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction
CHR HKLM\SOFTWARE\Policies\Google: Restriction
CHR HKU\S-1-5-21-688862063-2713704754-1743232380-1002\SOFTWARE\Policies\Google: Restriction

 

-------------------------------

Press the Windows key + R. This will open the Run box.
Type Notepad and and click OK.

 

Copy the contents of the below code box to the new file.

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-688862063-2713704754-1743232380-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yandex.ru/?win=370&clid=2310121-135
SearchScopes: HKU\S-1-5-21-688862063-2713704754-1743232380-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://yandex.ru/search/?win=370&clid=2310122-135&text={searchTerms}
SearchScopes: HKU\S-1-5-21-688862063-2713704754-1743232380-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://yandex.ru/search/?win=370&clid=2310122-135&text={searchTerms}

Toolbar: HKU\S-1-5-21-688862063-2713704754-1743232380-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2018-12-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2019-01-30] <==== ATTENTION

OPR StartupUrls: "hxxps:\/\/www.yandex.ru\/?win=370&clid=2310121-135"

2019-01-30 23:05 - 2019-01-30 23:09 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

AlternateDataStreams: C:\ProgramData\TEMP:84098FD3 [133]

VirusTotal: C:\Windows\system32\acpimof_ocpanel.dll
cmd: gpresult /v

End

Click on File > Save and save the file as fixlist.txt in the same location as FRST/FRST64.exe. (C:\Users\GGPC\Desktop)

Run FRST/FRST64 and click Fix just once and wait.
The tool will create a log (Fixlog.txt) Please copy and paste its contents into your next reply.

 

Thanks.


  • 0

#7
KiwiProbie

KiwiProbie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts

These ones:
 

Startup: C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greetings.vbs [2018-05-30] () <-- That is safe
Startup: C:\Users\rache.RIGGS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greetings.vbs [2018-12-03] () <-- That is safe

 

Did you set these Group Policy restrictions?
 

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <-- I'm not sure what this restriction is too, how can we find out?
CHR HKLM\SOFTWARE\Policies\Google: Restriction <-- I'm not sure what this restriction is too, how can we find out?
CHR HKU\S-1-5-21-688862063-2713704754-1743232380-1002\SOFTWARE\Policies\Google: Restriction <-- I'm not sure what this restriction is too, how can we find out?


  • 0

#8
KiwiProbie

KiwiProbie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019
Ran by Tony (31-01-2019 18:12:18) Run:2
Running from C:\Users\GGPC\Desktop
Loaded Profiles: Tony (Available Profiles: Tony & rache)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-688862063-2713704754-1743232380-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yandex.ru/?win=370&clid=2310121-135
SearchScopes: HKU\S-1-5-21-688862063-2713704754-1743232380-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://yandex.ru/search/?win=370&clid=2310122-135&text={searchTerms}
SearchScopes: HKU\S-1-5-21-688862063-2713704754-1743232380-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://yandex.ru/search/?win=370&clid=2310122-135&text={searchTerms}

Toolbar: HKU\S-1-5-21-688862063-2713704754-1743232380-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2018-12-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2019-01-30] <==== ATTENTION

OPR StartupUrls: "hxxps:\/\/www.yandex.ru\/?win=370&clid=2310121-135"

2019-01-30 23:05 - 2019-01-30 23:09 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

AlternateDataStreams: C:\ProgramData\TEMP:84098FD3 [133]

VirusTotal: C:\Windows\system32\acpimof_ocpanel.dll
cmd: gpresult /v

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-688862063-2713704754-1743232380-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-688862063-2713704754-1743232380-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => not found
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
"C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js" => not found
"C:\Program Files\mozilla firefox\mozilla.cfg" => not found
"OPR StartupUrls: "hxxps:\/\/www.yandex.ru\/?win=370&clid=2310121-135"" => not found
"C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => not found
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => not found
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => not found
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => not found
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => not found
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"C:\ProgramData\TEMP" => ":84098FD3" ADS not found.
VirusTotal: C:\Windows\system32\acpimof_ocpanel.dll => https://www.virustot...sis/1546780793/

========= gpresult /v =========


Microsoft ® Windows ® Operating System Group Policy Result tool v2.0
c 2018 Microsoft Corporation. All rights reserved.

Created on ?31 ?Jan ?2019 at 6:12:43 PM



RSOP data for ZAKELA\Tony on ZAKELA : Logging Mode
---------------------------------------------------

OS Configuration:            Standalone Workstation
OS Version:                  10.0.17134
Site Name:                   N/A
Roaming Profile:             N/A
Local Profile:               C:\Users\GGPC
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    
    Last time Group Policy was applied: 31 Jan 2019 at 6:04:26 PM
    Group Policy was applied from:      N/A
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        RIGGS
    Domain Type:                        WindowsNT 4

    Applied Group Policy Objects
    -----------------------------
        N/A

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        NT AUTHORITY\Authenticated Users
        System Mandatory Level
        
    Resultant Set Of Policies for Computer
    ---------------------------------------

        Software Installations
        ----------------------
            N/A

        Startup Scripts
        ---------------
            N/A

        Shutdown Scripts
        ----------------
            N/A

        Account Policies
        ----------------
            N/A

        Audit Policy
        ------------
            N/A

        User Rights
        -----------
            N/A

        Security Options
        ----------------
            N/A

            N/A

        Event Log Settings
        ------------------
            N/A

        Restricted Groups
        -----------------
            N/A

        System Services
        ---------------
            N/A

        Registry Settings
        -----------------
            N/A

        File System Settings
        --------------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            N/A


USER SETTINGS
--------------
    
    Last time Group Policy was applied: 31 Jan 2019 at 6:04:44 PM
    Group Policy was applied from:      N/A
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        RIGGS
    Domain Type:                        WindowsNT 4
    
    Applied Group Policy Objects
    -----------------------------
        N/A

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        High Mandatory Level
        Everyone
        Local account and member of Administrators group
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        [REMOVED]
        Local account
        LOCAL
        Cloud Account Authentication
        
    The user has the following security privileges
    ----------------------------------------------

        Bypass traverse checking
        Manage auditing and security log
        Back up files and directories
        Restore files and directories
        Change the system time
        Shut down the system
        Force shutdown from a remote system
        Take ownership of files or other objects
        Debug programs
        Modify firmware environment values
        Profile system performance
        Profile single process
        Increase scheduling priority
        Load and unload device drivers
        Create a pagefile
        Adjust memory quotas for a process
        Remove computer from docking station
        Perform volume maintenance tasks
        Impersonate a client after authentication
        Create global objects
        Change the time zone
        Create symbolic links
        Obtain an impersonation token for another user in the same session
        Increase a process working set

    Resultant Set Of Policies for User
    -----------------------------------

        Software Installations
        ----------------------
            N/A

        Logon Scripts
        -------------
            N/A

        Logoff Scripts
        --------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            N/A

        Folder Redirection
        ------------------
            N/A

        Internet Explorer Browser User Interface
        ----------------------------------------
            N/A

        Internet Explorer Connection
        ----------------------------
            N/A

        Internet Explorer URLs
        ----------------------
            N/A

        Internet Explorer Security
        --------------------------
            N/A

        Internet Explorer Programs
        --------------------------
            N/A

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6344415 B
Java, Flash, Steam htmlcache => 7439535 B
Windows/system/drivers => 67538 B
Edge => 0 B
Chrome => 0 B
Firefox => 16214338 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 908 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
GGPC => 377044 B
rache.RIGGS => 0 B

RecycleBin => 11735 B
EmptyTemp: => 39.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:12:51 ====
  • 0

#9
KiwiProbie

KiwiProbie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts

Here is the new logs:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019
Ran by Tony (31-01-2019 18:57:28)
Running from C:\Users\GGPC\Desktop
Windows 10 Home Version 1803 17134.556 (X64) (2018-07-23 17:16:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-688862063-2713704754-1743232380-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-688862063-2713704754-1743232380-503 - Limited - Disabled)
Guest (S-1-5-21-688862063-2713704754-1743232380-501 - Limited - Disabled)
rache (S-1-5-21-688862063-2713704754-1743232380-1005 - Limited - Enabled) => C:\Users\rache.RIGGS
Tony (S-1-5-21-688862063-2713704754-1743232380-1002 - Administrator - Enabled) => C:\Users\GGPC
WDAGUtilityAccount (S-1-5-21-688862063-2713704754-1743232380-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{E267C808-4C22-457E-B74B-50EAB4AD9030}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{9486AD8F-39F4-470B-92FD-BC423ABAEC43}) (Version: 19.1.4.5 - Intel) Hidden
7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Authy Desktop (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\authy-electron) (Version: 1.7.0 - Twilio Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Call of Duty Black Ops 4 (HKLM-x32\...\Call of Duty Black Ops 4) (Version:  - Blizzard Entertainment)
CAM (HKLM-x32\...\{8F17EBED-54B3-472E-B7CF-C53B6AF38FBD}) (Version: 3.7.4 - NZXT)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
Corsair AURA DRAM Component (HKLM-x32\...\{da7ebf10-b0be-494e-a79d-568546795a51}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.)
CrystalDiskInfo 8.0.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.0.0 - Crystal Dew World)
Discord (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Discord) (Version: 0.0.304 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 417.71 - NVIDIA Corporation) Hidden
Geeks3D FurMark 1.20.2.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Glary Utilities 5.113 (HKLM-x32\...\Glary Utilities 5) (Version: 5.113.0.138 - Glarysoft Ltd)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 4520 series Basic Device Software (HKLM\...\{B46D9E8C-10FE-4873-996B-CA9EA3D7D9FE}) (Version: 40.11.1122.1796 - HP Inc.)
HP ENVY 4520 series Help (HKLM-x32\...\{201E58BD-2A1D-4C4D-BD6F-ADA7669FE3AE}) (Version: 36.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HWiNFO64 Version 6.00 (HKLM\...\HWiNFO64_is1) (Version: 6.00 - Martin Malík - REALiX)
Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1805.12.0.1097 - Intel Corporation)
Intel® Network Connections 23.0.12.0 (HKLM\...\PROSetDX) (Version: 23.0.12.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.0.1000 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Driver & Support Assistant (HKLM-x32\...\{b0134461-205a-4d62-bbdc-1fcabdd02645}) (Version: 19.1.4.5 - Intel)
IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.3.0.11 - IObit)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{d6cac989-7570-43fd-b147-e31d6280a3a6}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11126.20266 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-688862063-2713704754-1743232380-1005\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mozilla Firefox 65.0 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0 (x64 en-US)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
Novabench (HKLM\...\{56C3C944-B587-49D0-87A1-412482140B33}) (Version: 4.0.6 - Novawave Inc.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.17.0.113 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.113 - NVIDIA Corporation)
NVIDIA Graphics Driver 417.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{7C4D55AF-37B4-4D85-9106-CF473CEC9BE6}) (Version: 22.1.2521 - O&O Software GmbH)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Prey Anti-Theft (HKLM-x32\...\{AC67FFDC-B1E6-45C4-B01F-32EC70DBF624}) (Version: 1.8.1 - Prey, Inc.) Hidden
Product Improvement Study for HP ENVY 4520 series (HKLM\...\{1DDC5451-BE8B-4092-AB04-E92127242886}) (Version: 40.11.1122.1796 - HP Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8295 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Spotify) (Version: 1.0.98.78.gb45d2a6b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.9025 - TeamViewer)
TP-Link TL-WN881ND Driver (HKLM-x32\...\{5656127B-0110-4450-9CBD-643E760F152D}) (Version: 1.0.0 - TP-Link)
Unigine Superposition Benchmark 1.0 (HKLM\...\Superposition_is1) (Version: 1.0 - Unigine Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 67.0 - Ubisoft)
Wargaming.net Game Center (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Wargaming.net Game Center) (Version: 18.9.1.3085 - Wargaming.net)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.6.6 64-bit (HKLM-x32\...\Wireshark) (Version: 2.6.6 - The Wireshark developer community, hxxps://www.wireshark.org)
World of Tanks ASIA (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\WOT.SG.PRODUCTION) (Version:  - Wargaming.net)
World_of_Warships_Asia (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\WOWS.ASIA.PRODUCTION) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-01-23] (Glarysoft Ltd)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers1: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2018-11-30] (O&O Software GmbH)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-01-23] (Glarysoft Ltd)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers2: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2018-11-30] (O&O Software GmbH)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-01-11] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-01-23] (Glarysoft Ltd)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers6: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2018-11-30] (O&O Software GmbH)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {050278F1-F19F-4923-B547-795AE339F714} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-17] (Microsoft Corporation)
Task: {1DE5D9D8-E11C-4937-91C5-83E4BB8A05C1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-01-10] (Piriform Ltd)
Task: {1E2A4B9D-31C0-4D5F-A7BE-D4F8D3268CF4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2019-01-17] (NVIDIA Corporation)
Task: {1E3B7427-B91C-42A4-9E8F-7A5775A0A44A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
Task: {2A04232A-0C9F-446E-830C-1FAA24EC39B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {30C5B791-F93A-40E0-BF25-E6F5B7F62A9E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2019-01-17] (NVIDIA Corporation)
Task: {3BA546E1-3801-4FBB-AE99-590D94C34E95} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2019-01-17] (NVIDIA Corporation)
Task: {3BD9EF77-DDAA-4869-B69B-4C2EACF67B7B} - System32\Tasks\CAM.Desktop => C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe [2018-11-07] ()
Task: {3F23C60B-289E-4E8A-BCD8-51E3F9B4E3F7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2019-01-17] (NVIDIA Corporation)
Task: {441B0B90-CC06-4D58-97A7-6272E5E245D0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {49A3547A-EA9D-4BD4-BF6E-36D524AD56A2} - System32\Tasks\Uninstaller_SkipUac_Tony => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2019-01-11] (IObit)
Task: {4CEE1DE6-148A-4B7A-B717-70264721C819} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe
Task: {4DE21D99-80AB-43A2-B6ED-B870D5F2A5C4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-09] (Adobe Systems Incorporated)
Task: {4E177E86-CF0F-4FF2-BA7C-1418E477F50B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-01-17] (NVIDIA Corporation)
Task: {5130ED86-ADEF-491F-87A0-56C085839005} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {53DD69FF-D38C-42F9-B2ED-E9D9E0C39380} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd)
Task: {5CD30A00-013A-49F6-A51F-3DEA0394979E} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {62F83496-16DB-4D5B-BD3C-98355D6B49A1} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {6403A30C-BC70-44D1-BB0F-2650C6BDF13A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2019-01-17] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6BF97351-4629-408A-A574-3CDA713C70A6} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
Task: {71637121-DEEA-4C68-ADCC-CB8132F79F80} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {8922BD96-9157-43E1-9564-5F9A12BC2FBB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-09] (Adobe Systems Incorporated)
Task: {8A8C00A8-972D-4074-9374-3856EC810E44} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {906FF8A9-1106-4E50-9EB3-CF71B27B89DB} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {9832A578-B78D-4F2F-AC42-EAB2333DE0BE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-17] (Microsoft Corporation)
Task: {AA32106D-D81A-4C40-BB13-93CCF19208C3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-01-17] (NVIDIA Corporation)
Task: {AEF435B9-2DE1-4BCF-93C6-1B77BCDE8E22} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-17] (Microsoft Corporation)
Task: {AF96B9EB-B4E7-48E5-9FDD-E41308BDA870} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {CB2B7FB5-2200-4AF0-989E-201899F73E83} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {D236F739-04B4-4C90-B875-159B70C1DD27} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2019-01-17] (NVIDIA Corporation)
Task: {D3CF7EEF-4D89-459C-8ACE-9D3C5A20CA67} - System32\Tasks\S-1-5-21-688862063-2713704754-1743232380-1002\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Corporation)
Task: {D61A42BD-D84B-4555-81F4-F7ACB1A0E956} - System32\Tasks\HPCustParticipation HP ENVY 4520 series => C:\Program Files\HP\HP ENVY 4520 series\Bin\HPCustPartic.exe [2017-04-06] (HP Inc.)
Task: {DD13E469-4407-4DCF-B45A-FA7490AC8550} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-17] (Microsoft Corporation)
Task: {E19E9D71-4410-4A8D-A6B7-8598BEA1A3B5} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {F1ECCC82-C657-44D2-B4B4-98744D12CCE0} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel® Management Engine Components\iCLS\IntelPTTEKRecertification.exe [2017-11-16] (Intel® Corporation)
Task: {F317D034-A7ED-431D-9ADF-CE6BF942DEEE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-19 19:01 - 2018-12-19 19:01 - 000195832 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
2018-07-24 06:13 - 2019-01-17 00:13 - 001315024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-12 12:34 - 2018-04-12 12:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 12:34 - 2018-04-12 12:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-11-29 10:05 - 2018-11-09 15:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-16 09:44 - 2019-01-09 21:10 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-29 10:29 - 2018-10-31 07:06 - 001057056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
2018-11-29 10:29 - 2018-09-23 13:00 - 102804768 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2018-11-29 10:29 - 2018-09-23 13:00 - 004866336 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2018-11-29 10:29 - 2018-09-23 13:00 - 000116000 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2018-11-07 18:38 - 2018-11-07 18:38 - 001955328 _____ () C:\Program Files (x86)\NZXT\CAM\Launcher\ffmpeg.dll
2018-11-07 18:38 - 2018-11-07 18:38 - 003687936 _____ () C:\Program Files (x86)\NZXT\CAM\Launcher\libglesv2.dll
2018-11-07 18:38 - 2018-11-07 18:38 - 000017920 _____ () C:\Program Files (x86)\NZXT\CAM\Launcher\libegl.dll
2018-11-07 18:38 - 2018-11-07 18:38 - 000332912 _____ () C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe
2018-12-19 19:01 - 2018-12-19 19:01 - 000937208 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
2018-12-19 19:01 - 2018-12-19 19:01 - 002329336 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000282360 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000578296 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000616696 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000267000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000323832 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000978680 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000243960 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_winstat_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000750840 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_upnp_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000411384 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000558840 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sgx_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000665336 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sampler_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000853240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000636152 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000303864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000778488 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000863480 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
2018-12-19 19:01 - 2018-12-19 19:01 - 000312568 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000555768 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_events_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000636152 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll
2018-11-29 12:05 - 2018-11-29 12:05 - 000899584 _____ () \\?\C:\Windows\Prey\versions\1.8.2\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node
2018-07-24 06:13 - 2019-01-17 00:13 - 001032912 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-11-29 10:29 - 2018-10-31 07:06 - 000879904 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-11-29 10:29 - 2019-01-05 12:33 - 002650400 _____ () C:\Program Files (x86)\Steam\video.dll
2018-11-29 10:29 - 2016-09-01 14:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-11-29 10:29 - 2017-12-20 14:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-11-29 10:29 - 2017-12-20 14:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-11-29 10:29 - 2017-12-20 14:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-11-29 10:29 - 2017-12-20 14:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-11-29 10:29 - 2017-12-20 14:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-11-29 10:29 - 2016-09-01 14:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-11-29 10:29 - 2016-09-01 14:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-11-29 10:29 - 2019-01-05 12:33 - 001028384 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-11-29 10:29 - 2016-07-05 11:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-04-25 12:13 - 2018-04-25 12:13 - 000252184 _____ () C:\Program Files (x86)\NZXT\CAM\libuv.DLL
2018-12-01 15:11 - 2018-05-02 17:42 - 000442128 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2018-12-01 15:11 - 2018-05-02 17:42 - 000210704 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2018-12-01 15:11 - 2018-05-02 17:42 - 000059664 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2018-01-31 19:52 - 2018-01-31 19:52 - 001604240 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 12:38 - 2018-12-26 18:44 - 000001052 _____ C:\Windows\system32\drivers\etc\hosts

0.0.0.0    incoming.telemetry.mozilla.org

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\GGPC\Pictures\Follower of the way things\6.jpg
HKU\S-1-5-21-688862063-2713704754-1743232380-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\rache.RIGGS\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\1 (3).jpeg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKLM\...\StartupApproved\Run32: => "OnScreen Control"
HKLM\...\StartupApproved\Run32: => "IseUI"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "HP ENVY 4520 series (NET)"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "Browser Manager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2B94ABA8-9DAC-4FCE-A779-EE57306C452B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{CA3AE165-2F9E-4986-8086-49C8F1FFC5BA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{9342342A-A339-4913-B609-64E055C75AED}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{FE593D69-3751-4BC5-BE72-B19F9F53C94D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [TCP Query User{13AF986A-6D70-49EC-8AFB-A7474243E044}D:\program files (x86)\call of duty black ops 4\blackops4.exe] => (Allow) D:\program files (x86)\call of duty black ops 4\blackops4.exe (Activision Publishing, Inc.)
FirewallRules: [UDP Query User{EA52114C-9B36-49F7-BA90-4FEA3593F322}D:\program files (x86)\call of duty black ops 4\blackops4.exe] => (Allow) D:\program files (x86)\call of duty black ops 4\blackops4.exe (Activision Publishing, Inc.)
FirewallRules: [TCP Query User{50EFA744-7CA1-4560-B3B5-96E003BCA909}D:\steam\steamapps\common\rise of the tomb raider\rottr.exe] => (Allow) D:\steam\steamapps\common\rise of the tomb raider\rottr.exe (Eidos Inc.)
FirewallRules: [UDP Query User{0026212E-61E5-4347-A542-7E64144980B8}D:\steam\steamapps\common\rise of the tomb raider\rottr.exe] => (Allow) D:\steam\steamapps\common\rise of the tomb raider\rottr.exe (Eidos Inc.)
FirewallRules: [TCP Query User{50AA50D6-95AA-4CF5-B198-0DE299A50EA8}D:\steam\steamapps\common\the crew 2\thecrew2.exe] => (Allow) D:\steam\steamapps\common\the crew 2\thecrew2.exe (UBISoft)
FirewallRules: [UDP Query User{01F558B5-DAF0-407D-97D7-9710F7E64F8E}D:\steam\steamapps\common\the crew 2\thecrew2.exe] => (Allow) D:\steam\steamapps\common\the crew 2\thecrew2.exe (UBISoft)
FirewallRules: [{FE1D770A-0A51-43E6-9AFF-FF33B2E9DD71}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [{444C56EC-FEC5-4F55-B4AC-52916B47970A}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [TCP Query User{8B28E81F-9E4E-40C1-BF03-4358AC0DFA70}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [UDP Query User{8C43F5E1-32F6-47DE-8E72-8578CCF90D7F}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [TCP Query User{0FF21A64-1182-4152-A306-72EABB6EE01E}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net)
FirewallRules: [UDP Query User{8C9BF5FF-7398-438E-8A02-584910A0FF9A}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net)
FirewallRules: [{73F4E2D5-58B9-4D0D-853B-8155C3356A0F}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{612A7A36-31A2-44BB-A1C9-413ACBB13ED6}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{4D96F7A3-4755-4C6E-AF46-E0EC8A0E1D86}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{17AAE4E7-C69C-480D-A0CB-BE6A4889623F}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{7B43B956-CA5B-4770-846E-88071A77198E}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes)
FirewallRules: [{530234E2-DE8F-4775-93CB-8959C9A2B891}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe ()
FirewallRules: [{97D56D38-F8E3-4B8C-9C6C-07C95FCE9EA3}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{E2EC7159-D90D-46A8-9095-29A1DB738383}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{157437F7-AE3F-43A7-8BD4-4D850A5C0C9C}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{FCE8FFFA-88CE-4BF4-AE2F-01BF47F678D7}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{C21B7C76-5175-488C-8177-AAE18B8B7169}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes)
FirewallRules: [{6C7AC74D-D7FF-4BD1-A705-FE3A2E83988A}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe ()
FirewallRules: [TCP Query User{843D723D-43F4-4FD3-925F-221D8CB2A9E9}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe (HP Inc.)
FirewallRules: [UDP Query User{79D47BD0-30B9-407B-818C-149B73320733}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe (HP Inc.)
FirewallRules: [{A21EB030-A934-49E7-A5E6-FCF29C15E041}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{27AF4214-3EDD-4B1C-9D3D-C9C46C11D6C2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{443C902A-D1A9-4576-BF33-9F47BD918784}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{8202DCCD-49CA-42F9-B909-F59E756EA2B2}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\game.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{53EF0401-9B05-4FC7-9B01-8A39DB059A9F}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\game.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{1BB581D6-4825-4F61-9D69-78FC8FDE9559}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\startup_setting.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{50793547-7ECF-4B26-A0B5-BB6955BA3769}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\startup_setting.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{58649AE4-B7F0-4447-A188-7B771D3200AC}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{27F0ABF9-7CCF-44F0-8E54-1B824D5093DE}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{5F1EADCC-7156-49D8-8744-9C13608BF5A4}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{3489DD16-5F57-408B-B8CC-8F2270F5B7ED}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{01128158-5678-47F4-8BA4-1768CD727EF1}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe (UNIGINE Corp.)
FirewallRules: [{C6232BA7-025E-483A-8DEC-C58D1671AC0B}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe (UNIGINE Corp.)
FirewallRules: [{6F2CB973-A9FB-46AE-910D-A97D8A869EFF}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe (UNIGINE Corp.)
FirewallRules: [{0F224C75-2435-4E45-92B2-1EDAF1355B69}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe (UNIGINE Corp.)
FirewallRules: [{AA4A0295-11DE-47FC-8F75-1AF20E03A3D8}] => (Allow) LPort=38518
FirewallRules: [{5A9D2A7D-3597-463D-8453-42CE0B63EC40}] => (Allow) LPort=9142
FirewallRules: [TCP Query User{2F335881-82A1-47BC-8D51-192E83B92847}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [UDP Query User{DDDF13D4-2855-48B4-98EC-2BCC6E559485}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [{6DC752F5-35B2-4E26-A214-66B0741E5E33}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{37412D99-5092-40E9-A192-5BE1CCABABD2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [TCP Query User{059EAB64-7416-4CAF-A50C-C52150A92EF2}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Block) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [UDP Query User{6357CE5B-D35C-49A1-B8BA-4BE936EF8FE4}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Block) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [{D58EF62D-93A5-437B-A07C-A077621A9B82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{ECC888D2-DBDA-4449-B759-D6DCC148A964}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{EF54B106-204D-4C40-B7C9-287F6455C476}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{3090BF6E-FB80-4B25-86E2-686AEA87A53C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{727D26E6-D7FC-4B4A-A7C2-035FA574B504}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{C32A92CE-6174-4AFB-B4C5-FB3EC87BE71A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{238BA241-13EC-4922-A8CF-0EA4622D49F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{3810CEA8-0AC8-4E8C-899E-E5F86585AF7E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{29D6775C-F710-4413-BFD0-AB7D94A8B117}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [{2A9DD94D-A69F-4D01-9D08-707B73652AAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [TCP Query User{84C4D4D1-F6D3-409F-B041-C5EDF5B41C8A}C:\users\ggpc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ggpc\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [UDP Query User{8C9FB145-492D-40C0-A0AC-1A649228B329}C:\users\ggpc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ggpc\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [{62FD4C1D-0211-4341-AA18-23B76FBCC221}] => (Allow) C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: TP-Link Wireless N PCI Express Adapter #2
Description: TP-Link Wireless N PCI Express Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TP-Link Technologies Co., Ltd.
Service: RTWlanE
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2019 06:17:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/31/2019 06:17:43 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (01/31/2019 06:17:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\Windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/31/2019 06:17:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/31/2019 06:17:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\Windows\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/31/2019 06:12:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (01/31/2019 06:12:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {067b01b8-4e9b-4cbf-ad65-73833e5fc1bc}

Error: (01/31/2019 06:08:46 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (01/31/2019 06:54:39 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 06:54:39 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 06:54:39 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 06:54:39 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 06:15:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 06:14:07 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 06:14:05 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 06:14:05 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-09-20 07:35:45.721
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

Date: 2018-09-20 07:26:12.892
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-09-20 07:26:12.891
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-09-20 07:26:12.891
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-09-20 07:26:12.819
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-01-31 16:23:22.852
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2019-01-31 10:16:14.228
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\Windows\Temp\{F1E57239-A8CE-4334-93FC-F0ED0C0ACAC6}\cleanapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-01-31 10:16:10.804
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\Windows\Temp\{B2F1D985-4BFE-46E1-AD9A-31881173ECCA}\cleanapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-01-31 10:16:07.333
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\Windows\Temp\{B0CBE093-9FD2-4C17-B8A0-830028EC91F6}\cleanapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-01-30 23:11:23.634
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2019-01-30 22:13:42.183
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2019-01-28 16:16:42.262
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-01-28 16:16:42.255
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 26%
Total physical RAM: 16317.21 MB
Available physical RAM: 11976.77 MB
Total Virtual: 18749.21 MB
Available Virtual: 12764.26 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.97 GB) (Free:173.94 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:1862.89 GB) (Free:1487.76 GB) NTFS

\\?\Volume{759e9880-0ca3-4f59-876c-1646ea55761d}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{0095f199-42bf-423d-a6c5-269029a5bf07}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30.01.2019
Ran by Tony (administrator) on ZAKELA (31-01-2019 18:56:55)
Running from C:\Users\GGPC\Desktop
Loaded Profiles: Tony & rache (Available Profiles: Tony & rache)
Platform: Windows 10 Home Version 1803 17134.556 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Prey, Inc.) C:\Windows\Prey\wpxsvc.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Novawave Inc.) C:\Program Files\Novawave\Novabench\NovabenchService.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Node.js) C:\Windows\Prey\versions\1.8.2\bin\node.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.8.2\node_modules\os-triggers\bin\lightevt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(NZXT) C:\Program Files (x86)\NZXT\CAM\Launcher\CAM.exe
(NZXT) C:\Program Files (x86)\NZXT\CAM\Launcher\CAM.exe
() C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NZXT) C:\Program Files (x86)\NZXT\CAM\Launcher\CAM.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-11-09] (Realtek Semiconductor)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [5126944 2018-11-30] (O&O Software GmbH)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [319520 2018-12-06] (Intel Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [126200 2019-01-28] (Intel)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Run: [Discord] => C:\Users\GGPC\AppData\Local\Discord\app-0.0.304\Discord.exe [81747288 2019-01-15] (Discord Inc.)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2019-01-25] (Glarysoft Ltd)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3133216 2019-01-05] (Valve Corporation)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (HP Inc.)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Run: [CAM] => C:\Program Files (x86)\NZXT\CAM\Launcher\CAM.exe [67662960 2018-11-07] (NZXT)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [217088 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-688862063-2713704754-1743232380-1005\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\rache.RIGGS\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-688862063-2713704754-1743232380-1005\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\rache.RIGGS\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-688862063-2713704754-1743232380-1005\...\RunOnce: [Uninstall 18.222.1104.0007\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rache.RIGGS\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64"
HKU\S-1-5-21-688862063-2713704754-1743232380-1005\...\RunOnce: [Uninstall 18.222.1104.0007] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rache.RIGGS\AppData\Local\Microsoft\OneDrive\18.222.1104.0007"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2019-01-30]
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{7C4D55AF-37B4-4D85-9106-CF473CEC9BE6}\app_icon.exe ()
Startup: C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greetings.vbs [2018-05-30] ()
Startup: C:\Users\rache.RIGGS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greetings.vbs [2018-12-03] ()
BootExecute: autocheck autochk *  
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-688862063-2713704754-1743232380-1002\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.0    incoming.telemetry.mozilla.org
Tcpip\..\Interfaces\{9c332f83-344e-4139-aefc-9d7d7f66a947}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{ab82696e-f51d-4413-a96c-f4da4d001a9e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b946f319-c774-4c65-a16b-0b261cf9cda8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c644551a-f22e-4b26-b9ad-223dfde4ce8e}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-688862063-2713704754-1743232380-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-11-29] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-17] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-17] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-17] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-688862063-2713704754-1743232380-1002 -> hxxp://www.facebook.com/

