Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC running really slow


  • Please log in to reply

#1
Gregory22

Gregory22

    New Member

  • Member
  • Pip
  • 1 posts
Hi, my PC has been running really slow recently and I think I have some sort of malware on it, hope you can help thanks.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 3-07-2019
Ran by Home (administrator) on CALLUMS (MSI MS-7920) (08-07-2019 01:28:04)
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 10 Pro Version 1809 17763.557 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19061.410.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Discord Inc. -> Discord Inc.) C:\Users\Home\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Home\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Home\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Home\AppData\Local\Discord\app-0.0.305\Discord.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe
(Nota Inc. -> Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.131.0.15\OverwolfHelper.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.131.0.15\OverwolfHelper64.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\Teamspeak\OverwolfTSHelper.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\0.131.0.15\OverwolfBrowser.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\0.131.0.15\OverwolfBrowser.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [598200 2019-06-12] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2596707385-3445154772-733900174-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3148576 2019-06-18] (Valve -> Valve Corporation)
HKU\S-1-5-21-2596707385-3445154772-733900174-1001\...\Run: [Discord] => C:\Users\Home\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2596707385-3445154772-733900174-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [911752 2019-06-19] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-2596707385-3445154772-733900174-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1668424 2019-06-24] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-2596707385-3445154772-733900174-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [11405416 2017-11-12] (Windscribe Limited -> Windscribe Limited)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-20] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1F37DEDA-5315-432E-9CAC-93069943245E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-24] (Google Inc -> Google Inc.)
Task: {2FE31B66-6912-4156-99DD-F27A8B5DCC25} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {40114E21-DE9F-4B74-9C59-9CB047D835CB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4EF5C0AE-D0A7-4245-ACED-1CDF06A86987} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {508FEE9C-9A2B-419D-93C4-E000E7033E20} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-06-19] (Nota Inc. -> Nota Inc.)
Task: {5382B0EA-9FBB-4947-A52A-D42169125AE8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7CDE1B1D-849D-4E4C-B635-FB7D0B0933F7} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {88C83DA7-D13C-4C45-8061-9D5F04E06B80} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-06-19] (Nota Inc. -> Nota Inc.)
Task: {8D73535D-C24B-405C-8980-48160CF7D4DD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3787304 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8D8FCD6A-20C0-4B71-B24A-4C1D1CB412FE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9171C1B8-C85E-434B-9A8F-D4261181672A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {959DC294-EB0E-4AE0-B26B-3570181D0ED0} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A3E0460F-DA7E-4EDC-AAEB-9DF4244509F3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A438C6E5-76EB-43F6-AD39-5A4A7A584E6C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B170144D-4F3C-4E81-B82C-A07925A2943E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D1D39C78-B5E6-465F-BB42-5FE1B9B59435} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DDEB3422-120F-426E-B19E-0FABB2681CA4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E720A52D-6D3B-4348-A559-C20D0FA72372} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-24] (Google Inc -> Google Inc.)
Task: {F1C08748-9AFF-44A7-BD88-71469F958B5D} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2436936 2019-06-24] (Overwolf Ltd -> Overwolf LTD)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3806f479-5756-4c30-83ca-c5aaf8cf6b93}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6c99ecdd-07cf-4e46-8dd7-456bef01d7af}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f540952d-191e-4fc0-881d-bb6287726dc3}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-05-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-29] (Oracle America, Inc. -> Oracle Corporation)
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2019-07-08]
CHR Extension: (Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-24]
CHR Extension: (Adblocker for Chrome - NoAds) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\alplpnakfeabeiebipdmaenpmbgknjce [2019-05-09]
CHR Extension: (Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-24]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-24]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-24]
CHR Extension: (Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-24]
CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-03-24]
CHR Extension: (Black red shards) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjlkkaalgfbbegfnjoclhfidancjpch [2019-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-03-24]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-20]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-04-03]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-03]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8457232 2019-06-24] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2019-05-20] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-05-10] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2436936 2019-06-24] (Overwolf Ltd -> Overwolf LTD)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [439936 2018-01-10] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [943232 2018-01-10] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-05-21] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11814232 2019-06-05] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [442472 2017-11-12] (Windscribe Limited -> Windscribe Limited)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> C-MEDIA)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136720 2018-05-10] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
S3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2016-07-26] (Intel® Smart Connect software -> )
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-09-15] (Microsoft Windows -> Qualcomm Atheros, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-07-08] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-07-08] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-07-08] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-08] (Malwarebytes Corporation -> Malwarebytes)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2018-09-15] (Microsoft Windows -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4aa19ae78d94d8a3\nvlddmkm.sys [20706184 2019-02-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-05-10] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [8206848 2018-09-15] (Microsoft Windows -> Realtek Semiconductor Corporation )
S3 rzbtendpt; C:\WINDOWS\System32\drivers\rzbtendpt.sys [52240 2016-10-30] (Razer USA Ltd. -> Razer Inc)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [49544 2018-09-13] (Razer USA Ltd. -> Razer Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [42000 2016-10-30] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_005c; C:\WINDOWS\System32\drivers\RzDev_005c.sys [51696 2018-04-22] (Razer USA Ltd. -> Razer Inc)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29712 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36376 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [45592 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48144 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [52240 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44048 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [44048 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [52952 2016-10-03] (SteelSeries ApS -> SteelSeries ApS)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-09-13] (Windscribe Limited -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [337632 2019-06-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-04] (Microsoft Windows -> Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel® Software -> Intel Corporation)
S3 BEDaisy; \??\C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-07-08 01:28 - 2019-07-08 01:28 - 000024859 _____ C:\Users\Home\Desktop\FRST.txt
2019-07-08 01:27 - 2019-07-08 01:28 - 000000000 ____D C:\FRST
2019-07-08 01:27 - 2019-07-08 01:27 - 002420224 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2019-07-08 01:20 - 2019-07-08 01:20 - 000000017 _____ C:\Users\Home\AppData\Local\resmon.resmoncfg
2019-07-08 01:14 - 2019-07-08 01:14 - 000000000 ____D C:\Users\Home\AppData\Local\mbam
2019-07-08 01:13 - 2019-07-08 01:13 - 022871808 _____ (TeamViewer GmbH) C:\Users\Home\Downloads\TeamViewer_Setup (4).exe
2019-07-08 01:13 - 2019-07-08 01:13 - 000001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-07-08 01:13 - 2019-07-08 01:13 - 000001100 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-07-08 01:12 - 2019-07-08 01:23 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-08 01:12 - 2019-07-08 01:23 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-07-08 01:12 - 2019-07-08 01:12 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-07-08 01:12 - 2019-07-08 01:12 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-07-08 01:12 - 2019-07-08 01:12 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-08 01:12 - 2019-07-08 01:12 - 000000000 ____D C:\Users\Home\AppData\Local\mbamtray
2019-07-08 01:12 - 2019-07-08 01:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-08 01:12 - 2019-07-08 01:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-08 01:12 - 2019-07-08 01:12 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-08 01:12 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-07-08 01:12 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-07-08 01:11 - 2019-07-08 01:11 - 064455440 _____ (Malwarebytes ) C:\Users\Home\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11438.exe
2019-07-06 03:17 - 2019-07-06 03:17 - 006636796 _____ C:\Users\Home\Downloads\rpsoundboard1810_5d0667abeda4a.ts3_plugin
2019-07-06 03:15 - 2019-07-06 03:15 - 088027400 _____ (TeamSpeak Systems GmbH) C:\Users\Home\Downloads\TeamSpeak3-Client-win64-3.3.0 (1).exe
2019-06-26 22:58 - 2019-06-26 22:58 - 000073885 _____ C:\Users\Home\Downloads\TS3MassMover-v06123_5d07b4de21a0d.ts3_plugin
2019-06-26 00:16 - 2019-06-26 00:16 - 000000000 ____D C:\Users\Home\Downloads\Xray+Ultimate+1.12+v2.2.1
2019-06-24 22:26 - 2019-06-24 22:26 - 027035616 _____ (Razer Inc.) C:\Users\Home\Downloads\Razer_Synapse_Installer_v2.21.21.1 (5).exe
2019-06-24 22:25 - 2019-06-24 22:25 - 000000000 ____D C:\Program Files\Razer Chroma SDK
2019-06-24 22:25 - 2019-06-24 22:25 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2019-06-24 22:22 - 2019-06-24 22:22 - 027035616 _____ (Razer Inc.) C:\Users\Home\Downloads\Razer_Synapse_Installer_v2.21.21.1 (4).exe
2019-06-23 22:10 - 2019-06-23 22:10 - 000001140 _____ C:\Users\Public\Desktop\Windscribe.lnk
2019-06-23 22:10 - 2019-06-23 22:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2019-06-23 22:09 - 2019-06-24 01:32 - 000000000 ____D C:\Program Files (x86)\Windscribe
2019-06-20 16:39 - 2019-06-20 16:39 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2019-06-19 14:08 - 2019-06-19 14:08 - 000001066 _____ C:\Users\Public\Desktop\Gyazo Replay.lnk
2019-06-19 02:45 - 2019-06-28 13:37 - 000000000 ____D C:\Program Files (x86)\Overwolf
2019-06-19 02:45 - 2019-06-19 04:15 - 000000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2019-06-19 02:45 - 2019-06-19 02:45 - 000004382 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2019-06-19 02:45 - 2019-06-19 02:45 - 000001178 _____ C:\Users\Public\Desktop\Overwolf.lnk
2019-06-19 02:44 - 2019-07-08 01:24 - 000000000 ____D C:\Users\Home\AppData\Local\Overwolf
2019-06-19 02:44 - 2019-06-19 02:45 - 000000000 ____D C:\ProgramData\Overwolf
2019-06-19 02:43 - 2019-06-19 02:43 - 088027400 _____ (TeamSpeak Systems GmbH) C:\Users\Home\Downloads\TeamSpeak3-Client-win64-3.3.0.exe
2019-06-19 02:43 - 2019-06-19 02:43 - 000001008 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2019-06-19 02:43 - 2019-06-19 02:43 - 000000970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2019-06-19 02:43 - 2019-06-19 02:43 - 000000000 ____D C:\Program Files\UNP
2019-06-17 03:01 - 2019-06-17 03:01 - 007576808 _____ C:\Users\Home\Documents\Untitled.aa3
2019-06-17 03:01 - 2019-06-17 03:01 - 002350176 _____ C:\Users\Home\Documents\AAAAAAAAAAAAAAAAAAAAAD.aa3
2019-06-17 03:01 - 2019-06-17 03:01 - 000000098 _____ C:\Users\Home\Documents\AAAAAAAAAAAAAAAAAAAAAD.aa3.sfl
2019-06-17 03:01 - 2019-06-17 03:01 - 000000084 _____ C:\Users\Home\Documents\Untitled.aa3.sfl
2019-06-13 17:58 - 2019-06-13 17:58 - 001993528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 023438336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 022114960 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 018999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 017484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 015221248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 012869120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 012162048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 007884288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 007875072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 007724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 006926336 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 006547144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 006441472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 006309256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 006068224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 005588184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 005297152 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 005112792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 004661760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 004627456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 003983872 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 003906560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 003385344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 003344896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 003270144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 003091968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 002999808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 002928640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 002926096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 002777736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 002707968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 002690048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 002653696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 002638336 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 002627600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 002276192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-06-12 17:53 - 2019-06-12 17:53 - 002085168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-06-12 17:53 - 2019-06-12 17:53 - 001929216 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001860608 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001860096 ____R (The ICU Project) C:\WINDOWS\system32\icuin.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001761280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001750016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001700312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-12 17:53 - 2019-06-12 17:53 - 001670840 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001644544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001618944 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuin.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001616384 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001483872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 001466496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001342904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-06-12 17:53 - 2019-06-12 17:53 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001298952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001260048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-06-12 17:53 - 2019-06-12 17:53 - 001256448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 001229824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 001223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001219424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001180184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001072640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 001048592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\assignedaccessmanagersvc.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000863544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 000758688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000752144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000730592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000676048 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 000651064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessManager.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000615440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 000604344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000586040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000555232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000553664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000515152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000513904 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000506192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000474936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-06-12 17:53 - 2019-06-12 17:53 - 000462136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000451104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000430904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 000427688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000419368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000404792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000398208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000386576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000375544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000351744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000292664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 000287912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 000282424 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000262160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000247608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000196920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSrv.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000152896 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000152400 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000137056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000125528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000114648 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000101176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingFilterDS.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000091424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 000090424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000087864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000080400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-06-12 17:53 - 2019-06-12 17:53 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessRuntime.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-06-12 17:53 - 2019-06-12 17:53 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AssignedAccessRuntime.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-06-12 17:53 - 2019-06-12 17:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-06-12 17:53 - 2019-06-12 17:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-06-12 17:53 - 2019-06-12 17:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-06-12 17:53 - 2019-06-12 17:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-06-12 17:53 - 2019-06-12 17:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-06-12 17:53 - 2019-06-12 17:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-06-12 17:53 - 2019-06-12 17:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-06-12 17:53 - 2019-06-12 17:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-06-10 16:09 - 2019-06-10 16:09 - 000000000 ____D C:\Users\Home\Documents\My Games
2019-06-10 15:22 - 2019-06-10 15:22 - 000000221 _____ C:\Users\Home\Desktop\Borderlands 2.url
2019-06-09 04:35 - 2019-05-24 06:43 - 000590594 _____ C:\Users\Home\Downloads\JOHN_SMITH_LEGACY_CHANGELOG.txt
2019-06-09 04:35 - 2019-04-28 08:50 - 000000000 ____D C:\Users\Home\Downloads\assets
2019-06-09 04:35 - 2019-04-24 05:47 - 000000153 _____ C:\Users\Home\Downloads\pack.mcmeta
2019-06-09 04:35 - 2019-02-14 07:05 - 000002596 _____ C:\Users\Home\Downloads\__READ ME.txt
2019-06-09 04:35 - 2018-07-17 19:21 - 000000000 ____D C:\Users\Home\Downloads\helper_files
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-07-08 01:25 - 2019-04-19 00:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-07-08 01:25 - 2019-03-24 20:39 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-08 01:24 - 2019-04-05 00:11 - 000000000 ____D C:\Users\Home\AppData\Roaming\discord
2019-07-08 01:24 - 2019-03-24 20:48 - 000000000 ____D C:\Program Files (x86)\Steam
2019-07-08 01:24 - 2019-03-24 20:44 - 000000000 ____D C:\Users\Home\AppData\Roaming\TS3Client
2019-07-08 01:23 - 2019-05-21 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-08 01:23 - 2019-05-21 09:42 - 000266728 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-08 01:23 - 2019-05-21 09:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-08 01:23 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-08 01:12 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-08 01:11 - 2019-05-21 09:50 - 000795988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-08 01:11 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF
2019-07-08 01:10 - 2019-05-27 20:51 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5157220B-FBA4-44DF-A766-9C9804211B78}
2019-07-06 06:58 - 2019-04-05 00:02 - 000000000 ____D C:\Users\Home\AppData\Local\Arma 3 Launcher
2019-07-06 05:06 - 2019-04-05 00:02 - 000000000 ____D C:\Users\Home\AppData\Local\Arma 3
2019-07-05 23:15 - 2017-12-26 02:39 - 000000000 ____D C:\Users\Home\Documents\Arma 3 - Other Profiles
2019-07-05 23:11 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-04 15:55 - 2019-05-21 09:43 - 000000000 ____D C:\Users\Home
2019-06-30 17:34 - 2019-05-30 23:06 - 000000000 ____D C:\Users\Home\AppData\Roaming\.minecraft
2019-06-30 01:36 - 2018-09-15 07:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-06-29 19:15 - 2019-04-06 23:30 - 000000000 ____D C:\Users\Home\AppData\Local\CrashDumps
2019-06-29 14:26 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-26 00:15 - 2019-05-30 23:06 - 000000000 ____D C:\Program Files (x86)\Minecraft
2019-06-25 23:44 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-06-24 22:25 - 2019-03-24 20:35 - 000000000 ____D C:\Program Files (x86)\Razer
2019-06-24 22:24 - 2019-04-29 21:53 - 000000000 ____D C:\Users\Home\AppData\Local\Razer
2019-06-24 22:24 - 2018-12-26 02:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2019-06-21 03:51 - 2019-04-05 15:32 - 000000000 ____D C:\Users\Home\AppData\Local\D3DSCache
2019-06-20 17:59 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-20 00:03 - 2019-03-24 20:46 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-20 00:03 - 2019-03-24 20:46 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-06-19 14:08 - 2019-05-21 09:45 - 000003508 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2019-06-19 14:08 - 2019-05-21 09:45 - 000003372 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2019-06-19 14:08 - 2019-04-05 00:53 - 000000000 ____D C:\Program Files (x86)\Gyazo
2019-06-19 14:08 - 2017-12-28 09:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2019-06-19 02:43 - 2019-03-24 20:44 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2019-06-17 19:37 - 2019-02-10 16:24 - 000000222 _____ C:\Users\Home\Desktop\Arma 3.url
2019-06-17 03:05 - 2018-04-09 03:48 - 057678705 _____ C:\Users\Home\Documents\Untitled.mp4
2019-06-17 03:03 - 2019-05-30 13:56 - 000017328 _____ C:\Users\Home\Documents\Untitled.veg
2019-06-17 03:02 - 2019-05-30 13:56 - 000017328 _____ C:\Users\Home\Documents\Untitled.veg.bak
2019-06-14 15:34 - 2019-06-03 23:08 - 000000000 ____D C:\Program Files (x86)\A3Launcher
2019-06-13 19:06 - 2019-05-29 15:33 - 000000000 ____D C:\Program Files (x86)\ArmA3Sync
2019-06-13 19:06 - 2018-02-13 19:45 - 000000000 ____D C:\Users\Home\.junique
2019-06-13 19:00 - 2018-05-13 15:53 - 000000000 ____D C:\Users\Home\Documents\mods
2019-06-13 16:58 - 2017-10-22 09:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-13 16:58 - 2017-10-22 09:14 - 000000000 ___RD C:\Users\Home\3D Objects
2019-06-13 16:57 - 2018-09-15 08:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-06-13 16:57 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-06-13 16:57 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-06-12 17:49 - 2019-03-25 16:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-06-12 17:48 - 2019-03-25 16:16 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-10 15:22 - 2017-12-24 19:20 - 000000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-06-08 15:14 - 2019-01-03 03:59 - 000000306 _____ C:\Users\Home\Desktop\ban evading account.txt
 
==================== Files in the root of some directories ================
 
2019-07-08 01:20 - 2019-07-08 01:20 - 000000017 _____ () C:\Users\Home\AppData\Local\resmon.resmoncfg
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by Home (08-07-2019 01:30:19)
Running from C:\Users\Home\Desktop
Windows 10 Pro Version 1809 17763.557 (X64) (2019-05-21 08:45:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2596707385-3445154772-733900174-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2596707385-3445154772-733900174-503 - Limited - Disabled)
Guest (S-1-5-21-2596707385-3445154772-733900174-501 - Limited - Disabled)
Home (S-1-5-21-2596707385-3445154772-733900174-1001 - Administrator - Enabled) => C:\Users\Home
WDAGUtilityAccount (S-1-5-21-2596707385-3445154772-733900174-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
A3Launcher version 0.1.6.1 (HKLM-x32\...\{1E29A86E-9AE2-4CD8-74C8-6B170ED3C4D2}_is1) (Version: 0.1.6.1 - Maca134)
ArmA3Sync 1.6.97 (HKLM-x32\...\{F097E7D7-D093-4394-9EED-43AFCCD12B7A}_is1) (Version: 1.6.97 - The [S.o.E] team)
AutoHotkey 1.1.30.03 (HKLM\...\AutoHotkey) (Version: 1.1.30.03 - Lexikos)
Call of Duty Black Ops 4 (HKLM-x32\...\Call of Duty Black Ops 4) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2596707385-3445154772-733900174-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Game Summary (HKU\S-1-5-21-2596707385-3445154772-733900174-1001\...\Overwolf_nafihghfcpikebhfhdhljejkcifgbdahdhngepfb) (Version: 203.6.1 - Overwolf app)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Gyazo 3.6.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.19.0.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.94 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.1.0 - OBS Project)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.131.0.15 - Overwolf Ltd.)
Popcorn-Time (HKU\S-1-5-21-2596707385-3445154772-733900174-1001\...\Popcorn-Time) (Version: 0.3.10 - Popcorn Time)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.10.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.23.1 - Razer Inc.)
Sennheiser Audio (HKLM\...\Sennheiser Game Dongle) (Version: 1.31.35.10 - Sennheiser)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamlabs OBS 0.14.0 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.14.0 - General Workings, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.14.1 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.3.0 - TeamSpeak Systems GmbH)
TeamSpeak Overlay (HKU\S-1-5-21-2596707385-3445154772-733900174-1001\...\Overwolf_jnabojaampcpfclojlbildognlnebnhfhibiielh) (Version: 1.0.0.2 - Overwolf app)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.3.4730 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.80 Build 33 - Windscribe Limited)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
 
Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.521.0_x64__rz1tebttyb220 [2019-05-21] (Dolby Laboratories)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-24] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-03-24] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-05-17] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2596707385-3445154772-733900174-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2596707385-3445154772-733900174-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2596707385-3445154772-733900174-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk -> C:\Users\Home\AppData\Local\Popcorn-Time\Popcorn-Time.exe (The NWJS Community) -> --user-data-dir="C:\Users\Home\AppData\Local\Popcorn-Time\User Data" --profile-directory=Default --app-id=hecfofbbdfadifpemejbbdcjmfmboohj
 
==================== Loaded Modules (Whitelisted) ==============
 
2019-04-09 09:21 - 2019-04-09 09:21 - 000018432 _____ () [File not signed] C:\Program Files\TeamSpeak 3 Client\libEGL.DLL
2019-04-09 09:21 - 2019-04-09 09:21 - 003572224 _____ () [File not signed] C:\Program Files\TeamSpeak 3 Client\libGLESv2.dll
2019-03-24 20:44 - 2019-06-19 02:44 - 000157696 _____ () [File not signed] C:\Users\Home\AppData\Roaming\TS3Client\plugins\gamepad_joystick_win64.dll
2019-04-06 23:18 - 2019-04-06 23:18 - 000050176 _____ () [File not signed] C:\Users\Home\AppData\Roaming\TS3Client\plugins\Pokebotx64.dll
2019-04-05 19:16 - 2019-07-06 03:17 - 006737920 _____ () [File not signed] C:\Users\Home\AppData\Roaming\TS3Client\plugins\rp_soundboard_win64.dll
2019-05-26 18:25 - 2019-06-26 22:58 - 000109568 _____ () [File not signed] C:\Users\Home\AppData\Roaming\TS3Client\plugins\TS3MassMover_win64.dll
2019-04-10 17:30 - 2019-04-10 17:30 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\iconengines\qsvgicon.dll
2019-04-09 09:28 - 2019-04-09 09:28 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2019-04-09 09:29 - 2019-04-09 09:29 - 000397312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2019-04-10 17:29 - 2019-04-10 17:29 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\imageformats\qsvg.dll
2019-04-09 09:30 - 2019-04-09 09:30 - 001453568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2019-05-31 12:05 - 2019-05-31 12:05 - 006130176 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Core.dll
2019-04-09 09:25 - 2019-04-09 09:25 - 006470656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Gui.dll
2019-04-09 09:24 - 2019-04-09 09:24 - 001314816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Network.dll
2019-04-10 18:31 - 2019-04-10 18:31 - 000317440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Positioning.dll
2019-04-09 09:28 - 2019-04-09 09:28 - 000318464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5PrintSupport.dll
2019-04-10 17:55 - 2019-04-10 17:55 - 004001792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Qml.dll
2019-04-10 17:48 - 2019-04-10 17:48 - 003776000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Quick.dll
2019-04-10 17:50 - 2019-04-10 17:50 - 000072704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5QuickWidgets.dll
2019-04-09 09:23 - 2019-04-09 09:23 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Sql.dll
2019-04-10 17:29 - 2019-04-10 17:29 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Svg.dll
2019-04-10 18:40 - 2019-04-10 18:40 - 000113664 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5WebChannel.dll
2019-04-11 02:37 - 2019-04-11 02:37 - 079989760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5WebEngineCore.dll
2019-04-11 02:54 - 2019-04-11 02:54 - 000228864 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5WebEngineWidgets.dll
2019-04-09 09:27 - 2019-04-09 09:27 - 005580800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Widgets.dll
2019-04-09 09:28 - 2019-04-09 09:28 - 001151488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2019-04-09 09:29 - 2019-04-09 09:29 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\styles\qwindowsvistastyle.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Home\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Home\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-24 20:31 - 2019-03-24 20:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Users\Home\AppData\Local\Microsoft\WindowsApps;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2596707385-3445154772-733900174-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{54853C37-DFF9-4CA9-9F9B-17371AB13B92}F:\pubg\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\pubg\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (Bluehole, Inc. -> Bluehole GinnoGames, Inc.)
FirewallRules: [TCP Query User{D31E1579-0465-49BE-B7E1-90C000223BB0}F:\pubg\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\pubg\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (Bluehole, Inc. -> Bluehole GinnoGames, Inc.)
FirewallRules: [{893CFD8A-1706-4E85-8C10-CA95B246C3E0}] => (Allow) F:\Pubg\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation )
FirewallRules: [{BFED96D0-D311-4035-A84D-06C84B561C3B}] => (Allow) F:\Pubg\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation )
FirewallRules: [UDP Query User{2AB5B92C-827A-4B88-8884-C366831130C3}C:\program files (x86)\call of duty black ops 4\blackops4.exe] => (Allow) C:\program files (x86)\call of duty black ops 4\blackops4.exe No File
FirewallRules: [TCP Query User{62C1F8A7-FF7C-444B-8076-8994BB964A68}C:\program files (x86)\call of duty black ops 4\blackops4.exe] => (Allow) C:\program files (x86)\call of duty black ops 4\blackops4.exe No File
FirewallRules: [UDP Query User{5F75C66E-BDF8-41A7-AD3A-EDE4432C4104}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [TCP Query User{177452DE-F2C3-4F81-8BB9-BAC18DE4581F}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [{D6595B5E-95BE-4885-808E-705E18DDAF51}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7FD055A3-7701-451C-885B-65EBAC3D0971}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{4F0CD82A-C5D0-4979-A770-945035BC0C0E}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [TCP Query User{0302D984-768A-4DDF-AF7E-C637EEACE4BC}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{A3CB6366-21C6-40A8-ACB3-69C293567405}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{70C96FFA-DD4F-49C9-999F-ACAF905060E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{7EE14E62-8D8C-422D-A34C-52D9DE5A2A5E}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [TCP Query User{E86C11DF-D03D-4256-B29F-DDAD61B5F984}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [{FF49BACB-1151-4C63-B696-A5A0232A7307}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [{0D41621A-4095-4C95-A050-387C70035B91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [UDP Query User{C5A2F1A2-4AD7-4B42-A4B1-9B8D283B6365}C:\users\home\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\home\appdata\local\popcorn-time\popcorn-time.exe (The NWJS Community) [File not signed]
FirewallRules: [TCP Query User{564E9024-120A-441A-8C2E-F96C775CB5A2}C:\users\home\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\home\appdata\local\popcorn-time\popcorn-time.exe (The NWJS Community) [File not signed]
FirewallRules: [{06CE7F0D-CC31-4C99-A15D-72206767D4AC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{84449E05-551C-4BD3-B1C4-029422BA46F3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{C9EE3FED-5EED-401E-AD84-B8A63B19E511}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5EF5972B-4E8D-4931-863C-75943E58EC6A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{16FF65BB-A7BD-4E4E-B6E7-A544D4F862FB}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{2A1FF98B-864F-42D0-97A5-9D7DDDB75200}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{225CAE97-AE8D-43D5-8249-3D82C83D1746}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E408CC42-EA5F-4FCC-B744-8ABDBEBA239C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4020C4C3-34C6-44D1-A70B-9631645F65F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{937C3817-9E67-4C7C-B523-04A10A4EF08B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8B647E83-FE8E-454E-823D-113CF27F272E}] => (Allow) F:\Pubg\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software)
FirewallRules: [{66E08155-8287-4746-9495-04AD6D49BFA9}] => (Allow) F:\Pubg\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software)
FirewallRules: [{83756775-6BB9-4FB3-A7E5-04EB5730A1C7}] => (Allow) F:\Pubg\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.)
FirewallRules: [{F21E7126-3693-48B4-BD1C-D74997907D6A}] => (Allow) F:\Pubg\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.)
FirewallRules: [{15328490-F24D-4D2A-8E7E-E3F3F57F5EFB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{9E3D9ED8-DE27-4C8D-87C1-413EC38E6C7F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{37C4C942-4E0F-464F-9F4D-169D276DE51B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{C8DD83E6-8A19-46E4-A167-AA67D62A66A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{8423624B-30A9-4885-9C6D-39CBDF701E56}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
 
==================== Restore Points =========================
 
13-06-2019 17:58:08 Windows Update
20-06-2019 17:59:01 Windows Update
24-06-2019 22:22:22 Removed Razer Synapse.
04-07-2019 00:15:31 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/08/2019 01:24:10 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (07/08/2019 01:09:00 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (07/06/2019 12:14:57 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (07/05/2019 02:20:20 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (07/05/2019 01:43:47 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (07/04/2019 05:31:47 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (07/04/2019 03:56:34 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (07/03/2019 05:56:05 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
 
System errors:
=============
Error: (07/08/2019 01:25:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/08/2019 01:25:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/08/2019 01:25:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.SecurityAppBroker
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/08/2019 01:24:55 AM) (Source: DCOM) (EventID: 10016) (User: CALLUMS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user CALLUMS\Home SID (S-1-5-21-2596707385-3445154772-733900174-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/08/2019 01:23:53 AM) (Source: DCOM) (EventID: 10016) (User: CALLUMS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user CALLUMS\Home SID (S-1-5-21-2596707385-3445154772-733900174-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/08/2019 01:23:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/08/2019 01:23:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/08/2019 01:23:22 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 01:06:58 on ‎08/‎07/‎2019 was unexpected.
 
 
Windows Defender:
===================================
Date: 2019-07-05 23:11:51.142
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D98623DF-B55A-4E70-A196-CB367981E808}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-06-30 23:57:30.036
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5025FD75-5E53-46A9-B051-56A8F90437E3}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-06-29 23:29:15.249
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DC031970-A9FE-4EC7-9F59-D94A0A430E67}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-06-29 19:16:48.657
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {25881DAD-828D-4006-B483-AC2FD0A89DB2}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-06-26 18:51:28.991
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D59452B9-C5C3-4705-9AB8-32710D516B90}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-06-23 17:23:41.006
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.295.1254.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16000.6
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2019-06-20 01:43:40.525
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.295.1046.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16000.6
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. V1.8 08/14/2015
Motherboard: MSI Z97I GAMING AC (MS-7920)
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 28%
Total physical RAM: 16332.62 MB
Available physical RAM: 11672.7 MB
Total Virtual: 22988.62 MB
Available Virtual: 15680.97 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.35 GB) (Free:101.8 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:218.01 GB) NTFS
Drive f: (Maxtor) (Fixed) (Total:1863.01 GB) (Free:1088.78 GB) NTFS
 
\\?\Volume{b03bc37b-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.1 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: B03BC37B)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 11831C23)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 55FC53AE)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,737 posts
  • MVP

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP