Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-04-2020
Ran by Stepan (administrator) on STEPAN-PC (ASUS All Series) (02-05-2020 10:15:54)
Running from C:\Users\Stepan\Desktop
Loaded Profiles: Stepan & NeroMediaHomeUser.4 (Available Profiles: Stepan & NeroMediaHomeUser.4 & Jordyn & Natasha & Diane & DefaultAppPool)
Platform: Windows 10 Home Version 1909 18363.778 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(ABBYY Production LLC -> ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksdeui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\avpui.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Prolific Technology Inc.) [File not signed] C:\Windows\SysWOW64\IoctlSvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHMA.EXE
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\SAgent4.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2010-09-17] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2016-07-21] (ABBYY PRODUCTION LLC -> ABBYY Production LLC.) [File not signed]
HKLM-x32\...\Run: [TP-LINK USB Printer Controller] => C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe [4226048 2012-09-21] () [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1150760 2018-04-06] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [EPSON Stylus Photo 1410 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBUP.EXE [139264 2006-07-04] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2010-10-29] (Nero AG -> Nero AG)
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHMA.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [Prolific_OneButton] => C:\Program Files (x86)\Prolific Backup\OneBtn.exe [139264 2010-10-20] () [File not signed]
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe [582672 2020-04-01] (Kaspersky Lab -> AO Kaspersky Lab)
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [utweb] => "C:\Users\Stepan\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHMA.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365160 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\MountPoints2: {78805666-67e7-11ea-9f01-7824afc129ae} - "G:\launcher.exe"
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\MountPoints2: {788056d6-67e7-11ea-9f01-7824afc129ae} - "I:\setup.exe"
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\Run: [EPSON Stylus Photo 1410 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBUP.EXE [139264 2006-07-04] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2010-10-29] (Nero AG -> Nero AG)
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-04-30] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2020-03-12]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2016-08-25]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe () [File not signed]
GroupPolicy\User: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07DEFE58-0104-4E76-A64D-418F836F87AB} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {202B9C98-8397-4C1D-8816-E5CB32EE1987} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-08-26] (Google Inc -> Google Inc.)
Task: {275525EF-010D-4A6D-8111-EDD26CCFDC2F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {301891F7-9AE9-46B5-B6CD-AC52928045E9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-16] (Adobe Inc. -> Adobe)
Task: {4720EF61-D7AD-4C88-838C-29666D426201} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {651EE370-8FC1-4624-96DB-B48627003889} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-16] (Adobe Inc. -> Adobe)
Task: {7E735F77-9ADD-4465-8054-864DA42A935C} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Stepan\Desktop\esetonlinescanner.exe [14566496 2020-04-26] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {93C89BD4-DCED-4B2E-8394-DCA6A756F16A} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Stepan\Desktop\esetonlinescanner.exe [14566496 2020-04-26] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {9F8B5608-9E8E-4BAE-A6A5-E18D494F75E6} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {A1848D82-3D26-4137-B560-CE3918EFDDC3} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {A53684C2-F1AF-47F1-AB78-C4975C8A2178} - System32\Tasks\{61CD6456-A0C2-46D9-A1DC-A3A08D5D51C1} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {A8EEB754-3C67-4A13-B499-245A7CDAFE1A} - System32\Tasks\Opera scheduled Autoupdate 1498468288 => C:\Users\Stepan\AppData\Local\Programs\Opera\launcher.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B508C5B1-8C3C-43ED-AF43-AB3D3B0BFBD5} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Stepan\Desktop\AdwCleaner.exe [8196784 2020-04-26] (Malwarebytes Inc -> Malwarebytes)
Task: {BD0D8DEC-396C-48E6-99B9-E63464A7F733} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [791232 2019-09-10] (Kaspersky Lab -> AO Kaspersky Lab)
Task: {D6E77A3A-271C-4E89-8857-329B893FD614} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-08-26] (Google Inc -> Google Inc.)
Task: {DEE99C80-497E-4783-A8F6-07F1CB28FECA} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {F785096B-2909-40D1-B0DB-D1B0F80F69C8} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{aaf35c55-9740-40c9-bb04-9067357337f0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{b372b17b-aae5-404a-86c5-292d6999387b}: [DhcpNameServer] 10.10.6.1
Tcpip\..\Interfaces\{ceafe424-a186-49d6-bd98-7cd15d1e0654}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Internet Explorer:
==================
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.iinet.net.au/customers/
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.iinet.net.au/customers/
SearchScopes: HKU\S-1-5-21-600410608-1858306824-1911990453-1001 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-600410608-1858306824-1911990453-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-600410608-1858306824-1911990453-1004 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-600410608-1858306824-1911990453-1004 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) [File not signed]
BHO: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\IEExt\ie_plugin.dll [2019-12-18] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\x64\ie_engine.dll [2020-04-01] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\IEExt\ie_plugin.dll [2019-12-18] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\ie_engine.dll [2020-04-01] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) [File not signed]
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\IEExt\ie_plugin.dll [2019-12-18] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\IEExt\ie_plugin.dll [2019-12-18] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1001 -> Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\IEExt\ie_plugin.dll [2019-12-18] (Kaspersky Lab -> AO Kaspersky Lab)
Edge:
======
DownloadDir: C:\Users\Stepan\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-600410608-1858306824-1911990453-1001 -> about:start
Edge Extension: (Kaspersky Password Manager) -> EdgeExtension_KasperskyLabKasperskyPasswordManagerExtension_8jx5e25qw3tdc => C:\Program Files\WindowsApps\KasperskyLab.KasperskyPasswordManagerExtension_2.10.0.0_x64__8jx5e25qw3tdc [2020-04-17]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-10-23] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2018-08-07] [Legacy] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll [2015-08-28] (Nero AG -> Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default [2020-04-30]
CHR Notifications: Default -> hxxps://engage.lasalle.wa.edu.au; hxxps://gibney.coneqt-p.cathednet.wa.edu.au; hxxps://shopping.qantas.com; hxxps://www.epson.de
CHR Extension: (Google Drive) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]
CHR Extension: (YouTube) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-15]
CHR Extension: (Google Search) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Kaspersky Password Manager) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhnkblpjbkfklfloegejegedcafpliaa [2020-04-21]
CHR Extension: (Tasty World (Moscow/RUSSIA)) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebchgchabgghpakkgbpmknjpadmpinih [2016-08-24]
CHR Extension: (Kaspersky Protection) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elhpdacimkjpccooodognopfhbdgnpbk [2020-02-17]
CHR Extension: (Hot Shot Sniper) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibbhkjoamnfmpcilggihmfeebhienpea [2015-12-26]
CHR Extension: (Qantas Shopping Points-Prompter) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchomknmfdaeojlimglgebnjlijedgnk [2020-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-11]
CHR Extension: (Gmail) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-21]
CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKU\S-1-5-21-600410608-1858306824-1911990453-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhnkblpjbkfklfloegejegedcafpliaa] - hxxps://chrome.google.com/webstore/detail/dhnkblpjbkfklfloegejegedcafpliaa
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]
CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC -> ABBYY Production LLC)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3374160 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2016-01-19] (ASUSTeK Computer Inc. -> )
R2 AVP20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\avp.exe [357416 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
S2 CLKMSVC10_90970B6B; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [246256 2010-11-09] (CyberLink -> CyberLink)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4506728 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
S3 klvssbridge64_20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\vssbridge64.exe [438928 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [354152 2020-04-01] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE4.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe [619752 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2010-10-29] (Nero AG -> Nero AG)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495280 2020-04-29] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3446576 2020-04-29] (Electronic Arts, Inc. -> Electronic Arts)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2010-10-20] (Prolific Technology Inc.) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2020-04-12] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2020-04-12] (Even Balance, Inc. -> )
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] (CyberLink -> )
R2 StatusAgent4; C:\WINDOWS\SysWOW64\SAgent4.exe [136576 2011-05-25] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S2 EpsonCustomerResearchParticipation; "C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 2310_00; C:\WINDOWS\system32\drivers\2310_00.sys [170528 2009-06-12] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 272x_1x; C:\WINDOWS\system32\drivers\272x_1x.sys [612672 2012-04-25] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 274x_3x; C:\WINDOWS\system32\drivers\274x_3x.sys [240960 2012-04-25] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 ahcix64s; C:\WINDOWS\system32\drivers\ahcix64s.sys [226616 2009-07-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc)
S3 amdhub30; C:\WINDOWS\system32\drivers\amdhub30.sys [106664 2012-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
S3 amdide64; C:\WINDOWS\system32\drivers\amdide64.sys [11904 2011-12-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
S3 amdxhc; C:\WINDOWS\system32\drivers\amdxhc.sys [226984 2012-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
S3 amd_sata; C:\WINDOWS\system32\drivers\amd_sata.sys [82560 2012-04-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 amd_xata; C:\WINDOWS\system32\drivers\amd_xata.sys [42624 2012-04-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 arcm_a64; C:\WINDOWS\system32\drivers\arcm_a64.sys [52768 2009-11-09] (Areca Technology Corporation -> ARECA Technology Corporation)
S3 asahci64; C:\WINDOWS\system32\drivers\asahci64.sys [49048 2012-07-18] (ASMedia Technology Inc. -> Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2016-01-19] (ASUSTeK Computer Inc. -> )
S3 b06diag; C:\WINDOWS\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation -> Broadcom Corporation)
S3 BFN7x64; C:\WINDOWS\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc. -> Bigfoot Networks, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-10-05] (Microsoft Corporation) [File not signed]
S3 cbaf; C:\WINDOWS\System32\Drivers\cbaf.sys [15872 2008-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corp.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [246912 2019-02-16] (Kaspersky Lab -> AO Kaspersky Lab)
S3 DC133; C:\WINDOWS\system32\drivers\DC133.sys [39320 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC150; C:\WINDOWS\system32\drivers\DC150.sys [39832 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC154; C:\WINDOWS\system32\drivers\DC154.sys [48136 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC300e; C:\WINDOWS\system32\drivers\DC300e.sys [40344 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC324e; C:\WINDOWS\system32\drivers\DC324e.sys [49752 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC3410; C:\WINDOWS\system32\drivers\DC3410.sys [48328 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC4300; C:\WINDOWS\system32\drivers\DC4300.sys [48360 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC600e; C:\WINDOWS\system32\drivers\DC600e.sys [40744 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 dfuuwb; C:\WINDOWS\System32\Drivers\DfuUWB.sys [503296 2008-09-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corp.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EtronHub3; C:\WINDOWS\System32\Drivers\EtronHub3.sys [65152 2012-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
S3 EtronSTOR; C:\WINDOWS\System32\Drivers\EtronSTOR.sys [32512 2012-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
S3 EtronXHCI; C:\WINDOWS\System32\Drivers\EtronXHCI.sys [88832 2012-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
S3 FLxHCIh; C:\WINDOWS\system32\drivers\FLxHCIh.sys [77040 2012-11-02] (Fresco Logic Inc -> Fresco Logic)
S3 hptiop; C:\WINDOWS\system32\drivers\hptiop.sys [17440 2009-05-26] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 hptmv; C:\WINDOWS\system32\drivers\hptmv.sys [93472 2006-09-18] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 hptmv6; C:\WINDOWS\system32\drivers\hptmv6.sys [152096 2007-11-01] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 HWA; C:\WINDOWS\System32\Drivers\HWA.sys [61440 2008-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corp.)
S3 iaStorS; C:\WINDOWS\system32\drivers\iaStorS.sys [651224 2012-06-30] (Intel Corporation -> Intel Corporation)
S3 iteatapi; C:\WINDOWS\system32\drivers\iteatapi.sys [38680 2008-05-14] (ITE Tech. Inc. -> ITE Tech. Inc.)
S3 iteraid; C:\WINDOWS\system32\drivers\iteraid.sys [32768 2007-05-02] (Microsoft Windows Hardware Compatibility Publisher -> ITE Tech. Inc.)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [79768 2020-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [145504 2020-02-12] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [93312 2019-03-12] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37816 2019-01-24] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [251800 2020-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [586496 2020-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1163216 2020-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys [214592 2020-04-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [998296 2020-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [58192 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [79760 2020-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [59512 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [51328 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45904 2019-03-10] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [48592 2018-03-16] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [256752 2020-04-09] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [309968 2020-04-09] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [117496 2020-04-09] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [206880 2020-04-10] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_swmon; C:\WINDOWS\System32\Drivers\klupd_klif_swmon.sys [209928 2018-10-04] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [105600 2019-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [211048 2019-12-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [232344 2020-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-01] (Malwarebytes Corporation -> Malwarebytes)
S3 megasas2; C:\WINDOWS\system32\drivers\megasas2.sys [51496 2012-02-29] (LSI Corporation -> LSI Corporation)
S3 megasr1; C:\WINDOWS\system32\drivers\MegaSR1.sys [461320 2009-04-16] (LSI Corporation -> LSI Corporation, Inc.)
R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
S3 mv61xx; C:\WINDOWS\system32\drivers\mv61xx.sys [183144 2012-05-23] (Marvell Semiconductor -> Marvell Semiconductor, Inc.)
S3 mv91cons; C:\WINDOWS\system32\drivers\mv91cons.sys [28008 2012-10-09] (Marvell Semiconductor -> Marvell Semiconductor Inc.)
S3 mvs91xx; C:\WINDOWS\system32\drivers\mvs91xx.sys [322920 2012-10-09] (Marvell Semiconductor -> Marvell Semiconductor, Inc.)
S3 mvs94xx; C:\WINDOWS\system32\drivers\mvs94xx.sys [367920 2010-12-01] (Marvell Semiconductor -> Marvell Semiconductor, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_db678424d2641c3d\nvlddmkm.sys [22094728 2019-10-04] (NVIDIA Corporation -> NVIDIA Corporation)
S3 nvrd64; C:\WINDOWS\system32\drivers\nvrd64.sys [175720 2010-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ocz10xx; C:\WINDOWS\system32\drivers\ocz10xx.sys [139056 2012-04-06] (OCZ Technology Group -> OCZ Technology Group, Inc.)
S3 ocz12xx; C:\WINDOWS\system32\drivers\ocz12xx.sys [138544 2011-09-15] (OCZ Technology Group -> OCZ Technology Group, Inc.)
S3 Pnp680; C:\WINDOWS\system32\drivers\pnp680.sys [80424 2007-11-13] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 rr174x; C:\WINDOWS\system32\drivers\rr174x.sys [159264 2007-11-01] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr2210; C:\WINDOWS\system32\drivers\rr2210.sys [153632 2007-11-01] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr232x; C:\WINDOWS\system32\drivers\rr232x.sys [152096 2008-05-06] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr2340; C:\WINDOWS\system32\drivers\rr2340.sys [162400 2010-01-01] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr2522; C:\WINDOWS\system32\drivers\rr2522.sys [168032 2010-01-01] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr276x; C:\WINDOWS\system32\drivers\rr276x.sys [241472 2012-04-25] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr278x; C:\WINDOWS\system32\drivers\rr278x.sys [240960 2012-04-25] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr62x; C:\WINDOWS\system32\drivers\rr62x.sys [156256 2010-06-17] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-10-15] (Realtek Semiconductor Corp -> Realtek )
S3 rusb3hub; C:\WINDOWS\system32\drivers\rusb3hub.sys [114568 2012-08-28] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
S3 rusb3xhc; C:\WINDOWS\system32\drivers\rusb3xhc.sys [230280 2012-08-28] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
S3 Ser2pl; C:\WINDOWS\system32\drivers\ser2pl64.sys [158720 2012-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.)
S3 SI3112r; C:\WINDOWS\system32\drivers\SI3112r.sys [164656 2007-02-01] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 SI3114; C:\WINDOWS\system32\drivers\SI3114.sys [99120 2006-11-10] (Silicon Image, Inc. -> Silicon Image, Inc.)
S3 SI3114r; C:\WINDOWS\system32\drivers\SI3114R.sys [163632 2007-04-11] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 SI3124; C:\WINDOWS\system32\drivers\SI3124.sys [113456 2006-11-02] (Silicon Image, Inc. -> Silicon Image, Inc.)
S3 Si3124r5; C:\WINDOWS\system32\drivers\Si3124r5.sys [340008 2010-04-13] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 SI3132; C:\WINDOWS\system32\drivers\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 Si3531; C:\WINDOWS\system32\drivers\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc. -> Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\drivers\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc. -> Silicon Image, Inc)
R0 SiRemFil; C:\WINDOWS\System32\drivers\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc. -> Silicon Image, Inc)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [207344 2020-03-19] (Disc Soft Ltd -> Duplex Secure Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-04-11] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 TplinkUDSMBus; C:\WINDOWS\system32\drivers\TplinkUDSMBus.sys [102688 2012-09-21] (KCODES CORPORATION -> Windows ® Codename Longhorn DDK provider)
S3 uwbusb; C:\WINDOWS\System32\Drivers\usbuwbmini.sys [13312 2008-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corp.)
S3 viamrx64; C:\WINDOWS\system32\drivers\viamrx64.sys [161904 2010-12-03] (VIA Technologies Inc. -> VIA Technologies Inc.,Ltd)
S3 videX64; C:\WINDOWS\system32\drivers\videX64.sys [15000 2010-02-11] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 VUSB3HUB; C:\WINDOWS\system32\drivers\ViaHub3.sys [210944 2012-05-30] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [14800 2016-03-31] (Lespeed Technology Ltd. -> wisecleaner.com) [File not signed]
R0 xfiltx64; C:\WINDOWS\System32\drivers\xfiltx64.sys [26776 2010-02-11] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 xhcdrv; C:\WINDOWS\system32\drivers\xhcdrv.sys [261120 2012-05-30] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp. -> CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-05-02 10:15 - 2020-05-02 10:17 - 000046965 _____ C:\Users\Stepan\Desktop\FRST.txt
2020-05-02 10:15 - 2020-05-02 10:15 - 000000000 ____D C:\Users\Stepan\Desktop\FRST-OlderVersion
2020-05-02 09:32 - 2020-05-02 09:32 - 000022806 _____ C:\Users\Stepan\Desktop\PFT Document Control Register V1.xlsx
2020-05-02 09:09 - 2020-05-02 09:09 - 000003160 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot
2020-04-26 11:19 - 2020-04-26 11:19 - 000003792 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-04-26 11:19 - 2020-04-26 11:19 - 000003350 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-04-26 11:18 - 2020-04-26 11:18 - 000003426 _____ C:\Users\Stepan\Documents\eset.txt
2020-04-26 08:10 - 2020-04-26 08:11 - 000000666 _____ C:\Users\Stepan\Desktop\ESET Online Scanner.lnk
2020-04-26 08:10 - 2020-04-26 08:10 - 000000783 _____ C:\Users\Stepan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-04-26 08:10 - 2020-04-26 08:10 - 000000000 ____D C:\Users\Stepan\AppData\Local\ESET
2020-04-26 08:06 - 2020-04-26 08:06 - 014566496 _____ (ESET spol. s r.o.) C:\Users\Stepan\Desktop\esetonlinescanner.exe
2020-04-26 08:06 - 2020-04-26 08:06 - 008196784 _____ (Malwarebytes) C:\Users\Stepan\Desktop\AdwCleaner.exe
2020-04-20 12:01 - 2020-04-20 12:01 - 000002503 _____ C:\Users\Public\Desktop\Tom Clancy's Rainbow Six Vegas.lnk
2020-04-20 12:01 - 2020-04-20 12:01 - 000002503 _____ C:\ProgramData\Desktop\Tom Clancy's Rainbow Six Vegas.lnk
2020-04-20 12:00 - 2020-04-20 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2020-04-17 12:15 - 2020-04-17 12:15 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-17 12:15 - 2020-04-17 12:15 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-17 12:15 - 2020-04-17 12:15 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-17 12:15 - 2020-04-17 12:15 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-17 12:15 - 2020-04-17 12:15 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-17 12:15 - 2020-04-17 12:15 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-17 12:15 - 2020-04-17 12:15 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-17 12:15 - 2020-04-17 12:15 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-17 12:15 - 2020-04-17 12:15 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-17 12:15 - 2020-04-17 12:15 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-17 12:14 - 2020-04-17 12:14 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-17 12:14 - 2020-04-17 12:14 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-17 12:13 - 2020-04-17 12:13 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-17 11:51 - 2020-04-17 11:51 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-17 11:51 - 2020-04-17 11:51 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-17 10:00 - 2020-04-17 10:01 - 000016734 _____ C:\Users\Stepan\Desktop\Fixlog.txt
2020-04-14 08:18 - 2020-04-14 08:18 - 000032768 _____ C:\WINDOWS\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-shm
2020-04-14 08:18 - 2020-04-14 08:18 - 000032768 _____ C:\WINDOWS\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-shm
2020-04-14 08:18 - 2020-04-14 08:18 - 000032768 _____ C:\WINDOWS\SysWOW64\antimalware.patch_management.product_registry.kvdb-shm
2020-04-14 08:18 - 2020-04-14 08:18 - 000012288 _____ C:\WINDOWS\SysWOW64\antimalware.unwanted_products.product_registry.kvdb
2020-04-14 08:18 - 2020-04-14 08:18 - 000012288 _____ C:\WINDOWS\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb
2020-04-14 08:18 - 2020-04-14 08:18 - 000012288 _____ C:\WINDOWS\SysWOW64\antimalware.patch_management.product_registry.kvdb
2020-04-14 08:18 - 2020-04-14 08:18 - 000000000 _____ C:\WINDOWS\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-wal
2020-04-14 08:18 - 2020-04-14 08:18 - 000000000 _____ C:\WINDOWS\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-wal
2020-04-14 08:18 - 2020-04-14 08:18 - 000000000 _____ C:\WINDOWS\SysWOW64\antimalware.patch_management.product_registry.kvdb-wal
2020-04-13 09:53 - 2020-04-17 10:26 - 000000000 ____D C:\Users\Stepan\Desktop\Geks to go
2020-04-13 08:48 - 2020-05-02 10:15 - 002283520 _____ (Farbar) C:\Users\Stepan\Desktop\FRST64.exe
2020-04-12 19:14 - 2020-04-12 19:14 - 000000000 ____D C:\ProgramData\Ubisoft
2020-04-12 19:13 - 2020-04-12 19:39 - 002337865 _____ C:\WINDOWS\SysWOW64\pbsvc.exe
2020-04-12 19:13 - 2020-04-12 19:39 - 000107832 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2020-04-12 19:13 - 2020-04-12 19:39 - 000066872 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2020-04-12 18:01 - 2020-04-12 18:01 - 000178800 _____ (Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\CmdLineExt_x64.dll
2020-04-12 18:01 - 2020-04-12 18:01 - 000000000 __RHD C:\Users\Stepan\AppData\Roaming\SecuROM
2020-04-12 17:52 - 2020-04-20 12:01 - 000000000 ____D C:\Users\Stepan\Documents\Ubisoft
2020-04-12 17:43 - 2020-04-20 11:54 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2020-04-12 17:42 - 2020-04-12 18:57 - 000000000 ____D C:\Users\Stepan\Desktop\Games
2020-04-12 09:01 - 2020-04-12 09:27 - 000000000 ____D C:\Users\Stepan\Downloads\www.alt.bitworld.to...Tom.Clancys.Rainbow.Six.Vegas.2-RELOADED
2020-04-09 09:47 - 2020-04-09 09:47 - 000309968 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2020-04-09 09:45 - 2020-04-10 10:31 - 000206880 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2020-04-09 09:45 - 2020-04-09 09:45 - 000256752 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2020-04-09 09:45 - 2020-04-09 09:45 - 000117496 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-05-02 10:18 - 2019-10-04 22:13 - 000972156 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-05-02 10:18 - 2019-03-19 12:50 - 000000000 ____D C:\WINDOWS\INF
2020-05-02 10:16 - 2016-08-21 16:42 - 000000000 ____D C:\FRST
2020-05-02 10:16 - 2014-11-29 16:09 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-05-02 10:12 - 2019-10-04 22:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-02 10:12 - 2019-10-04 22:00 - 000000000 ____D C:\Users\NeroMediaHomeUser.4
2020-05-02 10:12 - 2019-10-04 21:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-02 10:12 - 2019-03-19 12:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-05-02 10:12 - 2017-06-02 15:56 - 000000000 ____D C:\ProgramData\NVIDIA
2020-05-02 10:12 - 2015-08-08 17:46 - 000152048 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_90970B6B.sys
2020-05-02 09:25 - 2014-11-30 10:39 - 000000000 ____D C:\Program Files (x86)\Origin
2020-05-02 09:20 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-05-02 09:10 - 2019-03-19 12:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-05-02 09:09 - 2014-11-29 16:28 - 000000000 ____D C:\Program Files (x86)\CyberLink
2020-05-02 09:09 - 2014-11-29 15:29 - 000000000 ____D C:\Program Files\EPSON
2020-05-02 08:31 - 2019-10-01 13:28 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-05-02 08:31 - 2019-10-01 13:28 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-05-01 16:35 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2020-04-30 17:27 - 2019-03-19 12:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-30 16:11 - 2016-08-26 11:15 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-26 14:14 - 2019-03-19 12:37 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2020-04-26 09:41 - 2019-10-11 10:23 - 000000000 ____D C:\Users\Stepan\AppData\Roaming\uTorrent
2020-04-26 09:14 - 2014-11-29 20:27 - 000000000 ____D C:\Program Files (x86)\uTorrent
2020-04-26 09:11 - 2017-07-03 10:54 - 000000000 ____D C:\Program Files (x86)\Sonic and All Stars Racing Transformed
2020-04-26 08:51 - 2016-04-26 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2020-04-26 08:51 - 2016-04-26 19:36 - 000000000 ____D C:\Program Files (x86)\File Type Advisor
2020-04-26 08:08 - 2016-08-21 19:29 - 000000000 ____D C:\AdwCleaner
2020-04-26 08:04 - 2019-10-11 10:25 - 000000000 ____D C:\Users\Stepan\AppData\Local\BitTorrentHelper
2020-04-26 07:54 - 2016-04-27 11:32 - 000000000 ____D C:\Users\Stepan\AppData\Roaming\FileAdvisor
2020-04-22 18:30 - 2014-11-29 20:05 - 000000000 ____D C:\torrents
2020-04-22 11:30 - 2014-11-30 10:42 - 000000000 ____D C:\Users\Stepan\AppData\Roaming\Origin
2020-04-22 11:30 - 2014-11-30 10:39 - 000000000 ____D C:\ProgramData\Origin
2020-04-22 10:41 - 2014-11-30 10:45 - 000000000 ____D C:\Program Files (x86)\Origin Games
2020-04-22 10:37 - 2014-11-30 10:42 - 000000000 ____D C:\Users\Stepan\AppData\Local\Origin
2020-04-21 16:15 - 2019-10-04 22:00 - 000000000 ____D C:\Users\Stepan
2020-04-20 12:01 - 2018-05-23 12:16 - 000000000 ____D C:\Users\Stepan\AppData\Local\D3DSCache
2020-04-20 11:54 - 2014-11-29 15:17 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-04-18 11:16 - 2015-01-09 10:02 - 000000000 ____D C:\Users\Stepan\AppData\Local\ElevatedDiagnostics
2020-04-18 09:18 - 2019-10-04 21:49 - 005195688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-17 20:12 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-17 20:12 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-17 20:12 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-17 20:12 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-17 20:12 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-17 20:12 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-17 12:19 - 2019-03-19 12:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-17 12:14 - 2014-01-02 05:35 - 000410838 __RSH C:\bootmgr
2020-04-16 08:35 - 2019-10-04 22:32 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-600410608-1858306824-1911990453-1001
2020-04-16 08:35 - 2019-10-04 22:00 - 000002405 _____ C:\Users\Stepan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-16 08:35 - 2015-08-08 18:12 - 000000000 ___RD C:\Users\Stepan\OneDrive
2020-04-16 08:18 - 2019-10-04 22:32 - 000004590 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-16 08:18 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-16 08:18 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-14 08:16 - 2019-03-19 02:01 - 000079768 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupdisk.sys
2020-04-14 08:16 - 2018-05-21 15:50 - 000998296 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2020-04-14 08:16 - 2018-05-21 15:50 - 000251800 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2020-04-14 08:16 - 2018-05-21 15:50 - 000232344 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kneps.sys
2020-04-14 08:16 - 2018-05-21 15:50 - 000079760 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klkbdflt.sys
2020-04-12 19:47 - 2014-12-03 13:47 - 000000000 ____D C:\Users\Stepan\Documents\My Games
2020-04-12 10:07 - 2017-11-25 09:51 - 000000000 ____D C:\Users\Stepan\AppData\Roaming\SlickVPN
2020-04-12 10:07 - 2017-11-24 08:47 - 000000000 ____D C:\Program Files (x86)\SlickVPN
2020-04-12 10:04 - 2018-11-13 07:42 - 000000000 ____D C:\Users\Stepan\Documents\iZotope
2020-04-12 09:55 - 2014-12-12 20:02 - 000000000 ____D C:\ProgramData\Apple
2020-04-12 09:43 - 2018-12-19 08:50 - 000000000 ____D C:\ProgramData\Citrix
2020-04-12 09:41 - 2018-12-19 08:49 - 000000000 ____D C:\Users\Stepan\AppData\Local\Citrix
==================== Files in the root of some directories ========
2016-08-21 20:06 - 2016-08-21 20:41 - 000000115 _____ () C:\Users\Stepan\AppData\Roaming\LogFile.txt
2014-11-29 21:28 - 2014-12-04 07:28 - 000000166 _____ () C:\Users\Stepan\AppData\Roaming\WB.CFG
2015-08-13 20:21 - 2015-09-07 15:49 - 212809145 _____ () C:\Users\Stepan\AppData\Local\ACCCx3_2_0_129.zip.aamdownload
2015-08-13 20:21 - 2015-09-07 15:49 - 000002489 _____ () C:\Users\Stepan\AppData\Local\ACCCx3_2_0_129.zip.aamdownload.aamd
2016-12-05 16:28 - 2018-11-18 12:55 - 000007680 _____ () C:\Users\Stepan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-01 19:29 - 2014-12-03 07:28 - 000000001 _____ () C:\Users\Stepan\AppData\Local\DSI.DAT
2014-11-29 22:00 - 2014-11-29 22:00 - 000000036 _____ () C:\Users\Stepan\AppData\Local\housecall.guid.cache
2018-09-23 18:33 - 2018-09-23 18:33 - 000000000 _____ () C:\Users\Stepan\AppData\Local\oobelibMkey.log
2015-07-13 14:25 - 2015-07-13 14:25 - 000000600 _____ () C:\Users\Stepan\AppData\Local\PUTTY.RND
2016-04-20 08:22 - 2016-04-20 08:22 - 000000017 _____ () C:\Users\Stepan\AppData\Local\resmon.resmoncfg
2014-11-30 09:14 - 2015-11-22 07:58 - 000000010 _____ () C:\Users\Stepan\AppData\Local\sponge.last.runtime.cache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-04-2020
Ran by Stepan (02-05-2020 10:22:00)
Running from C:\Users\Stepan\Desktop
Windows 10 Home Version 1909 18363.778 (X64) (2019-10-04 14:33:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-600410608-1858306824-1911990453-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-600410608-1858306824-1911990453-503 - Limited - Disabled)
Diane (S-1-5-21-600410608-1858306824-1911990453-1007 - Limited - Enabled) => C:\Users\Diane
Guest (S-1-5-21-600410608-1858306824-1911990453-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-600410608-1858306824-1911990453-1003 - Limited - Enabled)
Jordyn (S-1-5-21-600410608-1858306824-1911990453-1005 - Limited - Enabled) => C:\Users\Jordyn
Natasha (S-1-5-21-600410608-1858306824-1911990453-1006 - Limited - Enabled) => C:\Users\Natasha
NeroMediaHomeUser.4 (S-1-5-21-600410608-1858306824-1911990453-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
Stepan (S-1-5-21-600410608-1858306824-1911990453-1001 - Administrator - Enabled) => C:\Users\Stepan
WDAGUtilityAccount (S-1-5-21-600410608-1858306824-1911990453-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Total Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\uTorrent) (Version: 3.5.5.45608 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Administrative Templates (ADMX) for Windows 10 (HKLM-x32\...\{166A4A62-D19E-4DFB-8499-FBA08716D847}) (Version: 1.0 - Microsoft Corporation)
Administrative Templates (ADMX) for Windows 10 Version 1511 (HKLM-x32\...\{39E58F1A-1DE1-4B60-8ECF-B54E2580D59C}) (Version: 1.0 - Microsoft Corporation)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Advertising Center (HKLM-x32\...\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden
Camera RAW Plug-In for EPSON Creativity Suite (HKLM-x32\...\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}) (Version: 2.1.0.0 - )
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.50.1 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.30.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.30.0 - Canon Inc.)
Chicken Invaders 5 - Cluck of the Dark Side (HKLM-x32\...\Chicken Invaders 5 - Cluck of the Dark Side1.1) (Version: 1.1 - Foxy Games)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2109.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2109.0 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4704.58 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.5.3.2325 - CyberLink Corp.)
CyberLink PowerProducer 6 (HKLM-x32\...\InstallShield_{D7EACFE3-BC6A-48bb-B28C-4DBF318225E3}) (Version: 6.0.2103.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1152 - Disc Soft Ltd)
EPSON Artisan 1430 Series Printer Uninstall (HKLM\...\EPSON Artisan 1430 Series) (Version: - SEIKO EPSON Corporation)
Epson Copy Utility 4 (HKLM-x32\...\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation)
EPSON CopyFactory (HKLM-x32\...\{52B4C42B-A110-4236-95C8-AA4B137C16AC}) (Version: 4.7.0.0 - Seiko Epson Corporation)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{0324C972-6139-489C-9003-857C4F195A80}) (Version: 3.10.0094 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON PERFECTION V30_V300 PHOTO Manual (HKLM-x32\...\EPSON PERFECTION V30_V300 PHOTO User’s Guide) (Version: - )
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.05.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Epson Software Updater (HKLM-x32\...\{4830989D-5FA5-41DF-A02F-5D1B4D5C73B8}) (Version: 4.4.10 - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky)
Kaspersky Total Security (HKLM-x32\...\{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Mass Effect™ (HKLM-x32\...\{44A570EE-FD93-4086-8997-2C38DFDE0019}) (Version: 1.2.20608.0 - Electronic Arts)
Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Mass Effect™: Andromeda (HKLM-x32\...\{72BBCA87-9350-48BC-9E2F-6DBC1E80C993}) (Version: 1.0.0.10 - Electronic Arts)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Nero 2016 Content Pack (HKLM-x32\...\{006F5CFF-ED35-41AF-9B2A-F52B0F545BF4}) (Version: 17.0.00200 - Nero AG)
Nero MediaHome 4 Essentials (HKLM-x32\...\{c58b8d2f-2381-4a7e-8037-50e713f5781f}) (Version: - Nero AG)
Nero MediaHome Free (HKLM-x32\...\{14A8A437-1BC1-4B14-8887-3B5EF324A7FA}) (Version: 16.0.00800 - Nero AG)
Network Guide EPSON Artisan 1430 Series (HKLM-x32\...\EPSON Artisan 1430 Series Netg) (Version: - )
NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.5 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials II for PowerDirector (HKLM\...\NewBlue Video Essentials II for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials III for PowerDirector (HKLM\...\NewBlue Video Essentials III for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VII for Windows (HKLM-x32\...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Graphics Driver 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 432.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.69.40136 - Electronic Arts, Inc.)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PHOTOfunSTUDIO 9.0 SE (HKLM-x32\...\{42B815EE-C908-4FE4-8B8E-E8B907F5B06F}) (Version: 9.00.312 - Panasonic Corporation)
Prerequisite installer (HKLM-x32\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{799AFA36-4EA5-4323-8689-74C06645A26B}) (Version: 16.0.0003 - Nero AG) Hidden
Prolific Backup (HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\{D88A7919-C81E-4F6A-8B77-D1B2E42EE0CD}) (Version: 3.9.1.8 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.91.1119.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SteamWorld Dig (HKLM-x32\...\{F81E6BA3-5772-4435-B635-D71E90130052}) (Version: 1.10.0.0 - Image & Form)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tom Clancys Rainbow Six Siege (HKLM-x32\...\Tom Clancys Rainbow Six Siege_is1) (Version: - )
Tom Clancy's Rainbow Six Vegas (HKLM-x32\...\{5731C0A8-B266-451A-8D3F-8066AA21836F}) (Version: 1.06.000 - Ubisoft)
Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.00 - Ubisoft)
TP-LINK USB Printer Controller (HKLM-x32\...\{3EC900B5-28EE-4472-A9FF-B11A879EC838}) (Version: 1.12.0927 - TP-LINK)
Treasure Pack v1.1 for Super DX-Ball Deluxe (HKLM-x32\...\Treasure Pack for Super DX-Ball Deluxe_is1) (Version: 1.1 - BlitWise Productions, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
User's Guide EPSON Artisan 1430 Series (HKLM-x32\...\EPSON Artisan 1430 Series Useg) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
Windows 10 Codec Pack 2.0.8 (HKLM-x32\...\Windows 10 - Codec Pack) (Version: 2.0.8 - Windows 10 Codec Pack)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Packages:
=========
ASUS Welcome -> C:\Program Files\WindowsApps\B9ECED6F.ASUSWelcome_1.0.1.0_x64__qmba6cd70vzyy [2015-08-08] (ASUSTeK COMPUTER INC.)
Despicable Me: Minion Rush -> C:\Program Files\WindowsApps\GAMELOFTSA.DespicableMeMinionRush_4.1.4.1_x86__0pp20fcewvvtj [2019-11-08] (GAMELOFT SA)
Kaspersky Password Manager Extension -> C:\Program Files\WindowsApps\KasperskyLab.KasperskyPasswordManagerExtension_2.10.0.0_x64__8jx5e25qw3tdc [2020-04-17] (Kaspersky Lab)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_1.9.1911.0_x86__8wekyb3d8bbwe [2019-12-20] (Microsoft Studios) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.10.2011.0_x64__8wekyb3d8bbwe [2020-04-22] (Microsoft Studios) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.4282.0_x64__8wekyb3d8bbwe [2020-04-30] (Microsoft Studios) [MS Ad]
Microsoft Wireless Display Adapter -> C:\Program Files\WindowsApps\Microsoft.SurfaceWirelessDisplayAdapter_3.4.137.1000_x64__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation)
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-12] (Netflix, Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2015-11-14] (Microsoft Corporation)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2015-11-26] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY PRODUCTION LLC -> ABBYY Production LLC.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [2019-10-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [2019-10-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [2019-10-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY PRODUCTION LLC -> ABBYY Production LLC.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [2019-10-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\system32\prodad-codec.dll [607256 2016-08-26] (proDAD GmbH -> proDAD GmbH)
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [249536 2016-09-21] (Cole Williams Software Limited -> )
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [3635904 2016-10-04] (Cole Williams Software Limited -> x264vfw project)
HKLM\...\Drivers32: [vidc.lags] => C:\Windows\SysWOW64\lagarith.dll [230080 2016-09-21] (Cole Williams Software Limited -> )
HKLM\...\Drivers32: [msacm.divxa32] => C:\Windows\SysWOW64\DivXa32.acm [291408 2013-12-17] (Packed With Joy !) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\Stepan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chicken Invaders 5 - Cluck of the Dark Side\Chicken Invaders 5 - Cluck of the Dark Side.lnk -> C:\Program Files (x86)\Foxy Games\Chicken Invaders 5 - Cluck of the Dark Side\Start_Game.bat ()
ShortcutWithArgument: C:\Users\Stepan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2016-08-25 13:06 - 2015-02-18 14:11 - 000112128 _____ ( () [File not signed]) [File is in use ] C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2017-06-02 15:55 - 2020-05-02 10:12 - 000027648 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2018-04-30 17:00 - 2018-04-30 17:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-10-05 13:37 - 2019-10-05 13:37 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2015-06-17 16:44 - 2015-06-17 16:44 - 000500736 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2012-01-14 07:31 - 2020-04-12 08:44 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2012-01-14 07:31 - 2020-04-12 08:44 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2014-11-30 11:10 - 2020-04-12 08:44 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2020-05-02 09:25 - 2020-04-12 08:44 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2020-05-02 09:25 - 2020-04-12 08:44 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2020-05-02 09:25 - 2020-04-12 08:44 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2020-05-02 09:25 - 2020-04-12 08:44 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2020-05-02 09:25 - 2020-04-12 08:44 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2020-05-02 09:25 - 2020-04-12 08:44 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\123simsen.com -> www.123simsen.com
There are 7912 more sites.
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\123simsen.com -> www.123simsen.com
There are 7912 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 10:34 - 2009-06-11 05:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\ArcSoft\Bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\Control Panel\Desktop\\Wallpaper -> c:\users\stepan\appdata\local\microsoft\windows\themes\transcodedwallpaper
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 9.0 SE.lnk => C:\Windows\pss\PHOTOfunSTUDIO 9.0 SE.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Stepan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR12"
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\StartupApproved\Run: => "EPSON Stylus Photo 1410 Series"
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\StartupApproved\Run: => "EPSON Stylus Photo 1410 Series"
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0628CCDD-AE77-4DAC-8242-B7ADE427C880}] => (Allow) C:\Users\Stepan\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{7E0D9499-5C7A-4F6F-B3BA-8A9278D077A4}] => (Allow) C:\Users\Stepan\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{27994549-1AD4-4C47-8DD6-078E3918F932}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{6B1C3705-FFF0-4CB3-8928-68A3DACE2ADD}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{007F0AB7-F976-48A9-9831-6E2EFB77017D}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromeda.exe (Electronic Arts -> Electronic Arts - BioWare)
FirewallRules: [{411D4F9B-45B3-43A3-8E02-9912FD386CC9}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromeda.exe (Electronic Arts -> Electronic Arts - BioWare)
FirewallRules: [{CC7D53D7-8696-43B3-A44E-8FD588174934}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromedaTrial.exe (Electronic Arts - BioWare) [File not signed]
FirewallRules: [{4B9790BB-9335-4114-AB67-758F8C023A70}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromedaTrial.exe (Electronic Arts - BioWare) [File not signed]
FirewallRules: [{6190AE6F-5BBD-4741-BD8B-92B4D3C89D02}] => (Allow) C:\Program Files (x86)\Origin Games\SteamWorld Dig\SteamWorldDig.exe (Electronic Arts -> )
FirewallRules: [{6C589FE3-7BC6-45C1-B2CA-C8B419A10036}] => (Allow) C:\Program Files (x86)\Origin Games\SteamWorld Dig\SteamWorldDig.exe (Electronic Arts -> )
FirewallRules: [{97F5FD09-A354-4BBB-9C0B-1C9D367987D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{87EA50CA-C85D-4A76-980F-B789313EB7E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{71E6AAFA-E238-4B08-9F30-CCC1119CAF0D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{661C3A1A-7CD8-4E51-8C33-ED8CD9B088E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe No File
FirewallRules: [{A6C8F960-1143-499A-80CC-2D51C73986F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe No File
FirewallRules: [{81CB942F-685E-45F8-8886-D43E658AC97B}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect\Binaries\MassEffect.exe (Electronic Arts -> BioWare)
FirewallRules: [{11868A1E-7B92-4DA6-BBB7-28AE6F6D8113}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect\Binaries\MassEffect.exe (Electronic Arts -> BioWare)
FirewallRules: [{B88831DC-C27B-4E9E-B1FB-0CA7BC864879}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe (Nero AG -> Nero AG)
FirewallRules: [{397D0BFA-2F1A-456F-AE22-96BEAF23E36A}] => (Allow) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe () [File not signed]
FirewallRules: [{C8F06330-4A56-4D9B-A034-BE271BA1E07A}] => (Allow) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe () [File not signed]
FirewallRules: [{5D85116B-5834-42C6-8A85-0C5D579E82FC}] => (Allow) LPort=7437
FirewallRules: [{487A6627-3525-4AFE-B348-3B93E4BC1D29}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe (Electronic Arts -> BioWare)
FirewallRules: [{D2290D92-D732-481B-8FDC-F24740D4019D}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe (Electronic Arts -> BioWare)
FirewallRules: [{6CFF4968-3013-4B4A-952D-46075AECEC52}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{5FA4761C-A75B-4E8C-8940-86B334D974EC}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{C4FB434D-A4D3-4CB9-8CE3-B5451B85EB15}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{73921BFB-5E37-4F9D-9F9A-56C74A39BD28}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{591A1799-FC4E-40B0-8946-3EE9B348ED1E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{CA35F41E-9164-4BF0-9EFD-AA0322E93973}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{A7045599-AAC5-4D45-8C31-954E2EF5E0D0}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe () [File not signed]
FirewallRules: [{50B7AAB7-9EC5-4502-B350-1E710B4DE097}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe () [File not signed]
FirewallRules: [{51F224D0-9555-4CAE-91C4-4613D0D2964E}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{C5AB63E7-F2A1-4AC6-BDFE-2E920C60682D}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{0E4E09AD-D899-47A0-9463-06F30D6B68EA}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe () [File not signed]
FirewallRules: [{82020927-E6AA-47C1-8117-09A8D117EBD4}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe () [File not signed]
FirewallRules: [{EBC7EE7E-3562-4B7F-AF47-616B620A8905}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe (Ubisoft) [File not signed]
FirewallRules: [{4F64E1E8-DE0E-4E33-87F0-A238FE33E44C}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe (Ubisoft) [File not signed]
FirewallRules: [{D35192D1-353C-4E8D-B9E4-2D89AE0E9771}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
26-04-2020 19:00:11 Windows Backup
02-05-2020 09:08:34 AdwCleaner_BeforeCleaning_02/05/2020_09:08:33
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (05/02/2020 10:19:32 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6028,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (05/02/2020 09:25:53 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6160,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (05/02/2020 09:09:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (05/02/2020 09:09:57 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (05/02/2020 09:09:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (05/02/2020 09:09:57 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (05/02/2020 08:33:40 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10000,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (05/01/2020 07:37:29 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10108,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
System errors:
=============
Error: (05/02/2020 10:12:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The W3SVC service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Error: (05/02/2020 10:12:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetPipeActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Error: (05/02/2020 10:12:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Error: (05/02/2020 10:12:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetMsmqActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Error: (05/02/2020 10:12:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WAS service terminated with the following error:
The system cannot find the drive specified.
Error: (05/02/2020 10:12:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EpsonCustomerResearchParticipation service failed to start due to the following error:
The system cannot find the file specified.
Error: (05/02/2020 10:12:21 AM) (Source: WAS) (EventID: 5005) (User: )
Description: Windows Process Activation Service (WAS) is stopping because it encountered an error. The data field contains the error number.
Error: (05/02/2020 10:12:21 AM) (Source: WAS) (EventID: 5215) (User: )
Description: The Windows Process Activation Service (WAS) failed to execute initialization for offline setup. The data field contains the error number.
CodeIntegrity:
===================================
Date: 2020-05-02 10:14:40.871
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2020-05-02 10:14:40.529
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2020-05-02 10:14:40.090
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2020-05-02 10:14:40.074
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2020-05-02 10:14:32.157
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2020-05-02 10:14:32.134
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2020-05-02 10:14:32.109
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2020-05-02 09:15:51.663
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 2001 06/16/2014
Motherboard: ASUSTeK COMPUTER INC. H81M-PLUS
Processor: Intel® Core i3-4160 CPU @ 3.60GHz
Percentage of memory in use: 41%
Total physical RAM: 8127.7 MB
Available physical RAM: 4785.91 MB
Total Virtual: 16319.7 MB
Available Virtual: 12598.06 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.98 GB) (Free:484.89 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:74.53 GB) (Free:2.2 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:465.75 GB) (Free:0 GB) NTFS
\\?\Volume{d1cf5b0c-0000-0000-0000-f0bee8000000}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D1CF5B0C)
Partition 1: (Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=541 MB) - (Type=27)
==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: E6CAE6CA)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: 069A6176)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================