FireFox:
========
FF DefaultProfile: gekoak68.default-1543477652566
FF ProfilePath: C:\Users\GGPC\AppData\Roaming\Mozilla\Firefox\Profiles\gekoak68.default-1543477652566 [2019-01-31]
FF Homepage: Mozilla\Firefox\Profiles\gekoak68.default-1543477652566 -> hxxps://www.facebook.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\gekoak68.default-1543477652566 -> type", 0
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\GGPC\AppData\Roaming\Mozilla\Firefox\Profiles\gekoak68.default-1543477652566\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-01-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-01-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-29] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-09] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-11-29] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-05] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-01-31] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-01-31] <==== ATTENTION

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7206312 2018-12-02] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619816 2019-01-04] (Microsoft Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [6886472 2018-11-29] (Prey, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23288 2019-01-28] (Intel)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17440 2018-12-06] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-16] (Intel® Corporation)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [505856 2018-01-22] (Intel Corporation) [File not signed]
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-16] (Intel® Corporation)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [153360 2018-09-25] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [214672 2018-01-31] (Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe [414352 2019-01-30] (AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
R2 NovabenchService; C:\Program Files\Novawave\Novabench\NovabenchService.exe [330288 2018-10-06] (Novawave Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790736 2019-01-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790736 2019-01-17] (NVIDIA Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1721632 2018-11-30] (O&O Software GmbH)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] ()
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [195832 2018-12-19] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-17] (TeamViewer GmbH)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-27] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-27] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [18264 2017-09-27] (Intel® Corporation)
S4 asComSvc; "C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33504 2019-01-01] ()
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
R3 cpuz147; C:\Windows\temp\cpuz147\cpuz147_x64.sys [53848 2019-01-31] (CPUID)
S3 gdrv2; C:\Windows\gdrv2.sys [32720 2019-01-12] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [19392 2018-04-23] ()
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2018-11-29] (Glarysoft Ltd)
R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO64A.SYS [65320 2018-12-25] (REALiX™)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [123544 2017-10-15] (Intel Corporation)
R0 iaStorAC; C:\Windows\System32\drivers\iaStorAC.sys [1094792 2018-12-06] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [38424 2017-09-15] (Intel Corporation)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37184 2018-10-16] (IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [43392 2018-10-16] (IObit)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [73416 2018-12-05] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [123152 2018-12-05] (AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [89168 2018-12-05] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [219744 2019-01-30] (AO Kaspersky Lab)
R1 KLHK; C:\Windows\System32\drivers\klhk.sys [1214752 2019-01-30] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [190784 2019-01-30] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1113696 2019-01-30] (AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [45768 2018-12-05] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [48080 2018-02-12] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [238528 2019-01-30] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [100136 2019-01-30] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [289856 2019-01-30] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [110640 2019-01-30] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [193168 2019-01-30] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [176976 2018-12-05] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
R3 NovabenchDriver; C:\Program Files\Novawave\Novabench\NovabenchDriverWin10.sys [28216 2018-03-28] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5db32447b43ce666\nvlddmkm.sys [20461984 2019-01-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-02] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2018-10-04] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [6831056 2017-06-20] (Realtek Semiconductor Corporation )
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [43008 2018-12-19] ()
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46680 2018-12-27] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [330936 2018-12-27] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-27] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Program Files (x86)\NZXT\CAM\OpenHardwareMonitorLib.sys [14544 2019-01-31] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-31 18:56 - 2019-01-31 18:57 - 000022928 _____ C:\Users\GGPC\Desktop\FRST.txt
2019-01-31 17:43 - 2019-01-31 17:43 - 000000000 ___HD C:\OneDriveTemp
2019-01-31 13:52 - 2019-01-31 13:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2019-01-31 10:17 - 2019-01-31 10:17 - 000003392 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2019-01-31 10:16 - 2019-01-31 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2019-01-31 00:55 - 2019-01-31 00:55 - 000907040 _____ (O&O Software GmbH) C:\Users\GGPC\Downloads\Shutup.exe
2019-01-31 00:04 - 2019-01-31 00:04 - 000000000 ____D C:\ProgramData\GlarySoft
2019-01-30 23:56 - 2019-01-31 18:56 - 000000000 ____D C:\FRST
2019-01-30 23:55 - 2019-01-31 13:20 - 002428928 _____ (Farbar) C:\Users\GGPC\Desktop\FRST64.exe
2019-01-30 23:47 - 2019-01-31 13:37 - 000650088 _____ C:\Windows\ntbtlog.txt
2019-01-30 23:14 - 2019-01-30 23:15 - 000000000 ____D C:\ProgramData\Novabench
2019-01-30 23:14 - 2019-01-30 23:14 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novabench.lnk
2019-01-30 23:14 - 2019-01-30 23:14 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Novabench
2019-01-30 23:14 - 2019-01-30 23:14 - 000000000 ____D C:\Users\GGPC\AppData\Local\Novabench
2019-01-30 23:14 - 2019-01-30 23:14 - 000000000 ____D C:\Program Files\Novawave
2019-01-30 23:13 - 2019-01-30 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-01-30 23:13 - 2019-01-30 23:13 - 000000000 ____D C:\Program Files\7-Zip
2019-01-30 23:10 - 2019-01-31 01:02 - 000162708 _____ C:\Windows\system32\oodbs.lor
2019-01-30 23:07 - 2019-01-30 23:07 - 097783808 _____ C:\Users\GGPC\Downloads\Novabench.msi
2019-01-30 23:05 - 2019-01-30 23:05 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Opera Software
2019-01-30 23:03 - 2019-01-30 23:03 - 001443680 _____ (Igor Pavlov) C:\Users\GGPC\Downloads\7-Zip.exe
2019-01-30 22:27 - 2019-01-30 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
2019-01-30 22:27 - 2019-01-30 22:27 - 000000000 ____D C:\Program Files\OO Software
2019-01-30 22:17 - 2019-01-30 22:17 - 000289856 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2019-01-30 22:13 - 2019-01-30 22:13 - 000238528 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2019-01-30 22:13 - 2019-01-30 22:13 - 000193168 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2019-01-30 22:13 - 2019-01-30 22:13 - 000110640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2019-01-30 22:13 - 2019-01-30 22:13 - 000100136 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys
2019-01-30 22:13 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2019-01-30 22:12 - 2019-01-30 22:12 - 001214752 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2019-01-30 22:12 - 2019-01-30 22:12 - 001113696 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2019-01-30 22:12 - 2019-01-30 22:12 - 000219744 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2019-01-30 22:12 - 2019-01-30 22:12 - 000152960 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll
2019-01-30 22:10 - 2019-01-30 22:10 - 002536320 _____ (Kaspersky Lab) C:\Users\GGPC\Downloads\KAF.exe
2019-01-30 18:16 - 2019-01-30 18:16 - 015341312 _____ (Intel) C:\Users\GGPC\Downloads\Intel Driver and Support Assistant Installer.exe
2019-01-30 10:33 - 2019-01-30 10:33 - 000000000 ____D C:\ProgramData\Mozilla
2019-01-29 22:22 - 2019-01-31 17:58 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Spotify
2019-01-29 22:22 - 2019-01-31 17:58 - 000000000 ____D C:\Users\GGPC\AppData\Local\Spotify
2019-01-29 22:22 - 2019-01-29 22:22 - 000001867 _____ C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2019-01-29 22:21 - 2019-01-29 22:21 - 000742728 _____ (Spotify Ltd) C:\Users\GGPC\Downloads\Spotify.exe
2019-01-28 10:23 - 2019-01-28 10:23 - 001817208 _____ (CPUID, Inc. ) C:\Users\GGPC\Downloads\CPU-Z.exe
2019-01-28 10:23 - 2019-01-28 10:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2019-01-28 10:23 - 2019-01-28 10:23 - 000000000 ____D C:\Program Files\CPUID
2019-01-26 17:47 - 2019-01-26 17:53 - 000000000 ____D C:\Users\GGPC\Documents\Rise of the Tomb Raider
2019-01-26 13:38 - 2019-01-30 19:51 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2019-01-26 13:38 - 2019-01-30 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2019-01-26 11:48 - 2019-01-26 11:48 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Google
2019-01-26 11:42 - 2019-01-30 23:05 - 000000000 ____D C:\Users\GGPC\AppData\Local\Google
2019-01-24 12:52 - 2019-01-24 12:52 - 000000000 ____D C:\Users\GGPC\AppData\Local\EVGA_Co.,_Ltd
2019-01-24 12:51 - 2019-01-24 12:56 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA
2019-01-24 12:51 - 2019-01-24 12:56 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\EVGA
2019-01-24 12:51 - 2019-01-24 12:51 - 000000000 ____D C:\Program Files\EVGA
2019-01-24 10:17 - 2019-01-29 16:52 - 017558880 _____ (Glarysoft Ltd) C:\Users\GGPC\Downloads\Glary Utilities.exe
2019-01-20 23:43 - 2019-01-20 23:53 - 000000000 ____D C:\AdwCleaner
2019-01-20 23:42 - 2019-01-20 23:42 - 007320272 _____ (Malwarebytes) C:\Users\GGPC\Downloads\Adwcleaner.exe
2019-01-20 23:32 - 2019-01-20 23:33 - 000332221 _____ C:\Windows\system32\log.csv
2019-01-20 23:28 - 2019-01-20 23:28 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled
2019-01-18 17:53 - 2019-01-18 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2019-01-18 17:53 - 2019-01-18 17:53 - 000000000 ____D C:\Program Files (x86)\Geeks3D
2019-01-18 13:36 - 2019-01-31 18:14 - 000308736 _____ C:\Windows\SysWOW64\NVAPIHelper.dll
2019-01-18 13:36 - 2019-01-31 18:13 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\CAM
2019-01-18 13:36 - 2019-01-26 19:41 - 000003346 _____ C:\Windows\System32\Tasks\CAM.Desktop
2019-01-18 13:36 - 2019-01-18 13:36 - 000001184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAM.lnk
2019-01-18 13:36 - 2019-01-18 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAM
2019-01-18 13:36 - 2019-01-18 13:36 - 000000000 ____D C:\Program Files (x86)\NZXT
2019-01-18 13:35 - 2019-01-18 13:35 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\NZXT
2019-01-18 10:38 - 2019-01-18 10:44 - 000000000 ____D C:\Users\GGPC\Superposition
2019-01-18 10:38 - 2019-01-18 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
2019-01-18 10:37 - 2019-01-18 10:37 - 000000000 ____D C:\Program Files\Unigine
2019-01-17 08:57 - 2019-01-17 08:57 - 000002678 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2019-01-16 09:44 - 2019-01-10 07:08 - 000309560 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-01-16 09:44 - 2019-01-10 06:57 - 004527584 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-01-16 09:44 - 2019-01-10 06:57 - 000720536 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-01-16 09:44 - 2019-01-10 06:42 - 004716032 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2019-01-16 09:44 - 2019-01-10 06:41 - 012730368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-01-16 09:44 - 2019-01-10 06:41 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2019-01-16 09:44 - 2019-01-10 06:40 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2019-01-16 09:44 - 2019-01-10 06:36 - 003649024 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-01-16 09:44 - 2019-01-10 06:36 - 001054720 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2019-01-16 09:44 - 2019-01-10 06:35 - 002919936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2019-01-16 09:44 - 2019-01-10 06:35 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-01-16 09:44 - 2019-01-10 03:50 - 001008640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MixedRealityCapture.dll
2019-01-16 09:44 - 2019-01-09 23:14 - 000607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-01-16 09:44 - 2019-01-09 22:55 - 011919872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-01-16 09:44 - 2019-01-09 22:55 - 000150016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2019-01-16 09:44 - 2019-01-09 22:51 - 002891776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-01-16 09:44 - 2019-01-09 21:55 - 001285432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2019-01-16 09:44 - 2019-01-09 21:50 - 000134968 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-01-16 09:44 - 2019-01-09 21:48 - 000527368 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-01-16 09:44 - 2019-01-09 21:46 - 001457240 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-01-16 09:44 - 2019-01-09 21:46 - 001257880 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-01-16 09:44 - 2019-01-09 21:44 - 009084216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-01-16 09:44 - 2019-01-09 21:24 - 025855488 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-01-16 09:44 - 2019-01-09 21:11 - 007573504 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-01-16 09:44 - 2019-01-09 21:06 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-01-16 09:44 - 2019-01-09 20:03 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-01-16 09:44 - 2019-01-09 18:59 - 000611848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2019-01-16 09:44 - 2019-01-09 18:44 - 000078688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wldp.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 006567768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 006043496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 004789944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 002253480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 001981280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 001620264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 001130568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000607376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000581592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000287640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000129088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000127744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000071456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2019-01-16 09:44 - 2019-01-09 18:42 - 001035232 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-01-16 09:44 - 2019-01-09 18:42 - 000092704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2019-01-16 09:44 - 2019-01-09 18:41 - 001140680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-01-16 09:44 - 2019-01-09 18:41 - 000983120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-01-16 09:44 - 2019-01-09 18:41 - 000076296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-01-16 09:44 - 2019-01-09 18:40 - 002765336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-01-16 09:44 - 2019-01-09 18:40 - 001221432 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-01-16 09:44 - 2019-01-09 18:40 - 001063224 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2019-01-16 09:44 - 2019-01-09 18:40 - 001029944 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-01-16 09:44 - 2019-01-09 18:40 - 000566568 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-01-16 09:44 - 2019-01-09 18:40 - 000432952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-01-16 09:44 - 2019-01-09 18:40 - 000226104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-01-16 09:44 - 2019-01-09 18:40 - 000090872 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 007519888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 007436016 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 004404720 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 002571632 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 001943128 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 001098056 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000789696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000713264 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000349656 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000269624 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000260800 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000175416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spacedump.sys
2019-01-16 09:44 - 2019-01-09 18:39 - 000164192 _____ (Microsoft Corporation) C:\Windows\system32\rmclient.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000144072 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-01-16 09:44 - 2019-01-09 18:39 - 000085472 _____ (Microsoft Corporation) C:\Windows\system32\svchost.exe
2019-01-16 09:44 - 2019-01-09 18:34 - 022016512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-01-16 09:44 - 2019-01-09 18:33 - 016597504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-01-16 09:44 - 2019-01-09 18:32 - 013878272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-01-16 09:44 - 2019-01-09 18:29 - 008188928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2019-01-16 09:44 - 2019-01-09 18:29 - 002500096 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe
2019-01-16 09:44 - 2019-01-09 18:27 - 004710912 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2019-01-16 09:44 - 2019-01-09 18:27 - 004384256 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-01-16 09:44 - 2019-01-09 18:27 - 001587712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2019-01-16 09:44 - 2019-01-09 18:26 - 006661632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2019-01-16 09:44 - 2019-01-09 18:26 - 003396608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-01-16 09:44 - 2019-01-09 18:26 - 002966016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2019-01-16 09:44 - 2019-01-09 18:25 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\spacebridge.dll
2019-01-16 09:44 - 2019-01-09 18:24 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2019-01-16 09:44 - 2019-01-09 18:24 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_CapabilityAccess.dll
2019-01-16 09:44 - 2019-01-09 18:24 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spacebridge.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 005775872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 005307392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 002368000 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 001189888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\srpapi.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManagerClient.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 000067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CapabilityAccessManagerClient.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 001551360 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 001395200 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000808448 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000624640 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicSvc.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManager.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000138752 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srpapi.dll
2019-01-16 09:44 - 2019-01-09 18:21 - 002173440 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-01-16 09:44 - 2019-01-09 18:21 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-01-16 09:44 - 2019-01-09 18:21 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\smartscreenps.dll
2019-01-16 09:44 - 2019-01-09 18:21 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 004940288 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 004516352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 001000448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 000916480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 000135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smartscreenps.dll
2019-01-16 09:44 - 2019-01-09 18:19 - 000883712 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2019-01-16 09:44 - 2019-01-09 18:19 - 000678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-01-16 09:44 - 2019-01-09 18:19 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2019-01-16 09:44 - 2019-01-09 18:19 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2019-01-16 09:44 - 2019-01-09 18:19 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2019-01-16 09:44 - 2019-01-09 18:18 - 000195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2019-01-16 09:44 - 2019-01-09 17:34 - 000806320 _____ C:\Windows\SysWOW64\locale.nls
2019-01-16 09:44 - 2019-01-09 17:34 - 000806320 _____ C:\Windows\system32\locale.nls
2019-01-16 09:44 - 2019-01-09 17:34 - 000001310 _____ C:\Windows\system32\tcbres.wim
2019-01-15 23:18 - 2019-01-15 23:18 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-01-15 23:18 - 2019-01-11 22:22 - 005363000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 002623880 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 001767464 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 000650608 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 000451056 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 000125320 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 000083336 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-01-15 23:18 - 2019-01-10 02:45 - 008472342 _____ C:\Windows\system32\nvcoproc.bin
2019-01-15 23:18 - 2018-11-21 18:13 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-01-15 23:16 - 2019-01-12 17:05 - 000978336 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000978336 _____ C:\Windows\system32\vulkan-1.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000845216 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000845216 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000552536 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000456848 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000268192 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-01-15 23:16 - 2019-01-12 17:05 - 000268192 _____ C:\Windows\system32\vulkaninfo.exe
2019-01-15 23:16 - 2019-01-12 17:05 - 000243616 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-01-15 23:16 - 2019-01-12 17:05 - 000243616 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-01-15 23:16 - 2019-01-12 17:04 - 004946232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 004316304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 002018392 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6441771.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 002003600 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 001512352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 001467864 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6441771.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 001461152 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 001126544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 000750520 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 000631896 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 000609368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 000521688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-01-15 23:16 - 2019-01-12 17:03 - 040262912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-01-15 23:16 - 2019-01-12 17:03 - 035158736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-01-15 23:16 - 2019-01-12 13:03 - 015911384 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 013205768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 001471424 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 001462024 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 001167584 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 001151984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 001145536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 000914400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 000822392 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 000794448 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 000637664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-01-15 23:16 - 2019-01-12 13:01 - 019717352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-01-15 23:16 - 2019-01-12 13:01 - 016993240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-01-15 23:16 - 2019-01-12 13:01 - 005003032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-01-15 23:16 - 2019-01-12 13:01 - 004260704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-01-15 23:16 - 2019-01-12 00:06 - 001682896 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2019-01-15 23:16 - 2019-01-12 00:06 - 000227896 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2019-01-15 23:16 - 2019-01-12 00:06 - 000048472 _____ C:\Windows\system32\nvinfo.pb
2019-01-15 23:16 - 2019-01-12 00:06 - 000047384 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2019-01-15 23:16 - 2018-10-04 08:28 - 000066792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2019-01-12 18:47 - 2019-01-12 18:47 - 000000000 ____D C:\Users\Public\Documents\Creative
2019-01-12 18:43 - 2019-01-12 18:54 - 000000000 ____D C:\Program Files (x86)\GIGABYTE
2019-01-12 18:43 - 2019-01-12 18:46 - 000000000 ____D C:\Users\GGPC\AppData\Local\Downloaded Installations
2019-01-12 18:43 - 2019-01-12 18:43 - 000032720 ____N (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\gdrv2.sys
2019-01-12 18:43 - 2019-01-12 18:43 - 000000000 ____D C:\Intel
2019-01-12 18:43 - 2015-06-02 10:50 - 000005120 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\acpimof_ocpanel.dll
2019-01-12 18:24 - 2019-01-01 22:47 - 000033504 _____ C:\Windows\system32\Drivers\AsIO2.sys
2019-01-12 18:24 - 2018-12-27 23:39 - 000100800 _____ C:\Windows\system32\AsIO2.dll
2019-01-12 18:24 - 2018-12-27 23:38 - 000084928 _____ C:\Windows\SysWOW64\AsIO2.dll
2019-01-12 18:24 - 2018-04-23 15:12 - 000019392 _____ C:\Windows\system32\Drivers\GLCKIO2.sys
2019-01-11 11:48 - 2019-01-11 11:48 - 000000000 ____D C:\Users\GGPC\Documents\KoeiTecmo
2019-01-09 19:55 - 2019-01-09 19:55 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2019-01-09 17:21 - 2019-01-02 02:47 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\windowslivelogin.dll
2019-01-09 17:21 - 2019-01-02 02:45 - 000714752 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2019-01-09 17:21 - 2019-01-02 02:45 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\wlidcredprov.dll
2019-01-09 17:21 - 2019-01-02 02:20 - 000165888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windowslivelogin.dll
2019-01-09 17:21 - 2019-01-02 02:18 - 000500736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2019-01-09 17:21 - 2019-01-02 02:17 - 000231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcredprov.dll
2019-01-09 17:21 - 2019-01-01 20:13 - 003292152 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2019-01-09 17:21 - 2019-01-01 20:13 - 001363536 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2019-01-09 17:21 - 2019-01-01 20:13 - 000709728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-01-09 17:21 - 2019-01-01 20:13 - 000436024 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-01-09 17:21 - 2019-01-01 20:13 - 000170808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-01-09 17:21 - 2019-01-01 20:12 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-01-09 17:21 - 2019-01-01 20:12 - 002421288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-01-09 17:21 - 2019-01-01 20:12 - 000128824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2019-01-09 17:21 - 2019-01-01 20:12 - 000043536 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2019-01-09 17:21 - 2019-01-01 19:50 - 022715392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-01-09 17:21 - 2019-01-01 19:48 - 000342528 _____ (Microsoft Corporation) C:\Windows\system32\browserexport.exe
2019-01-09 17:21 - 2019-01-01 19:48 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-01-09 17:21 - 2019-01-01 19:48 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\Print.Workflow.Source.dll
2019-01-09 17:21 - 2019-01-01 19:47 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2019-01-09 17:21 - 2019-01-01 19:46 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountTokenProvider.dll
2019-01-09 17:21 - 2019-01-01 19:46 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2019-01-09 17:21 - 2019-01-01 19:45 - 000352768 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-01-09 17:21 - 2019-01-01 19:44 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-01-09 17:21 - 2019-01-01 19:44 - 000662528 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2019-01-09 17:21 - 2019-01-01 19:44 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-09 17:21 - 2019-01-01 19:43 - 001805312 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-01-09 17:21 - 2019-01-01 19:42 - 002247680 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2019-01-09 17:21 - 2019-01-01 19:42 - 001371136 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2019-01-09 17:21 - 2019-01-01 19:42 - 000717312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2019-01-09 17:21 - 2019-01-01 19:41 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-01-09 17:21 - 2019-01-01 19:41 - 000899072 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-01-09 17:21 - 2019-01-01 19:41 - 000895488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-09 17:21 - 2019-01-01 19:37 - 002478664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2019-01-09 17:21 - 2019-01-01 19:37 - 001989040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-01-09 17:21 - 2019-01-01 19:37 - 000880048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2019-01-09 17:21 - 2019-01-01 19:37 - 000381240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-01-09 17:21 - 2019-01-01 19:22 - 019405312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-01-09 17:21 - 2019-01-01 19:17 - 000153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-09 17:21 - 2019-01-01 19:16 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2019-01-09 17:21 - 2019-01-01 19:15 - 000317440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2019-01-09 17:21 - 2019-01-01 19:14 - 000330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-09 17:21 - 2019-01-01 19:13 - 001628160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-01-09 17:21 - 2019-01-01 19:13 - 000594432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2019-01-09 17:21 - 2019-01-01 19:12 - 001036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2019-01-09 17:21 - 2019-01-01 19:12 - 000795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-09 17:21 - 2019-01-01 19:12 - 000778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-01-09 17:21 - 2019-01-01 19:12 - 000516608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll
2019-01-09 17:21 - 2018-12-19 17:49 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-01-09 17:19 - 2018-09-20 17:12 - 001483576 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2019-01-04 23:50 - 2019-01-04 23:50 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\MAXON
2019-01-04 11:54 - 2018-12-24 14:57 - 000035792 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
2019-01-01 23:40 - 2019-01-01 23:40 - 000000000 ____D C:\Users\GGPC\AppData\Local\Intel Telemetry
2019-01-01 23:40 - 2019-01-01 23:40 - 000000000 ____D C:\ProgramData\Intel Telemetry
2019-01-01 23:38 - 2019-01-01 23:38 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2019-01-01 23:38 - 2019-01-01 23:38 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-31 18:57 - 2018-12-27 19:12 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-01-31 18:57 - 2018-11-29 09:40 - 000000000 ____D C:\Users\GGPC\AppData\LocalLow\Mozilla
2019-01-31 18:53 - 2016-07-21 17:07 - 000000000 ____D C:\Users\GGPC\Documents\For External
2019-01-31 18:49 - 2018-11-29 10:19 - 000000000 ____D C:\Windows\Prey
2019-01-31 18:19 - 2018-04-12 12:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-31 18:18 - 2018-11-29 10:01 - 000007661 _____ C:\OOSU10.ini
2019-01-31 18:17 - 2018-07-23 14:08 - 000840440 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-31 18:17 - 2018-04-12 12:36 - 000000000 ____D C:\Windows\INF
2019-01-31 18:15 - 2018-07-24 06:12 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-31 18:14 - 2018-11-29 10:29 - 000000000 ____D C:\Program Files (x86)\Steam
2019-01-31 18:14 - 2018-07-24 06:19 - 000000000 ___RD C:\Users\GGPC\OneDrive
2019-01-31 18:13 - 2018-11-29 10:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-01-31 18:13 - 2018-07-23 14:02 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-31 18:13 - 2018-04-12 10:04 - 001048576 _____ C:\Windows\system32\config\BBI
2019-01-31 18:10 - 2018-11-29 09:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-01-31 17:56 - 2018-07-23 14:02 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-01-31 17:24 - 2018-11-29 10:04 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-01-31 16:47 - 2018-12-03 01:21 - 000000000 ____D C:\Users\rache.RIGGS\AppData\Local\Packages
2019-01-31 16:34 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\AppReadiness
2019-01-31 16:24 - 2018-12-03 01:23 - 000003358 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-688862063-2713704754-1743232380-1005
2019-01-31 16:24 - 2018-12-03 01:22 - 000000000 ___RD C:\Users\rache.RIGGS\OneDrive
2019-01-31 16:24 - 2018-12-03 01:21 - 000002417 _____ C:\Users\rache.RIGGS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-31 16:23 - 2018-04-12 12:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-31 13:52 - 2018-12-27 19:12 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-01-31 13:51 - 2018-12-27 19:10 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-01-31 13:36 - 2018-12-30 15:00 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2019-01-31 13:15 - 2018-11-29 10:09 - 000000000 ____D C:\Program Files\Common Files\AV
2019-01-31 11:28 - 2018-04-12 10:04 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-01-31 01:06 - 2018-11-29 10:45 - 000000000 ____D C:\Users\GGPC\AppData\Local\D3DSCache
2019-01-31 01:05 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\LiveKernelReports
2019-01-31 00:55 - 2018-12-19 23:18 - 000907040 _____ (O&O Software GmbH) C:\Shutup.exe
2019-01-31 00:01 - 2018-11-29 10:17 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2019-01-30 23:42 - 2018-12-20 09:29 - 000000000 ___HD C:\Users\GGPC\MicrosoftEdgeBackups
2019-01-30 23:05 - 2018-11-29 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamster Soft
2019-01-30 23:05 - 2018-11-29 11:03 - 000000000 ____D C:\Program Files (x86)\Hamster Soft
2019-01-30 23:01 - 2018-11-29 10:15 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\discord
2019-01-30 22:12 - 2018-04-12 12:38 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-01-30 21:41 - 2018-11-29 12:38 - 000000000 ____D C:\Users\rache
2019-01-30 19:46 - 2017-08-14 12:02 - 000000000 ____D C:\Users\GGPC\Documents\Budgeting and Goals
2019-01-30 19:46 - 2017-08-14 12:02 - 000000000 ____D C:\Users\GGPC\Documents\Board and Rent Payments
2019-01-30 19:42 - 2018-11-29 09:25 - 000003356 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-688862063-2713704754-1743232380-1002
2019-01-30 19:42 - 2018-07-24 06:17 - 000002396 _____ C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-30 19:40 - 2018-11-29 09:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-30 18:17 - 2018-07-24 06:00 - 000000000 ____D C:\ProgramData\Package Cache
2019-01-30 11:19 - 2018-12-03 10:42 - 000000000 ____D C:\Users\GGPC\AppData\Local\Battle.net
2019-01-30 10:33 - 2018-11-29 09:40 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-01-29 16:53 - 2018-11-29 10:17 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2019-01-28 14:27 - 2018-12-01 15:11 - 000000000 ____D C:\ProgramData\ProductData
2019-01-28 13:26 - 2016-05-02 23:25 - 000000000 ____D C:\Users\GGPC\Documents\Power Bill
2019-01-28 11:38 - 2017-08-14 12:02 - 000000000 ____D C:\Users\GGPC\Documents\Network Access
2019-01-26 23:46 - 2018-07-24 06:17 - 000000000 ____D C:\Users\GGPC
2019-01-26 22:39 - 2018-07-24 06:12 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-01-26 22:32 - 2018-12-14 09:39 - 000000000 ____D C:\Users\GGPC\AppData\Local\ElevatedDiagnostics
2019-01-26 12:57 - 2018-07-24 06:11 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-01-26 12:56 - 2018-07-24 06:18 - 000000000 ____D C:\Users\GGPC\AppData\Local\Packages
2019-01-26 12:56 - 2018-07-24 06:13 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000004106 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003976 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:10 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-01-26 12:12 - 2018-07-24 06:28 - 000000000 ____D C:\Program Files (x86)\Google
2019-01-24 12:57 - 2018-12-28 09:26 - 000000000 ____D C:\Program Files (x86)\EVGA
2019-01-24 12:54 - 2018-11-29 16:58 - 000000000 ____D C:\Users\GGPC\AppData\Local\CrashDumps
2019-01-24 11:54 - 2018-07-23 14:04 - 000000000 ____D C:\ProgramData\Packages
2019-01-23 14:52 - 2018-11-29 10:09 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-01-23 11:24 - 2018-07-24 06:19 - 000000000 ____D C:\Users\GGPC\AppData\Local\MicrosoftEdge
2019-01-22 16:32 - 2018-12-28 15:04 - 000000000 ____D C:\Users\GGPC\Downloads\Dekstop drivers
2019-01-22 16:06 - 2016-05-02 23:25 - 000000000 ____D C:\Users\GGPC\Documents\Phone Bill
2019-01-20 23:53 - 2018-12-01 15:09 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\IObit
2019-01-20 23:53 - 2018-12-01 15:09 - 000000000 ____D C:\ProgramData\IObit
2019-01-20 23:26 - 2018-12-01 15:11 - 000001424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2019-01-20 23:26 - 2018-12-01 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2019-01-19 16:59 - 2018-07-24 06:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-01-18 18:04 - 2018-07-24 06:18 - 000000000 ____D C:\Users\GGPC\AppData\Local\VirtualStore
2019-01-18 13:56 - 2018-11-29 09:27 - 000000000 ____D C:\Program Files\rempl
2019-01-18 13:36 - 2018-07-24 06:00 - 000000000 ____D C:\Program Files (x86)\Intel
2019-01-17 18:16 - 2018-11-29 09:40 - 000000000 ____D C:\Users\GGPC\AppData\Local\NVIDIA
2019-01-17 16:14 - 2018-11-29 10:29 - 000000000 ____D C:\Program Files\Microsoft Office
2019-01-17 10:29 - 2018-11-29 18:20 - 000003834 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-01-17 08:57 - 2018-11-29 15:21 - 000003762 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-01-17 08:57 - 2018-11-29 15:21 - 000003528 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-01-17 00:13 - 2018-07-24 06:13 - 002938576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2019-01-17 00:13 - 2018-07-24 06:13 - 002326736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2019-01-17 00:13 - 2018-07-24 06:13 - 001323216 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2019-01-16 21:32 - 2018-11-29 10:15 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-01-16 21:32 - 2018-11-29 10:15 - 000000000 ____D C:\Users\GGPC\AppData\Local\Discord
2019-01-16 21:30 - 2018-12-20 14:15 - 000000000 ____D C:\Users\GGPC\AppData\Local\Warframe
2019-01-16 20:51 - 2018-07-23 14:02 - 000412208 _____ C:\Windows\system32\FNTCACHE.DAT
2019-01-16 14:48 - 2018-12-25 11:05 - 000000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ___SD C:\Windows\SysWOW64\F12
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ___SD C:\Windows\system32\F12
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\TextInput
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\ShellExperiences
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\bcastdvr
2019-01-16 09:46 - 2018-04-12 12:30 - 000000000 ____D C:\Windows\CbsTemp
2019-01-16 00:13 - 2018-07-24 06:13 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2019-01-15 23:18 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\Help
2019-01-13 15:05 - 2018-04-12 12:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-01-12 18:54 - 2018-07-24 06:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-11 11:44 - 2018-11-29 11:10 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-01-09 23:37 - 2018-11-29 10:17 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\GlarySoft
2019-01-09 19:56 - 2018-11-29 13:50 - 000004566 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-09 19:56 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-01-09 19:56 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\system32\Macromed
2019-01-09 19:55 - 2018-11-29 10:04 - 000000000 ____D C:\Program Files\Wireshark
2019-01-09 17:24 - 2018-11-29 09:29 - 000000000 ____D C:\Windows\system32\MRT
2019-01-09 17:23 - 2018-11-29 09:29 - 132790320 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-08 22:37 - 2018-12-06 14:09 - 000000000 ____D C:\Users\GGPC\Heaven
2019-01-08 22:04 - 2018-12-06 14:08 - 001065984 _____ C:\Users\GGPC\AppData\Local\file__0.localstorage
2019-01-04 13:53 - 2018-11-29 10:34 - 000000000 ____D C:\ProgramData\HP
2019-01-04 12:27 - 2018-11-29 11:09 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-04 11:54 - 2018-04-12 10:04 - 100139008 _____ C:\Windows\system32\config\SOFTWARE.gu.bak
2019-01-04 11:54 - 2018-04-12 10:04 - 021233664 _____ C:\Windows\system32\config\SYSTEM.gu.bak
2019-01-04 11:54 - 2018-04-12 10:04 - 001048576 _____ C:\Windows\system32\config\DEFAULT.gu.bak
2019-01-04 11:54 - 2018-04-12 10:04 - 000131072 _____ C:\Windows\system32\config\SAM.gu.bak
2019-01-04 11:54 - 2018-04-12 10:04 - 000065536 _____ C:\Windows\system32\config\SECURITY.gu.bak
2019-01-03 17:49 - 2018-12-03 00:53 - 000000000 ____D C:\Users\GGPC\AppData\Local\Ubisoft Game Launcher
2019-01-03 08:41 - 2018-04-12 12:41 - 000835480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-01-03 08:41 - 2018-04-12 12:41 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-01 23:44 - 2018-12-18 10:02 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-01-01 23:39 - 2018-07-24 06:00 - 000000000 ____D C:\ProgramData\Intel
2019-01-01 13:15 - 2018-12-01 01:07 - 000007601 _____ C:\Users\GGPC\AppData\Local\resmon.resmoncfg

==================== Files in the root of some directories =======

2018-12-06 14:08 - 2019-01-08 22:04 - 001065984 _____ () C:\Users\GGPC\AppData\Local\file__0.localstorage
2018-12-01 01:07 - 2019-01-01 13:15 - 000007601 _____ () C:\Users\GGPC\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-23 14:02

==================== End of FRST.txt ============================


  • 0

#10
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 419 posts
Hi,

We'll remove the group policy restrictions and some remnants of Hamster Zip.

Press the Windows Key + R. This will open the Run box.
Type Notepad and click OK.

Copy the contents of the below code box to the new file:
 
Start

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-688862063-2713704754-1743232380-1002\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

2019-01-30 23:05 - 2018-11-29 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamster Soft
2019-01-30 23:05 - 2018-11-29 11:03 - 000000000 ____D C:\Program Files (x86)\Hamster Soft

End
Click on File > Save as. Save the file as fixlist.txt to the same location as FRST. (your Desktop)
Open FRST and click on Fix.
When the fix is complete the tool will create a log in the same directory as FRST. (Fixlog.txt) Please post the log in your next reply.

Thanks.
  • 0

Advertisements


#11
KiwiProbie

KiwiProbie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts

Ok will do this now and then I will post a new scan.


  • 0

#12
KiwiProbie

KiwiProbie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30.01.2019
Ran by Tony (administrator) on ZAKELA (01-02-2019 09:25:21)
Running from C:\Users\GGPC\Desktop
Loaded Profiles: Tony & rache (Available Profiles: Tony & rache)
Platform: Windows 10 Home Version 1803 17134.556 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Prey, Inc.) C:\Windows\Prey\wpxsvc.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Novawave Inc.) C:\Program Files\Novawave\Novabench\NovabenchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Node.js) C:\Windows\Prey\versions\1.8.2\bin\node.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.8.2\node_modules\os-triggers\bin\lightevt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Caphyon LTD) C:\Windows\Installer\MSIC1AB.tmp
(NZXT) C:\Program Files (x86)\NZXT\CAM\Launcher\CAM.exe
(NZXT) C:\Program Files (x86)\NZXT\CAM\Launcher\CAM.exe
() C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe
(NZXT) C:\Program Files (x86)\NZXT\CAM\Launcher\CAM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-11-09] (Realtek Semiconductor)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [5126944 2018-11-30] (O&O Software GmbH)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [319520 2018-12-06] (Intel Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [126200 2019-01-28] (Intel)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Run: [Discord] => C:\Users\GGPC\AppData\Local\Discord\app-0.0.304\Discord.exe [81747288 2019-01-15] (Discord Inc.)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2019-01-25] (Glarysoft Ltd)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3133216 2019-01-05] (Valve Corporation)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (HP Inc.)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Run: [CAM] => C:\Program Files (x86)\NZXT\CAM\Launcher\CAM.exe [67662960 2019-01-31] (NZXT)
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [217088 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-688862063-2713704754-1743232380-1005\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\rache.RIGGS\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-688862063-2713704754-1743232380-1005\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\rache.RIGGS\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-688862063-2713704754-1743232380-1005\...\RunOnce: [Uninstall 18.222.1104.0007\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rache.RIGGS\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64"
HKU\S-1-5-21-688862063-2713704754-1743232380-1005\...\RunOnce: [Uninstall 18.222.1104.0007] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rache.RIGGS\AppData\Local\Microsoft\OneDrive\18.222.1104.0007"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2019-01-30]
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{7C4D55AF-37B4-4D85-9106-CF473CEC9BE6}\app_icon.exe ()
Startup: C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greetings.vbs [2018-05-30] ()
Startup: C:\Users\rache.RIGGS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greetings.vbs [2018-12-03] ()
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.0    incoming.telemetry.mozilla.org
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9c332f83-344e-4139-aefc-9d7d7f66a947}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{ab82696e-f51d-4413-a96c-f4da4d001a9e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b946f319-c774-4c65-a16b-0b261cf9cda8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c644551a-f22e-4b26-b9ad-223dfde4ce8e}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-688862063-2713704754-1743232380-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-11-29] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-17] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-17] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-17] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-688862063-2713704754-1743232380-1002 -> hxxp://www.facebook.com/

FireFox:
========
FF DefaultProfile: gekoak68.default-1543477652566
FF ProfilePath: C:\Users\GGPC\AppData\Roaming\Mozilla\Firefox\Profiles\gekoak68.default-1543477652566 [2019-02-01]
FF Homepage: Mozilla\Firefox\Profiles\gekoak68.default-1543477652566 -> hxxps://www.facebook.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\gekoak68.default-1543477652566 -> type", 0
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\GGPC\AppData\Roaming\Mozilla\Firefox\Profiles\gekoak68.default-1543477652566\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-01-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-01-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-29] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-09] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-11-29] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-05] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-01-31] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-01-31] <==== ATTENTION

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7206312 2018-12-02] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619816 2019-01-04] (Microsoft Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [6886472 2018-11-29] (Prey, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23288 2019-01-28] (Intel)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17440 2018-12-06] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-16] (Intel® Corporation)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [505856 2018-01-22] (Intel Corporation) [File not signed]
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-16] (Intel® Corporation)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [153360 2018-09-25] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [214672 2018-01-31] (Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe [414352 2019-01-30] (AO Kaspersky Lab)
S3 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
R2 NovabenchService; C:\Program Files\Novawave\Novabench\NovabenchService.exe [330288 2018-10-06] (Novawave Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790736 2019-01-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790736 2019-01-17] (NVIDIA Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1721632 2018-11-30] (O&O Software GmbH)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] ()
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [195832 2018-12-19] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-17] (TeamViewer GmbH)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-27] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-27] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [18264 2017-09-27] (Intel® Corporation)
S4 asComSvc; "C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33504 2019-01-01] ()
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
R3 cpuz147; C:\Windows\temp\cpuz147\cpuz147_x64.sys [53848 2019-02-01] (CPUID)
R3 cpuz148; C:\Windows\temp\cpuz148\cpuz148_x64.sys [44648 2019-02-01] (CPUID)
S3 gdrv2; C:\Windows\gdrv2.sys [32720 2019-01-12] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [19392 2018-04-23] ()
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2018-11-29] (Glarysoft Ltd)
R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO64A.SYS [65320 2018-12-25] (REALiX™)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [123544 2017-10-15] (Intel Corporation)
R0 iaStorAC; C:\Windows\System32\drivers\iaStorAC.sys [1094792 2018-12-06] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [38424 2017-09-15] (Intel Corporation)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37184 2018-10-16] (IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [43392 2018-10-16] (IObit)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [73416 2018-12-05] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [123152 2018-12-05] (AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [89168 2018-12-05] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [219744 2019-01-30] (AO Kaspersky Lab)
R1 KLHK; C:\Windows\System32\drivers\klhk.sys [1214752 2019-01-30] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [190784 2019-01-30] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1113696 2019-01-30] (AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [45768 2018-12-05] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [48080 2018-02-12] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [238528 2019-01-30] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [100136 2019-01-30] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [289856 2019-01-30] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [110640 2019-01-30] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [193168 2019-01-30] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [176976 2018-12-05] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
R3 NovabenchDriver; C:\Program Files\Novawave\Novabench\NovabenchDriverWin10.sys [28216 2018-03-28] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5db32447b43ce666\nvlddmkm.sys [20461984 2019-01-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-02] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2018-10-04] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [6831056 2017-06-20] (Realtek Semiconductor Corporation )
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [43008 2018-12-19] ()
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46680 2018-12-27] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [330936 2018-12-27] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-27] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Program Files (x86)\NZXT\CAM\OpenHardwareMonitorLib.sys [14544 2019-02-01] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-01 09:25 - 2019-02-01 09:25 - 000021910 _____ C:\Users\GGPC\Desktop\FRST.txt
2019-02-01 09:24 - 2019-02-01 09:24 - 006132216 _____ (Microsoft Corporation) C:\Users\GGPC\Downloads\Windows10Upgrade9252.exe
2019-02-01 09:24 - 2019-02-01 09:24 - 000001205 _____ C:\Users\GGPC\Desktop\Fixlog.txt
2019-02-01 09:17 - 2019-02-01 09:17 - 000003346 _____ C:\Windows\System32\Tasks\CAM.Desktop
2019-02-01 09:17 - 2019-02-01 09:17 - 000001184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAM.lnk
2019-02-01 09:17 - 2019-02-01 09:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAM
2019-02-01 09:15 - 2019-02-01 09:15 - 000000000 ___HD C:\OneDriveTemp
2019-01-31 21:55 - 2019-01-31 21:55 - 000000000 ____D C:\Users\GGPC\AppData\Local\Apps\2.0
2019-01-31 13:52 - 2019-01-31 13:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2019-01-31 10:17 - 2019-01-31 10:17 - 000003392 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2019-01-31 10:16 - 2019-01-31 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2019-01-31 00:55 - 2019-01-31 00:55 - 000907040 _____ (O&O Software GmbH) C:\Users\GGPC\Downloads\Shutup.exe
2019-01-31 00:04 - 2019-01-31 00:04 - 000000000 ____D C:\ProgramData\GlarySoft
2019-01-30 23:56 - 2019-02-01 09:25 - 000000000 ____D C:\FRST
2019-01-30 23:55 - 2019-01-31 13:20 - 002428928 _____ (Farbar) C:\Users\GGPC\Desktop\FRST64.exe
2019-01-30 23:47 - 2019-01-31 13:37 - 000650088 _____ C:\Windows\ntbtlog.txt
2019-01-30 23:14 - 2019-01-30 23:15 - 000000000 ____D C:\ProgramData\Novabench
2019-01-30 23:14 - 2019-01-30 23:14 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novabench.lnk
2019-01-30 23:14 - 2019-01-30 23:14 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Novabench
2019-01-30 23:14 - 2019-01-30 23:14 - 000000000 ____D C:\Users\GGPC\AppData\Local\Novabench
2019-01-30 23:14 - 2019-01-30 23:14 - 000000000 ____D C:\Program Files\Novawave
2019-01-30 23:13 - 2019-01-30 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-01-30 23:13 - 2019-01-30 23:13 - 000000000 ____D C:\Program Files\7-Zip
2019-01-30 23:10 - 2019-01-31 01:02 - 000162708 _____ C:\Windows\system32\oodbs.lor
2019-01-30 23:07 - 2019-01-30 23:07 - 097783808 _____ C:\Users\GGPC\Downloads\Novabench.msi
2019-01-30 23:05 - 2019-01-30 23:05 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Opera Software
2019-01-30 23:03 - 2019-01-30 23:03 - 001443680 _____ (Igor Pavlov) C:\Users\GGPC\Downloads\7-Zip.exe
2019-01-30 22:27 - 2019-01-30 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
2019-01-30 22:27 - 2019-01-30 22:27 - 000000000 ____D C:\Program Files\OO Software
2019-01-30 22:17 - 2019-01-30 22:17 - 000289856 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2019-01-30 22:13 - 2019-01-30 22:13 - 000238528 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2019-01-30 22:13 - 2019-01-30 22:13 - 000193168 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2019-01-30 22:13 - 2019-01-30 22:13 - 000110640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2019-01-30 22:13 - 2019-01-30 22:13 - 000100136 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys
2019-01-30 22:13 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2019-01-30 22:12 - 2019-01-30 22:12 - 001214752 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2019-01-30 22:12 - 2019-01-30 22:12 - 001113696 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2019-01-30 22:12 - 2019-01-30 22:12 - 000219744 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2019-01-30 22:12 - 2019-01-30 22:12 - 000152960 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll
2019-01-30 22:10 - 2019-01-30 22:10 - 002536320 _____ (Kaspersky Lab) C:\Users\GGPC\Downloads\KAF.exe
2019-01-30 18:16 - 2019-01-30 18:16 - 015341312 _____ (Intel) C:\Users\GGPC\Downloads\Intel Driver and Support Assistant Installer.exe
2019-01-30 10:33 - 2019-01-30 10:33 - 000000000 ____D C:\ProgramData\Mozilla
2019-01-29 22:22 - 2019-01-31 21:43 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Spotify
2019-01-29 22:22 - 2019-01-31 21:43 - 000000000 ____D C:\Users\GGPC\AppData\Local\Spotify
2019-01-29 22:22 - 2019-01-29 22:22 - 000001867 _____ C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2019-01-29 22:21 - 2019-01-29 22:21 - 000742728 _____ (Spotify Ltd) C:\Users\GGPC\Downloads\Spotify.exe
2019-01-28 10:23 - 2019-01-28 10:23 - 001817208 _____ (CPUID, Inc. ) C:\Users\GGPC\Downloads\CPU-Z.exe
2019-01-28 10:23 - 2019-01-28 10:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2019-01-28 10:23 - 2019-01-28 10:23 - 000000000 ____D C:\Program Files\CPUID
2019-01-26 17:47 - 2019-01-26 17:53 - 000000000 ____D C:\Users\GGPC\Documents\Rise of the Tomb Raider
2019-01-26 13:38 - 2019-01-30 19:51 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2019-01-26 13:38 - 2019-01-30 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2019-01-26 11:48 - 2019-01-26 11:48 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Google
2019-01-26 11:42 - 2019-01-30 23:05 - 000000000 ____D C:\Users\GGPC\AppData\Local\Google
2019-01-24 12:52 - 2019-01-24 12:52 - 000000000 ____D C:\Users\GGPC\AppData\Local\EVGA_Co.,_Ltd
2019-01-24 12:51 - 2019-01-24 12:56 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA
2019-01-24 12:51 - 2019-01-24 12:56 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\EVGA
2019-01-24 12:51 - 2019-01-24 12:51 - 000000000 ____D C:\Program Files\EVGA
2019-01-24 10:17 - 2019-01-29 16:52 - 017558880 _____ (Glarysoft Ltd) C:\Users\GGPC\Downloads\Glary Utilities.exe
2019-01-20 23:43 - 2019-01-20 23:53 - 000000000 ____D C:\AdwCleaner
2019-01-20 23:42 - 2019-01-31 19:10 - 007316688 _____ (Malwarebytes) C:\Users\GGPC\Downloads\Adwcleaner.exe
2019-01-20 23:32 - 2019-01-20 23:33 - 000332221 _____ C:\Windows\system32\log.csv
2019-01-20 23:28 - 2019-01-20 23:28 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled
2019-01-18 17:53 - 2019-01-18 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2019-01-18 17:53 - 2019-01-18 17:53 - 000000000 ____D C:\Program Files (x86)\Geeks3D
2019-01-18 13:36 - 2019-02-01 09:17 - 000308736 _____ C:\Windows\SysWOW64\NVAPIHelper.dll
2019-01-18 13:36 - 2019-02-01 09:17 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\CAM
2019-01-18 13:36 - 2019-01-18 13:36 - 000000000 ____D C:\Program Files (x86)\NZXT
2019-01-18 13:35 - 2019-02-01 09:17 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\NZXT
2019-01-18 10:38 - 2019-01-18 10:44 - 000000000 ____D C:\Users\GGPC\Superposition
2019-01-18 10:38 - 2019-01-18 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
2019-01-18 10:37 - 2019-01-18 10:37 - 000000000 ____D C:\Program Files\Unigine
2019-01-17 08:57 - 2019-01-17 08:57 - 000002678 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2019-01-16 09:44 - 2019-01-10 07:08 - 000309560 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-01-16 09:44 - 2019-01-10 06:57 - 004527584 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-01-16 09:44 - 2019-01-10 06:57 - 000720536 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-01-16 09:44 - 2019-01-10 06:42 - 004716032 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2019-01-16 09:44 - 2019-01-10 06:41 - 012730368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-01-16 09:44 - 2019-01-10 06:41 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2019-01-16 09:44 - 2019-01-10 06:40 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2019-01-16 09:44 - 2019-01-10 06:36 - 003649024 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-01-16 09:44 - 2019-01-10 06:36 - 001054720 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2019-01-16 09:44 - 2019-01-10 06:35 - 002919936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2019-01-16 09:44 - 2019-01-10 06:35 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-01-16 09:44 - 2019-01-10 03:50 - 001008640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MixedRealityCapture.dll
2019-01-16 09:44 - 2019-01-09 23:14 - 000607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-01-16 09:44 - 2019-01-09 22:55 - 011919872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-01-16 09:44 - 2019-01-09 22:55 - 000150016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2019-01-16 09:44 - 2019-01-09 22:51 - 002891776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-01-16 09:44 - 2019-01-09 21:55 - 001285432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2019-01-16 09:44 - 2019-01-09 21:50 - 000134968 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-01-16 09:44 - 2019-01-09 21:48 - 000527368 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-01-16 09:44 - 2019-01-09 21:46 - 001457240 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-01-16 09:44 - 2019-01-09 21:46 - 001257880 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-01-16 09:44 - 2019-01-09 21:44 - 009084216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-01-16 09:44 - 2019-01-09 21:24 - 025855488 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-01-16 09:44 - 2019-01-09 21:11 - 007573504 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-01-16 09:44 - 2019-01-09 21:06 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-01-16 09:44 - 2019-01-09 20:03 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-01-16 09:44 - 2019-01-09 18:59 - 000611848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2019-01-16 09:44 - 2019-01-09 18:44 - 000078688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wldp.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 006567768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 006043496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 004789944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 002253480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 001981280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 001620264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 001130568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000607376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000581592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000287640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000129088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000127744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
2019-01-16 09:44 - 2019-01-09 18:43 - 000071456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2019-01-16 09:44 - 2019-01-09 18:42 - 001035232 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-01-16 09:44 - 2019-01-09 18:42 - 000092704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2019-01-16 09:44 - 2019-01-09 18:41 - 001140680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-01-16 09:44 - 2019-01-09 18:41 - 000983120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-01-16 09:44 - 2019-01-09 18:41 - 000076296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-01-16 09:44 - 2019-01-09 18:40 - 002765336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-01-16 09:44 - 2019-01-09 18:40 - 001221432 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-01-16 09:44 - 2019-01-09 18:40 - 001063224 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2019-01-16 09:44 - 2019-01-09 18:40 - 001029944 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-01-16 09:44 - 2019-01-09 18:40 - 000566568 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-01-16 09:44 - 2019-01-09 18:40 - 000432952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-01-16 09:44 - 2019-01-09 18:40 - 000226104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-01-16 09:44 - 2019-01-09 18:40 - 000090872 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 007519888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 007436016 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 004404720 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 002571632 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 001943128 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 001098056 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000789696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000713264 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000349656 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000269624 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000260800 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000175416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spacedump.sys
2019-01-16 09:44 - 2019-01-09 18:39 - 000164192 _____ (Microsoft Corporation) C:\Windows\system32\rmclient.dll
2019-01-16 09:44 - 2019-01-09 18:39 - 000144072 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-01-16 09:44 - 2019-01-09 18:39 - 000085472 _____ (Microsoft Corporation) C:\Windows\system32\svchost.exe
2019-01-16 09:44 - 2019-01-09 18:34 - 022016512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-01-16 09:44 - 2019-01-09 18:33 - 016597504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-01-16 09:44 - 2019-01-09 18:32 - 013878272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-01-16 09:44 - 2019-01-09 18:29 - 008188928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2019-01-16 09:44 - 2019-01-09 18:29 - 002500096 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe
2019-01-16 09:44 - 2019-01-09 18:27 - 004710912 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2019-01-16 09:44 - 2019-01-09 18:27 - 004384256 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-01-16 09:44 - 2019-01-09 18:27 - 001587712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2019-01-16 09:44 - 2019-01-09 18:26 - 006661632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2019-01-16 09:44 - 2019-01-09 18:26 - 003396608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-01-16 09:44 - 2019-01-09 18:26 - 002966016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2019-01-16 09:44 - 2019-01-09 18:25 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\spacebridge.dll
2019-01-16 09:44 - 2019-01-09 18:24 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2019-01-16 09:44 - 2019-01-09 18:24 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_CapabilityAccess.dll
2019-01-16 09:44 - 2019-01-09 18:24 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spacebridge.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 005775872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 005307392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 002368000 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 001189888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\srpapi.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManagerClient.dll
2019-01-16 09:44 - 2019-01-09 18:23 - 000067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CapabilityAccessManagerClient.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 001551360 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 001395200 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000808448 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000624640 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicSvc.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManager.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000138752 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-16 09:44 - 2019-01-09 18:22 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srpapi.dll
2019-01-16 09:44 - 2019-01-09 18:21 - 002173440 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-01-16 09:44 - 2019-01-09 18:21 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-01-16 09:44 - 2019-01-09 18:21 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\smartscreenps.dll
2019-01-16 09:44 - 2019-01-09 18:21 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 004940288 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 004516352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 001000448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 000916480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-01-16 09:44 - 2019-01-09 18:20 - 000135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smartscreenps.dll
2019-01-16 09:44 - 2019-01-09 18:19 - 000883712 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2019-01-16 09:44 - 2019-01-09 18:19 - 000678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-01-16 09:44 - 2019-01-09 18:19 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2019-01-16 09:44 - 2019-01-09 18:19 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2019-01-16 09:44 - 2019-01-09 18:19 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2019-01-16 09:44 - 2019-01-09 18:18 - 000195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2019-01-16 09:44 - 2019-01-09 17:34 - 000806320 _____ C:\Windows\SysWOW64\locale.nls
2019-01-16 09:44 - 2019-01-09 17:34 - 000806320 _____ C:\Windows\system32\locale.nls
2019-01-16 09:44 - 2019-01-09 17:34 - 000001310 _____ C:\Windows\system32\tcbres.wim
2019-01-15 23:18 - 2019-01-15 23:18 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-01-15 23:18 - 2019-01-11 22:22 - 005363000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 002623880 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 001767464 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 000650608 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 000451056 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 000125320 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-01-15 23:18 - 2019-01-11 22:22 - 000083336 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-01-15 23:18 - 2019-01-10 02:45 - 008472342 _____ C:\Windows\system32\nvcoproc.bin
2019-01-15 23:18 - 2018-11-21 18:13 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-01-15 23:16 - 2019-01-12 17:05 - 000978336 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000978336 _____ C:\Windows\system32\vulkan-1.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000845216 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000845216 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000552536 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000456848 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-01-15 23:16 - 2019-01-12 17:05 - 000268192 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-01-15 23:16 - 2019-01-12 17:05 - 000268192 _____ C:\Windows\system32\vulkaninfo.exe
2019-01-15 23:16 - 2019-01-12 17:05 - 000243616 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-01-15 23:16 - 2019-01-12 17:05 - 000243616 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-01-15 23:16 - 2019-01-12 17:04 - 004946232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 004316304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 002018392 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6441771.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 002003600 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 001512352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 001467864 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6441771.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 001461152 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 001126544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 000750520 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 000631896 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 000609368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2019-01-15 23:16 - 2019-01-12 17:04 - 000521688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-01-15 23:16 - 2019-01-12 17:03 - 040262912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-01-15 23:16 - 2019-01-12 17:03 - 035158736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-01-15 23:16 - 2019-01-12 13:03 - 015911384 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 013205768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 001471424 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 001462024 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 001167584 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 001151984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 001145536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 000914400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 000822392 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 000794448 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-01-15 23:16 - 2019-01-12 13:02 - 000637664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-01-15 23:16 - 2019-01-12 13:01 - 019717352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-01-15 23:16 - 2019-01-12 13:01 - 016993240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-01-15 23:16 - 2019-01-12 13:01 - 005003032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-01-15 23:16 - 2019-01-12 13:01 - 004260704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-01-15 23:16 - 2019-01-12 00:06 - 001682896 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2019-01-15 23:16 - 2019-01-12 00:06 - 000227896 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2019-01-15 23:16 - 2019-01-12 00:06 - 000048472 _____ C:\Windows\system32\nvinfo.pb
2019-01-15 23:16 - 2019-01-12 00:06 - 000047384 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2019-01-15 23:16 - 2018-10-04 08:28 - 000066792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2019-01-12 18:47 - 2019-01-12 18:47 - 000000000 ____D C:\Users\Public\Documents\Creative
2019-01-12 18:43 - 2019-01-12 18:54 - 000000000 ____D C:\Program Files (x86)\GIGABYTE
2019-01-12 18:43 - 2019-01-12 18:46 - 000000000 ____D C:\Users\GGPC\AppData\Local\Downloaded Installations
2019-01-12 18:43 - 2019-01-12 18:43 - 000032720 ____N (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\gdrv2.sys
2019-01-12 18:43 - 2019-01-12 18:43 - 000000000 ____D C:\Intel
2019-01-12 18:43 - 2015-06-02 10:50 - 000005120 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\acpimof_ocpanel.dll
2019-01-12 18:24 - 2019-01-01 22:47 - 000033504 _____ C:\Windows\system32\Drivers\AsIO2.sys
2019-01-12 18:24 - 2018-12-27 23:39 - 000100800 _____ C:\Windows\system32\AsIO2.dll
2019-01-12 18:24 - 2018-12-27 23:38 - 000084928 _____ C:\Windows\SysWOW64\AsIO2.dll
2019-01-12 18:24 - 2018-04-23 15:12 - 000019392 _____ C:\Windows\system32\Drivers\GLCKIO2.sys
2019-01-11 11:48 - 2019-01-11 11:48 - 000000000 ____D C:\Users\GGPC\Documents\KoeiTecmo
2019-01-09 19:55 - 2019-01-09 19:55 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2019-01-09 17:21 - 2019-01-02 02:47 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\windowslivelogin.dll
2019-01-09 17:21 - 2019-01-02 02:45 - 000714752 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2019-01-09 17:21 - 2019-01-02 02:45 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\wlidcredprov.dll
2019-01-09 17:21 - 2019-01-02 02:20 - 000165888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windowslivelogin.dll
2019-01-09 17:21 - 2019-01-02 02:18 - 000500736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2019-01-09 17:21 - 2019-01-02 02:17 - 000231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcredprov.dll
2019-01-09 17:21 - 2019-01-01 20:13 - 003292152 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2019-01-09 17:21 - 2019-01-01 20:13 - 001363536 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2019-01-09 17:21 - 2019-01-01 20:13 - 000709728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-01-09 17:21 - 2019-01-01 20:13 - 000436024 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-01-09 17:21 - 2019-01-01 20:13 - 000170808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-01-09 17:21 - 2019-01-01 20:12 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-01-09 17:21 - 2019-01-01 20:12 - 002421288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-01-09 17:21 - 2019-01-01 20:12 - 000128824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2019-01-09 17:21 - 2019-01-01 20:12 - 000043536 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2019-01-09 17:21 - 2019-01-01 19:50 - 022715392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-01-09 17:21 - 2019-01-01 19:48 - 000342528 _____ (Microsoft Corporation) C:\Windows\system32\browserexport.exe
2019-01-09 17:21 - 2019-01-01 19:48 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-01-09 17:21 - 2019-01-01 19:48 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\Print.Workflow.Source.dll
2019-01-09 17:21 - 2019-01-01 19:47 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2019-01-09 17:21 - 2019-01-01 19:46 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountTokenProvider.dll
2019-01-09 17:21 - 2019-01-01 19:46 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2019-01-09 17:21 - 2019-01-01 19:45 - 000352768 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-01-09 17:21 - 2019-01-01 19:44 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-01-09 17:21 - 2019-01-01 19:44 - 000662528 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2019-01-09 17:21 - 2019-01-01 19:44 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-09 17:21 - 2019-01-01 19:43 - 001805312 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-01-09 17:21 - 2019-01-01 19:42 - 002247680 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2019-01-09 17:21 - 2019-01-01 19:42 - 001371136 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2019-01-09 17:21 - 2019-01-01 19:42 - 000717312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2019-01-09 17:21 - 2019-01-01 19:41 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-01-09 17:21 - 2019-01-01 19:41 - 000899072 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-01-09 17:21 - 2019-01-01 19:41 - 000895488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-09 17:21 - 2019-01-01 19:37 - 002478664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2019-01-09 17:21 - 2019-01-01 19:37 - 001989040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-01-09 17:21 - 2019-01-01 19:37 - 000880048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2019-01-09 17:21 - 2019-01-01 19:37 - 000381240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-01-09 17:21 - 2019-01-01 19:22 - 019405312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-01-09 17:21 - 2019-01-01 19:17 - 000153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-09 17:21 - 2019-01-01 19:16 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2019-01-09 17:21 - 2019-01-01 19:15 - 000317440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2019-01-09 17:21 - 2019-01-01 19:14 - 000330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-09 17:21 - 2019-01-01 19:13 - 001628160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-01-09 17:21 - 2019-01-01 19:13 - 000594432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2019-01-09 17:21 - 2019-01-01 19:12 - 001036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2019-01-09 17:21 - 2019-01-01 19:12 - 000795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-09 17:21 - 2019-01-01 19:12 - 000778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-01-09 17:21 - 2019-01-01 19:12 - 000516608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll
2019-01-09 17:21 - 2018-12-19 17:49 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-01-09 17:19 - 2018-09-20 17:12 - 001483576 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2019-01-04 23:50 - 2019-01-04 23:50 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\MAXON
2019-01-04 11:54 - 2018-12-24 14:57 - 000035792 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-01 09:24 - 2018-11-29 09:40 - 000000000 ____D C:\Users\GGPC\AppData\LocalLow\Mozilla
2019-02-01 09:18 - 2018-07-23 14:08 - 000840440 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-01 09:18 - 2018-04-12 12:36 - 000000000 ____D C:\Windows\INF
2019-02-01 09:17 - 2018-11-29 10:29 - 000000000 ____D C:\Program Files (x86)\Steam
2019-02-01 09:17 - 2018-07-24 06:12 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-01 09:17 - 2018-04-12 12:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-01 09:15 - 2018-12-27 19:12 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-02-01 09:15 - 2018-07-24 06:19 - 000000000 ___RD C:\Users\GGPC\OneDrive
2019-02-01 09:14 - 2018-11-29 10:19 - 000000000 ____D C:\Windows\Prey
2019-02-01 09:14 - 2018-11-29 10:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-02-01 09:14 - 2018-07-23 14:02 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-31 23:42 - 2018-04-12 10:04 - 001048576 _____ C:\Windows\system32\config\BBI
2019-01-31 22:08 - 2018-12-20 09:29 - 000000000 ___HD C:\Users\GGPC\MicrosoftEdgeBackups
2019-01-31 21:26 - 2018-07-23 14:02 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-01-31 19:09 - 2018-11-29 10:15 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\discord
2019-01-31 19:01 - 2018-11-29 10:17 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2019-01-31 18:53 - 2016-07-21 17:07 - 000000000 ____D C:\Users\GGPC\Documents\For External
2019-01-31 18:18 - 2018-11-29 10:01 - 000007661 _____ C:\OOSU10.ini
2019-01-31 18:10 - 2018-11-29 09:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-01-31 17:24 - 2018-11-29 10:04 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-01-31 16:47 - 2018-12-03 01:21 - 000000000 ____D C:\Users\rache.RIGGS\AppData\Local\Packages
2019-01-31 16:34 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\AppReadiness
2019-01-31 16:24 - 2018-12-03 01:23 - 000003358 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-688862063-2713704754-1743232380-1005
2019-01-31 16:24 - 2018-12-03 01:22 - 000000000 ___RD C:\Users\rache.RIGGS\OneDrive
2019-01-31 16:24 - 2018-12-03 01:21 - 000002417 _____ C:\Users\rache.RIGGS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-31 16:23 - 2018-04-12 12:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-31 13:52 - 2018-12-27 19:12 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-01-31 13:51 - 2018-12-27 19:10 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-01-31 13:36 - 2018-12-30 15:00 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2019-01-31 13:15 - 2018-11-29 10:09 - 000000000 ____D C:\Program Files\Common Files\AV
2019-01-31 11:28 - 2018-04-12 10:04 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-01-31 01:06 - 2018-11-29 10:45 - 000000000 ____D C:\Users\GGPC\AppData\Local\D3DSCache
2019-01-31 01:05 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\LiveKernelReports
2019-01-31 00:55 - 2018-12-19 23:18 - 000907040 _____ (O&O Software GmbH) C:\Shutup.exe
2019-01-30 22:12 - 2018-04-12 12:38 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-01-30 21:41 - 2018-11-29 12:38 - 000000000 ____D C:\Users\rache
2019-01-30 19:46 - 2017-08-14 12:02 - 000000000 ____D C:\Users\GGPC\Documents\Budgeting and Goals
2019-01-30 19:46 - 2017-08-14 12:02 - 000000000 ____D C:\Users\GGPC\Documents\Board and Rent Payments
2019-01-30 19:42 - 2018-11-29 09:25 - 000003356 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-688862063-2713704754-1743232380-1002
2019-01-30 19:42 - 2018-07-24 06:17 - 000002396 _____ C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-30 19:40 - 2018-11-29 09:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-30 18:17 - 2018-07-24 06:00 - 000000000 ____D C:\ProgramData\Package Cache
2019-01-30 11:19 - 2018-12-03 10:42 - 000000000 ____D C:\Users\GGPC\AppData\Local\Battle.net
2019-01-30 10:33 - 2018-11-29 09:40 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-01-29 16:53 - 2018-11-29 10:17 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2019-01-28 14:27 - 2018-12-01 15:11 - 000000000 ____D C:\ProgramData\ProductData
2019-01-28 13:26 - 2016-05-02 23:25 - 000000000 ____D C:\Users\GGPC\Documents\Power Bill
2019-01-28 11:38 - 2017-08-14 12:02 - 000000000 ____D C:\Users\GGPC\Documents\Network Access
2019-01-26 23:46 - 2018-07-24 06:17 - 000000000 ____D C:\Users\GGPC
2019-01-26 22:39 - 2018-07-24 06:12 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-01-26 22:32 - 2018-12-14 09:39 - 000000000 ____D C:\Users\GGPC\AppData\Local\ElevatedDiagnostics
2019-01-26 12:57 - 2018-07-24 06:11 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-01-26 12:56 - 2018-07-24 06:18 - 000000000 ____D C:\Users\GGPC\AppData\Local\Packages
2019-01-26 12:56 - 2018-07-24 06:13 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000004106 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003976 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:13 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-26 12:56 - 2018-07-24 06:10 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-01-26 12:12 - 2018-07-24 06:28 - 000000000 ____D C:\Program Files (x86)\Google
2019-01-24 12:57 - 2018-12-28 09:26 - 000000000 ____D C:\Program Files (x86)\EVGA
2019-01-24 12:54 - 2018-11-29 16:58 - 000000000 ____D C:\Users\GGPC\AppData\Local\CrashDumps
2019-01-24 11:54 - 2018-07-23 14:04 - 000000000 ____D C:\ProgramData\Packages
2019-01-23 14:52 - 2018-11-29 10:09 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-01-23 11:24 - 2018-07-24 06:19 - 000000000 ____D C:\Users\GGPC\AppData\Local\MicrosoftEdge
2019-01-22 16:32 - 2018-12-28 15:04 - 000000000 ____D C:\Users\GGPC\Downloads\Dekstop drivers
2019-01-22 16:06 - 2016-05-02 23:25 - 000000000 ____D C:\Users\GGPC\Documents\Phone Bill
2019-01-20 23:53 - 2018-12-01 15:09 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\IObit
2019-01-20 23:53 - 2018-12-01 15:09 - 000000000 ____D C:\ProgramData\IObit
2019-01-20 23:26 - 2018-12-01 15:11 - 000001424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2019-01-20 23:26 - 2018-12-01 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2019-01-19 16:59 - 2018-07-24 06:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-01-18 18:04 - 2018-07-24 06:18 - 000000000 ____D C:\Users\GGPC\AppData\Local\VirtualStore
2019-01-18 13:56 - 2018-11-29 09:27 - 000000000 ____D C:\Program Files\rempl
2019-01-18 13:36 - 2018-07-24 06:00 - 000000000 ____D C:\Program Files (x86)\Intel
2019-01-17 18:16 - 2018-11-29 09:40 - 000000000 ____D C:\Users\GGPC\AppData\Local\NVIDIA
2019-01-17 16:14 - 2018-11-29 10:29 - 000000000 ____D C:\Program Files\Microsoft Office
2019-01-17 10:29 - 2018-11-29 18:20 - 000003834 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-01-17 08:57 - 2018-11-29 15:21 - 000003762 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-01-17 08:57 - 2018-11-29 15:21 - 000003528 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-01-17 00:13 - 2018-07-24 06:13 - 002938576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2019-01-17 00:13 - 2018-07-24 06:13 - 002326736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2019-01-17 00:13 - 2018-07-24 06:13 - 001323216 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2019-01-16 21:32 - 2018-11-29 10:15 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-01-16 21:32 - 2018-11-29 10:15 - 000000000 ____D C:\Users\GGPC\AppData\Local\Discord
2019-01-16 21:30 - 2018-12-20 14:15 - 000000000 ____D C:\Users\GGPC\AppData\Local\Warframe
2019-01-16 20:51 - 2018-07-23 14:02 - 000412208 _____ C:\Windows\system32\FNTCACHE.DAT
2019-01-16 14:48 - 2018-12-25 11:05 - 000000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ___SD C:\Windows\SysWOW64\F12
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ___SD C:\Windows\system32\F12
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\TextInput
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\ShellExperiences
2019-01-16 09:58 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\bcastdvr
2019-01-16 09:46 - 2018-04-12 12:30 - 000000000 ____D C:\Windows\CbsTemp
2019-01-16 00:13 - 2018-07-24 06:13 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2019-01-15 23:18 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\Help
2019-01-13 15:05 - 2018-04-12 12:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-01-12 18:54 - 2018-07-24 06:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-11 11:44 - 2018-11-29 11:10 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-01-09 23:37 - 2018-11-29 10:17 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\GlarySoft
2019-01-09 19:56 - 2018-11-29 13:50 - 000004566 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-09 19:56 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-01-09 19:56 - 2018-04-12 12:38 - 000000000 ____D C:\Windows\system32\Macromed
2019-01-09 19:55 - 2018-11-29 10:04 - 000000000 ____D C:\Program Files\Wireshark
2019-01-09 17:24 - 2018-11-29 09:29 - 000000000 ____D C:\Windows\system32\MRT
2019-01-09 17:23 - 2018-11-29 09:29 - 132790320 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-08 22:37 - 2018-12-06 14:09 - 000000000 ____D C:\Users\GGPC\Heaven
2019-01-08 22:04 - 2018-12-06 14:08 - 001065984 _____ C:\Users\GGPC\AppData\Local\file__0.localstorage
2019-01-04 13:53 - 2018-11-29 10:34 - 000000000 ____D C:\ProgramData\HP
2019-01-04 12:27 - 2018-11-29 11:09 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-04 11:54 - 2018-04-12 10:04 - 100139008 _____ C:\Windows\system32\config\SOFTWARE.gu.bak
2019-01-04 11:54 - 2018-04-12 10:04 - 021233664 _____ C:\Windows\system32\config\SYSTEM.gu.bak
2019-01-04 11:54 - 2018-04-12 10:04 - 001048576 _____ C:\Windows\system32\config\DEFAULT.gu.bak
2019-01-04 11:54 - 2018-04-12 10:04 - 000131072 _____ C:\Windows\system32\config\SAM.gu.bak
2019-01-04 11:54 - 2018-04-12 10:04 - 000065536 _____ C:\Windows\system32\config\SECURITY.gu.bak
2019-01-03 17:49 - 2018-12-03 00:53 - 000000000 ____D C:\Users\GGPC\AppData\Local\Ubisoft Game Launcher
2019-01-03 08:41 - 2018-04-12 12:41 - 000835480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-01-03 08:41 - 2018-04-12 12:41 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2018-12-06 14:08 - 2019-01-08 22:04 - 001065984 _____ () C:\Users\GGPC\AppData\Local\file__0.localstorage
2018-12-01 01:07 - 2019-01-01 13:15 - 000007601 _____ () C:\Users\GGPC\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-23 14:02

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019
Ran by Tony (01-02-2019 09:25:46)
Running from C:\Users\GGPC\Desktop
Windows 10 Home Version 1803 17134.556 (X64) (2018-07-23 17:16:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-688862063-2713704754-1743232380-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-688862063-2713704754-1743232380-503 - Limited - Disabled)
Guest (S-1-5-21-688862063-2713704754-1743232380-501 - Limited - Disabled)
rache (S-1-5-21-688862063-2713704754-1743232380-1005 - Limited - Enabled) => C:\Users\rache.RIGGS
Tony (S-1-5-21-688862063-2713704754-1743232380-1002 - Administrator - Enabled) => C:\Users\GGPC
WDAGUtilityAccount (S-1-5-21-688862063-2713704754-1743232380-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{E267C808-4C22-457E-B74B-50EAB4AD9030}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{9486AD8F-39F4-470B-92FD-BC423ABAEC43}) (Version: 19.1.4.5 - Intel) Hidden
7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Authy Desktop (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\authy-electron) (Version: 1.7.0 - Twilio Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Call of Duty Black Ops 4 (HKLM-x32\...\Call of Duty Black Ops 4) (Version:  - Blizzard Entertainment)
CAM (HKLM-x32\...\{A733CAE6-2B9A-4A7A-97D7-E7C55E8554C1}) (Version: 3.7.5 - NZXT)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
Corsair AURA DRAM Component (HKLM-x32\...\{da7ebf10-b0be-494e-a79d-568546795a51}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.)
CrystalDiskInfo 8.0.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.0.0 - Crystal Dew World)
Discord (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Discord) (Version: 0.0.304 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 417.71 - NVIDIA Corporation) Hidden
Geeks3D FurMark 1.20.2.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Glary Utilities 5.113 (HKLM-x32\...\Glary Utilities 5) (Version: 5.113.0.138 - Glarysoft Ltd)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 4520 series Basic Device Software (HKLM\...\{B46D9E8C-10FE-4873-996B-CA9EA3D7D9FE}) (Version: 40.11.1122.1796 - HP Inc.)
HP ENVY 4520 series Help (HKLM-x32\...\{201E58BD-2A1D-4C4D-BD6F-ADA7669FE3AE}) (Version: 36.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HWiNFO64 Version 6.00 (HKLM\...\HWiNFO64_is1) (Version: 6.00 - Martin Malík - REALiX)
Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1805.12.0.1097 - Intel Corporation)
Intel® Network Connections 23.0.12.0 (HKLM\...\PROSetDX) (Version: 23.0.12.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.0.1000 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Driver & Support Assistant (HKLM-x32\...\{b0134461-205a-4d62-bbdc-1fcabdd02645}) (Version: 19.1.4.5 - Intel)
IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.3.0.11 - IObit)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{d6cac989-7570-43fd-b147-e31d6280a3a6}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11126.20266 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-688862063-2713704754-1743232380-1005\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mozilla Firefox 65.0 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0 (x64 en-US)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
Novabench (HKLM\...\{56C3C944-B587-49D0-87A1-412482140B33}) (Version: 4.0.6 - Novawave Inc.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.17.0.113 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.113 - NVIDIA Corporation)
NVIDIA Graphics Driver 417.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{7C4D55AF-37B4-4D85-9106-CF473CEC9BE6}) (Version: 22.1.2521 - O&O Software GmbH)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Prey Anti-Theft (HKLM-x32\...\{AC67FFDC-B1E6-45C4-B01F-32EC70DBF624}) (Version: 1.8.1 - Prey, Inc.) Hidden
Product Improvement Study for HP ENVY 4520 series (HKLM\...\{1DDC5451-BE8B-4092-AB04-E92127242886}) (Version: 40.11.1122.1796 - HP Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8295 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Spotify) (Version: 1.0.99.250.g936eab8d - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.9025 - TeamViewer)
TP-Link TL-WN881ND Driver (HKLM-x32\...\{5656127B-0110-4450-9CBD-643E760F152D}) (Version: 1.0.0 - TP-Link)
Unigine Superposition Benchmark 1.0 (HKLM\...\Superposition_is1) (Version: 1.0 - Unigine Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 67.0 - Ubisoft)
Wargaming.net Game Center (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\Wargaming.net Game Center) (Version: 18.9.1.3085 - Wargaming.net)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.6.6 64-bit (HKLM-x32\...\Wireshark) (Version: 2.6.6 - The Wireshark developer community, hxxps://www.wireshark.org)
World of Tanks ASIA (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\WOT.SG.PRODUCTION) (Version:  - Wargaming.net)
World_of_Warships_Asia (HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\WOWS.ASIA.PRODUCTION) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers1: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2018-11-30] (O&O Software GmbH)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers2: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2018-11-30] (O&O Software GmbH)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-01-11] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-30] (AO Kaspersky Lab)
ContextMenuHandlers6: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2018-11-30] (O&O Software GmbH)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {050278F1-F19F-4923-B547-795AE339F714} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-17] (Microsoft Corporation)
Task: {1DE5D9D8-E11C-4937-91C5-83E4BB8A05C1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-01-10] (Piriform Ltd)
Task: {1E2A4B9D-31C0-4D5F-A7BE-D4F8D3268CF4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2019-01-17] (NVIDIA Corporation)
Task: {1E3B7427-B91C-42A4-9E8F-7A5775A0A44A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
Task: {2A04232A-0C9F-446E-830C-1FAA24EC39B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {30C5B791-F93A-40E0-BF25-E6F5B7F62A9E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2019-01-17] (NVIDIA Corporation)
Task: {3BA546E1-3801-4FBB-AE99-590D94C34E95} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2019-01-17] (NVIDIA Corporation)
Task: {3C4232B3-2A9A-434B-BFDD-0E7BA6949871} - System32\Tasks\CAM.Desktop => C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe [2019-01-31] ()
Task: {3F23C60B-289E-4E8A-BCD8-51E3F9B4E3F7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2019-01-17] (NVIDIA Corporation)
Task: {441B0B90-CC06-4D58-97A7-6272E5E245D0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {49A3547A-EA9D-4BD4-BF6E-36D524AD56A2} - System32\Tasks\Uninstaller_SkipUac_Tony => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2019-01-11] (IObit)
Task: {4DE21D99-80AB-43A2-B6ED-B870D5F2A5C4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-09] (Adobe Systems Incorporated)
Task: {4E177E86-CF0F-4FF2-BA7C-1418E477F50B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-01-17] (NVIDIA Corporation)
Task: {5130ED86-ADEF-491F-87A0-56C085839005} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {53DD69FF-D38C-42F9-B2ED-E9D9E0C39380} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd)
Task: {5CD30A00-013A-49F6-A51F-3DEA0394979E} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {62F83496-16DB-4D5B-BD3C-98355D6B49A1} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {6403A30C-BC70-44D1-BB0F-2650C6BDF13A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2019-01-17] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6BF97351-4629-408A-A574-3CDA713C70A6} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
Task: {71637121-DEEA-4C68-ADCC-CB8132F79F80} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {8922BD96-9157-43E1-9564-5F9A12BC2FBB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-09] (Adobe Systems Incorporated)
Task: {906FF8A9-1106-4E50-9EB3-CF71B27B89DB} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {9832A578-B78D-4F2F-AC42-EAB2333DE0BE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-17] (Microsoft Corporation)
Task: {AA32106D-D81A-4C40-BB13-93CCF19208C3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-01-17] (NVIDIA Corporation)
Task: {AEF435B9-2DE1-4BCF-93C6-1B77BCDE8E22} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-17] (Microsoft Corporation)
Task: {AF96B9EB-B4E7-48E5-9FDD-E41308BDA870} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {CB2B7FB5-2200-4AF0-989E-201899F73E83} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {D236F739-04B4-4C90-B875-159B70C1DD27} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2019-01-17] (NVIDIA Corporation)
Task: {D3CF7EEF-4D89-459C-8ACE-9D3C5A20CA67} - System32\Tasks\S-1-5-21-688862063-2713704754-1743232380-1002\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Corporation)
Task: {D61A42BD-D84B-4555-81F4-F7ACB1A0E956} - System32\Tasks\HPCustParticipation HP ENVY 4520 series => C:\Program Files\HP\HP ENVY 4520 series\Bin\HPCustPartic.exe [2017-04-06] (HP Inc.)
Task: {DD13E469-4407-4DCF-B45A-FA7490AC8550} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-17] (Microsoft Corporation)
Task: {E19E9D71-4410-4A8D-A6B7-8598BEA1A3B5} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2019-01-17] (NVIDIA Corporation)
Task: {F1ECCC82-C657-44D2-B4B4-98744D12CCE0} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel® Management Engine Components\iCLS\IntelPTTEKRecertification.exe [2017-11-16] (Intel® Corporation)
Task: {F317D034-A7ED-431D-9ADF-CE6BF942DEEE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-19 19:01 - 2018-12-19 19:01 - 000195832 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
2018-07-24 06:13 - 2019-01-17 00:13 - 001315024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-01-22 16:08 - 2018-01-22 16:08 - 000419328 ____R () C:\Program Files\Intel\Wired Networking\NCS2\Agent\AdapterAgnt.DLL
2018-04-12 12:34 - 2018-04-12 12:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 12:34 - 2018-04-12 12:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-11-29 10:05 - 2018-11-09 15:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-16 09:44 - 2019-01-09 21:10 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000937208 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
2018-12-19 19:01 - 2018-12-19 19:01 - 002329336 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000282360 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000578296 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000616696 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000267000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000323832 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000978680 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000243960 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_winstat_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000750840 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_upnp_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000411384 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000558840 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sgx_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000665336 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sampler_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000853240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000636152 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000303864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000778488 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll
2019-01-31 17:45 - 2019-01-31 17:45 - 001955328 _____ () C:\Program Files (x86)\NZXT\CAM\Launcher\ffmpeg.dll
2019-01-31 17:45 - 2019-01-31 17:45 - 003687936 _____ () C:\Program Files (x86)\NZXT\CAM\Launcher\libglesv2.dll
2019-01-31 17:45 - 2019-01-31 17:45 - 000017920 _____ () C:\Program Files (x86)\NZXT\CAM\Launcher\libegl.dll
2019-01-31 17:45 - 2019-01-31 17:45 - 000332400 _____ () C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe
2018-12-19 19:01 - 2018-12-19 19:01 - 000863480 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
2018-12-19 19:01 - 2018-12-19 19:01 - 000312568 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000555768 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_events_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000636152 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll
2018-11-29 12:05 - 2018-11-29 12:05 - 000899584 _____ () \\?\C:\Windows\Prey\versions\1.8.2\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node
2018-07-24 06:13 - 2019-01-17 00:13 - 001032912 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-01-31 19:52 - 2018-01-31 19:52 - 001604240 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-12-01 15:11 - 2018-05-02 17:42 - 000442128 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2018-12-01 15:11 - 2018-05-02 17:42 - 000210704 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2018-12-01 15:11 - 2018-05-02 17:42 - 000059664 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2018-04-25 12:13 - 2018-04-25 12:13 - 000252184 _____ () C:\Program Files (x86)\NZXT\CAM\libuv.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 12:38 - 2018-12-26 18:44 - 000001052 _____ C:\Windows\system32\drivers\etc\hosts

0.0.0.0    incoming.telemetry.mozilla.org

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\GGPC\Pictures\Follower of the way things\6.jpg
HKU\S-1-5-21-688862063-2713704754-1743232380-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\rache.RIGGS\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\1 (3).jpeg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKLM\...\StartupApproved\Run32: => "OnScreen Control"
HKLM\...\StartupApproved\Run32: => "IseUI"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "HP ENVY 4520 series (NET)"
HKU\S-1-5-21-688862063-2713704754-1743232380-1002\...\StartupApproved\Run: => "Browser Manager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2B94ABA8-9DAC-4FCE-A779-EE57306C452B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{CA3AE165-2F9E-4986-8086-49C8F1FFC5BA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{9342342A-A339-4913-B609-64E055C75AED}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{FE593D69-3751-4BC5-BE72-B19F9F53C94D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [TCP Query User{13AF986A-6D70-49EC-8AFB-A7474243E044}D:\program files (x86)\call of duty black ops 4\blackops4.exe] => (Allow) D:\program files (x86)\call of duty black ops 4\blackops4.exe (Activision Publishing, Inc.)
FirewallRules: [UDP Query User{EA52114C-9B36-49F7-BA90-4FEA3593F322}D:\program files (x86)\call of duty black ops 4\blackops4.exe] => (Allow) D:\program files (x86)\call of duty black ops 4\blackops4.exe (Activision Publishing, Inc.)
FirewallRules: [TCP Query User{50EFA744-7CA1-4560-B3B5-96E003BCA909}D:\steam\steamapps\common\rise of the tomb raider\rottr.exe] => (Allow) D:\steam\steamapps\common\rise of the tomb raider\rottr.exe (Eidos Inc.)
FirewallRules: [UDP Query User{0026212E-61E5-4347-A542-7E64144980B8}D:\steam\steamapps\common\rise of the tomb raider\rottr.exe] => (Allow) D:\steam\steamapps\common\rise of the tomb raider\rottr.exe (Eidos Inc.)
FirewallRules: [TCP Query User{50AA50D6-95AA-4CF5-B198-0DE299A50EA8}D:\steam\steamapps\common\the crew 2\thecrew2.exe] => (Allow) D:\steam\steamapps\common\the crew 2\thecrew2.exe (UBISoft)
FirewallRules: [UDP Query User{01F558B5-DAF0-407D-97D7-9710F7E64F8E}D:\steam\steamapps\common\the crew 2\thecrew2.exe] => (Allow) D:\steam\steamapps\common\the crew 2\thecrew2.exe (UBISoft)
FirewallRules: [{FE1D770A-0A51-43E6-9AFF-FF33B2E9DD71}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [{444C56EC-FEC5-4F55-B4AC-52916B47970A}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [TCP Query User{8B28E81F-9E4E-40C1-BF03-4358AC0DFA70}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [UDP Query User{8C43F5E1-32F6-47DE-8E72-8578CCF90D7F}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [TCP Query User{0FF21A64-1182-4152-A306-72EABB6EE01E}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net)
FirewallRules: [UDP Query User{8C9BF5FF-7398-438E-8A02-584910A0FF9A}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net)
FirewallRules: [{73F4E2D5-58B9-4D0D-853B-8155C3356A0F}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{612A7A36-31A2-44BB-A1C9-413ACBB13ED6}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{4D96F7A3-4755-4C6E-AF46-E0EC8A0E1D86}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{17AAE4E7-C69C-480D-A0CB-BE6A4889623F}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{7B43B956-CA5B-4770-846E-88071A77198E}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes)
FirewallRules: [{530234E2-DE8F-4775-93CB-8959C9A2B891}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe ()
FirewallRules: [{97D56D38-F8E3-4B8C-9C6C-07C95FCE9EA3}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{E2EC7159-D90D-46A8-9095-29A1DB738383}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{157437F7-AE3F-43A7-8BD4-4D850A5C0C9C}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes)
FirewallRules: [{FCE8FFFA-88CE-4BF4-AE2F-01BF47F678D7}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes)
FirewallRules: [{C21B7C76-5175-488C-8177-AAE18B8B7169}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes)
FirewallRules: [{6C7AC74D-D7FF-4BD1-A705-FE3A2E83988A}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe ()
FirewallRules: [TCP Query User{843D723D-43F4-4FD3-925F-221D8CB2A9E9}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe (HP Inc.)
FirewallRules: [UDP Query User{79D47BD0-30B9-407B-818C-149B73320733}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe (HP Inc.)
FirewallRules: [{A21EB030-A934-49E7-A5E6-FCF29C15E041}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{27AF4214-3EDD-4B1C-9D3D-C9C46C11D6C2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{443C902A-D1A9-4576-BF33-9F47BD918784}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{8202DCCD-49CA-42F9-B909-F59E756EA2B2}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\game.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{53EF0401-9B05-4FC7-9B01-8A39DB059A9F}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\game.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{1BB581D6-4825-4F61-9D69-78FC8FDE9559}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\startup_setting.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{50793547-7ECF-4B26-A0B5-BB6955BA3769}] => (Allow) D:\Steam\steamapps\common\Dead or Alive 5 Last Round\startup_setting.exe (KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{58649AE4-B7F0-4447-A188-7B771D3200AC}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{27F0ABF9-7CCF-44F0-8E54-1B824D5093DE}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{5F1EADCC-7156-49D8-8744-9C13608BF5A4}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{3489DD16-5F57-408B-B8CC-8F2270F5B7ED}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe ()
FirewallRules: [{01128158-5678-47F4-8BA4-1768CD727EF1}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe (UNIGINE Corp.)
FirewallRules: [{C6232BA7-025E-483A-8DEC-C58D1671AC0B}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe (UNIGINE Corp.)
FirewallRules: [{6F2CB973-A9FB-46AE-910D-A97D8A869EFF}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe (UNIGINE Corp.)
FirewallRules: [{0F224C75-2435-4E45-92B2-1EDAF1355B69}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe (UNIGINE Corp.)
FirewallRules: [{6DC752F5-35B2-4E26-A214-66B0741E5E33}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{37412D99-5092-40E9-A192-5BE1CCABABD2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{D58EF62D-93A5-437B-A07C-A077621A9B82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{ECC888D2-DBDA-4449-B759-D6DCC148A964}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{EF54B106-204D-4C40-B7C9-287F6455C476}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{3090BF6E-FB80-4B25-86E2-686AEA87A53C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{727D26E6-D7FC-4B4A-A7C2-035FA574B504}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{C32A92CE-6174-4AFB-B4C5-FB3EC87BE71A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{238BA241-13EC-4922-A8CF-0EA4622D49F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{3810CEA8-0AC8-4E8C-899E-E5F86585AF7E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{29D6775C-F710-4413-BFD0-AB7D94A8B117}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [{2A9DD94D-A69F-4D01-9D08-707B73652AAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [TCP Query User{84C4D4D1-F6D3-409F-B041-C5EDF5B41C8A}C:\users\ggpc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ggpc\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [UDP Query User{8C9FB145-492D-40C0-A0AC-1A649228B329}C:\users\ggpc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ggpc\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [{4FBBCDCD-B3F5-41FC-8D1F-6E1776D013D7}] => (Allow) C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
FirewallRules: [{7FDA8322-0758-415F-9F26-A5C208855463}] => (Block) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [{C6BEAA35-EE2A-41DC-A254-59ADB0181DE2}] => (Block) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [{C255251B-6AEF-47DB-A51B-873E801BB6CF}] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [{A65EAAF7-1CFE-494D-B3B2-DFD3EAF9390E}] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe ()
FirewallRules: [{87AD596A-6328-49DC-B909-037CE1C50A53}] => (Allow) LPort=38518
FirewallRules: [{C6D07AE1-B091-4A5D-90CE-328A882A47B3}] => (Allow) LPort=9142

==================== Restore Points =========================

01-02-2019 09:16:36 Installed CAM

==================== Faulty Device Manager Devices =============

Name: TP-Link Wireless N PCI Express Adapter #2
Description: TP-Link Wireless N PCI Express Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TP-Link Technologies Co., Ltd.
Service: RTWlanE
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2019 09:19:28 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/01/2019 09:19:28 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/01/2019 09:19:28 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\Windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/01/2019 09:19:28 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/01/2019 09:19:28 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\Windows\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/01/2019 09:17:28 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/31/2019 06:17:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/31/2019 06:17:43 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.


System errors:
=============
Error: (02/01/2019 09:16:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2019 09:16:01 AM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2019 09:16:00 AM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2019 09:15:59 AM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2019 09:15:59 AM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2019 09:15:51 AM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 09:43:04 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2019 09:32:01 PM) (Source: DCOM) (EventID: 10016) (User: ZAKELA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ZAKELA\Tony SID (S-1-5-21-688862063-2713704754-1743232380-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-09-20 07:35:45.721
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

Date: 2018-09-20 07:26:12.892
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-09-20 07:26:12.891
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-09-20 07:26:12.891
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-09-20 07:26:12.819
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-01-31 16:23:22.852
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2019-01-31 10:16:14.228
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\Windows\Temp\{F1E57239-A8CE-4334-93FC-F0ED0C0ACAC6}\cleanapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-01-31 10:16:10.804
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\Windows\Temp\{B2F1D985-4BFE-46E1-AD9A-31881173ECCA}\cleanapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-01-31 10:16:07.333
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\Windows\Temp\{B0CBE093-9FD2-4C17-B8A0-830028EC91F6}\cleanapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-01-30 23:11:23.634
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2019-01-30 22:13:42.183
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2019-01-28 16:16:42.262
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-01-28 16:16:42.255
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 18%
Total physical RAM: 16317.21 MB
Available physical RAM: 13245.16 MB
Total Virtual: 18749.21 MB
Available Virtual: 14216.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.97 GB) (Free:172.45 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:1862.89 GB) (Free:1487.76 GB) NTFS

\\?\Volume{759e9880-0ca3-4f59-876c-1646ea55761d}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{0095f199-42bf-423d-a6c5-269029a5bf07}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================


  • 0

#13
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 419 posts
Hi,

How is the computer doing? Do the problems still persist?

Thanks.
  • 0

#14
KiwiProbie

KiwiProbie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts

It's got its bit of speed back now which is awesome so I am happy.

 

Is my PC cleaned completely from yandex, hamster soft etc?


  • 0

#15
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 419 posts
Hi,

Yes, Yandex and Hamster Soft were removed.

Let's run one final scan to check for any remnants.

-----------------------

Download AdwCleaner and save it to your Desktop.
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. If no objects are detected, close the AdwCleaner window.
  • If any objects are detected, make sure that all the boxes are checked and click on the Clean and Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
  • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.
Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).

Thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP