Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

my computer is infected [Solved]

Started by traindriver , Apr 12 2020 07:13 PM

  • This topic is locked This topic is locked

#1
traindriver
Posted 12 April 2020 - 07:13 PM

traindriver

    Member

  • Member
  • PipPip
  • 61 posts

my pc runs slow, games take a long time to run and run slow or freeze, it takes al long time for the pc to start up and thakes a long time for programs to start slow and freeze

Attached Files


Edited by traindriver, 12 April 2020 - 07:54 PM.

  • 0

Advertisements

#2
iMacg3
Posted 14 April 2020 - 09:57 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Hi traindriver, welcome to the Geeks to Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:

  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 4 days, it will be closed.
    • If your topic is closed and you still need assistance, send me a Personal Message with a link to your topic.
  • If you have questions at any time during the cleanup, feel free to ask.

=======================
 
Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Settings icon > Apps

If you wish to keep it, please do not use it until your computer is cleaned.

---------------------------------------------------
Uninstall a Program

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program(s) on the list:

    Web Companion

  • Select the above program(s) and click Uninstall.
  • Restart the computer if prompted.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8022104 2020-04-05] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
Task: {02956C8B-4C94-4BE3-83EF-2D2BC950856B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
C:\Program Files (x86)\Lavasoft
SearchScopes: HKU\S-1-5-21-600410608-1858306824-1911990453-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-600410608-1858306824-1911990453-1007 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1001 -> No Name - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1004 -> No Name - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1004 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1005 -> No Name - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1005 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1006 -> No Name - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1006 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1007 -> No Name - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1007 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-04-05] (LAVASOFT SOFTWARE CANADA INC -> )
folder: C:\Users\Stepan\AppData\Roaming\FileAdvisor
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
AlternateDataStreams: C:\ProgramData\CLDShowX.ini:Update.CL [5122]
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [UDP Query User{63F5EF56-61E3-4F25-B764-04CABBE70739}C:\users\stepan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\stepan\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [TCP Query User{57EBDE8D-766D-4073-BC05-46E4515B922B}C:\users\stepan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\stepan\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [{BAEBE4F3-BB6F-4A20-AF60-4AE4ED6951DA}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{25D83DEA-0112-4F48-AC36-8D5ECDAF9C21}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{7FA7E24E-FA9F-4902-8E07-62E45EDE71B1}] => (Allow) C:\Program Files (x86)\SlickVPN\slickvpn.exe No File
FirewallRules: [{673E1574-4647-48BB-9533-CB0F08B6D482}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{27E6121D-D0FE-4F81-8C88-628F701AC7BD}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{7E6E1163-2B07-4EE1-AA95-5E7102F2BE23}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{21A9EF4D-3555-4B20-B1B1-F8BC861304AF}] => (Allow) C:\Program Files (x86)\SlickVPN\slickvpn.exe No File
FirewallRules: [{3C2C7772-664A-41C0-88D0-0C6AAFC1DD10}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{CA4C3B06-2FF2-49B9-B4A7-0AEBC1545858}] => (Allow) C:\Users\Stepan\AppData\Local\Programs\Opera\45.0.2552.892\opera.exe No File
FirewallRules: [{43506C00-5517-4F5C-891B-61704A50BA61}] => (Allow) C:\Users\Stepan\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{7226139F-45D0-4DAD-84BC-88458E9DF7BD}] => (Allow) C:\Users\Stepan\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{861C0AEA-825C-4B98-BA4E-9D622AA7B67C}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{4C521B11-1765-4AEE-8420-C7EB6A9E79FA}] => (Allow) C:\Program Files (x86)\SlickVPN\slickvpn.exe No File
FirewallRules: [{609E358A-46D8-4F07-9AAD-BCC8EB78D4B3}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{5AB0F217-C2E6-4AB0-A1EF-DE867EF9251D}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{C2C0B3AC-23BA-419C-BC65-CAB42001CDAA}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{B02AB2F6-3F8B-4AC5-9E9A-E8AC06A46F61}] => (Allow) C:\Program Files (x86)\SlickVPN\slickvpn.exe No File
FirewallRules: [{9CCE5909-42A8-494E-B0CA-9E0F8108E79C}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{E69F07A1-1017-4F11-8492-4687C009029F}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{52A50E28-3780-4851-B3B8-69409A589A7C}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{427D6A1F-5609-496C-BD8B-8ECFA493BE53}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{B1ECFB1C-DA72-4CE7-BC51-A389E8701911}] => (Allow) C:\Program Files (x86)\SlickVPN\slickvpn.exe No File
FirewallRules: [{FFDC7595-45DB-4B46-AA2A-3C12F0BEF01A}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{46CBE64F-69F7-47BF-B06C-E7BEC8FB3A75}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{97421A2C-0C8D-4F66-AFAC-9FC536D22759}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{487B9D0B-74C8-43F9-AD21-711231E837C4}] => (Allow) C:\Program Files (x86)\SlickVPN\slickvpn.exe No File
FirewallRules: [{5490BAD7-3924-43D5-AF50-B59DF774B890}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{AE54685F-9BA0-417D-9AD3-01C5CF648A72}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
End::

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

In your next reply, please include


  • Fixlog.txt

Let me know how the computer is doing


  • 0

#3
traindriver
Posted 16 April 2020 - 08:28 PM

traindriver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

All done here is the attatchment you wanted.


  • 0

#4
iMacg3
Posted 19 April 2020 - 11:08 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Sorry for the delay

I don't see the attachment. You can copy and paste the fixlog in your reply unless you receive an error about post length
  • 0

#5
traindriver
Posted 21 April 2020 - 12:51 AM

traindriver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-04-2020
Ran by Stepan (17-04-2020 10:00:55) Run:1
Running from C:\Users\Stepan\Desktop
Loaded Profiles: Stepan & NeroMediaHomeUser.4 & Jordyn & Natasha & Diane & DefaultAppPool (Available Profiles: Stepan & NeroMediaHomeUser.4 & Jordyn & Natasha & Diane & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8022104 2020-04-05] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
Task: {02956C8B-4C94-4BE3-83EF-2D2BC950856B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
C:\Program Files (x86)\Lavasoft
SearchScopes: HKU\S-1-5-21-600410608-1858306824-1911990453-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-600410608-1858306824-1911990453-1007 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1001 -> No Name - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1004 -> No Name - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1004 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1005 -> No Name - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1005 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1006 -> No Name - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1006 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1007 -> No Name - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} -  No File
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1007 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-04-05] (LAVASOFT SOFTWARE CANADA INC -> )
folder: C:\Users\Stepan\AppData\Roaming\FileAdvisor
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
AlternateDataStreams: C:\ProgramData\CLDShowX.ini:Update.CL [5122]
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [UDP Query User{63F5EF56-61E3-4F25-B764-04CABBE70739}C:\users\stepan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\stepan\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [TCP Query User{57EBDE8D-766D-4073-BC05-46E4515B922B}C:\users\stepan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\stepan\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [{BAEBE4F3-BB6F-4A20-AF60-4AE4ED6951DA}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{25D83DEA-0112-4F48-AC36-8D5ECDAF9C21}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{7FA7E24E-FA9F-4902-8E07-62E45EDE71B1}] => (Allow) C:\Program Files (x86)\SlickVPN\slickvpn.exe No File
FirewallRules: [{673E1574-4647-48BB-9533-CB0F08B6D482}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{27E6121D-D0FE-4F81-8C88-628F701AC7BD}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{7E6E1163-2B07-4EE1-AA95-5E7102F2BE23}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{21A9EF4D-3555-4B20-B1B1-F8BC861304AF}] => (Allow) C:\Program Files (x86)\SlickVPN\slickvpn.exe No File
FirewallRules: [{3C2C7772-664A-41C0-88D0-0C6AAFC1DD10}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{CA4C3B06-2FF2-49B9-B4A7-0AEBC1545858}] => (Allow) C:\Users\Stepan\AppData\Local\Programs\Opera\45.0.2552.892\opera.exe No File
FirewallRules: [{43506C00-5517-4F5C-891B-61704A50BA61}] => (Allow) C:\Users\Stepan\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{7226139F-45D0-4DAD-84BC-88458E9DF7BD}] => (Allow) C:\Users\Stepan\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{861C0AEA-825C-4B98-BA4E-9D622AA7B67C}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{4C521B11-1765-4AEE-8420-C7EB6A9E79FA}] => (Allow) C:\Program Files (x86)\SlickVPN\slickvpn.exe No File
FirewallRules: [{609E358A-46D8-4F07-9AAD-BCC8EB78D4B3}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{5AB0F217-C2E6-4AB0-A1EF-DE867EF9251D}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{C2C0B3AC-23BA-419C-BC65-CAB42001CDAA}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{B02AB2F6-3F8B-4AC5-9E9A-E8AC06A46F61}] => (Allow) C:\Program Files (x86)\SlickVPN\slickvpn.exe No File
FirewallRules: [{9CCE5909-42A8-494E-B0CA-9E0F8108E79C}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{E69F07A1-1017-4F11-8492-4687C009029F}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{52A50E28-3780-4851-B3B8-69409A589A7C}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{427D6A1F-5609-496C-BD8B-8ECFA493BE53}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{B1ECFB1C-DA72-4CE7-BC51-A389E8701911}] => (Allow) C:\Program Files (x86)\SlickVPN\slickvpn.exe No File
FirewallRules: [{FFDC7595-45DB-4B46-AA2A-3C12F0BEF01A}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{46CBE64F-69F7-47BF-B06C-E7BEC8FB3A75}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{97421A2C-0C8D-4F66-AFAC-9FC536D22759}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{487B9D0B-74C8-43F9-AD21-711231E837C4}] => (Allow) C:\Program Files (x86)\SlickVPN\slickvpn.exe No File
FirewallRules: [{5490BAD7-3924-43D5-AF50-B59DF774B890}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
FirewallRules: [{AE54685F-9BA0-417D-9AD3-01C5CF648A72}] => (Allow) C:\Program Files (x86)\SlickVPN\resources\bin\win32\openvpn.exe No File
*****************
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-600410608-1858306824-1911990453-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02956C8B-4C94-4BE3-83EF-2D2BC950856B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02956C8B-4C94-4BE3-83EF-2D2BC950856B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"C:\Program Files (x86)\Lavasoft" => not found
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKU\S-1-5-21-600410608-1858306824-1911990453-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKU\S-1-5-21-600410608-1858306824-1911990453-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{001032CB-B0AC-4F2C-A650-AD4B2B26E5DA}" => removed successfully
"HKU\S-1-5-21-600410608-1858306824-1911990453-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{093F479D-712E-46CD-9E06-62E734A05F68}" => removed successfully
"HKU\S-1-5-21-600410608-1858306824-1911990453-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C500C267-63BF-451F-8797-4D720C9A2ED9}" => removed successfully
"HKU\S-1-5-21-600410608-1858306824-1911990453-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{001032CB-B0AC-4F2C-A650-AD4B2B26E5DA}" => removed successfully
"HKU\S-1-5-21-600410608-1858306824-1911990453-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{093F479D-712E-46CD-9E06-62E734A05F68}" => removed successfully
"HKU\S-1-5-21-600410608-1858306824-1911990453-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{001032CB-B0AC-4F2C-A650-AD4B2B26E5DA}" => removed successfully
"HKU\S-1-5-21-600410608-1858306824-1911990453-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{093F479D-712E-46CD-9E06-62E734A05F68}" => removed successfully
"HKU\S-1-5-21-600410608-1858306824-1911990453-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{001032CB-B0AC-4F2C-A650-AD4B2B26E5DA}" => removed successfully
"HKU\S-1-5-21-600410608-1858306824-1911990453-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{093F479D-712E-46CD-9E06-62E734A05F68}" => removed successfully
"HKU\S-1-5-21-600410608-1858306824-1911990453-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{001032CB-B0AC-4F2C-A650-AD4B2B26E5DA}" => removed successfully
"HKU\S-1-5-21-600410608-1858306824-1911990453-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{093F479D-712E-46CD-9E06-62E734A05F68}" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nladljmabboanhihfkjacnnkgjhnokhj => removed successfully
WCAssistantService => service not found.
========================= folder: C:\Users\Stepan\AppData\Roaming\FileAdvisor ========================

====== End of Folder: ======
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MagicISO => removed successfully
HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MagicISO => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MagicISO => removed successfully
C:\ProgramData\CLDShowX.ini => ":Update.CL" ADS removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{63F5EF56-61E3-4F25-B764-04CABBE70739}C:\users\stepan\appdata\roaming\spotify\spotify.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{57EBDE8D-766D-4073-BC05-46E4515B922B}C:\users\stepan\appdata\roaming\spotify\spotify.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAEBE4F3-BB6F-4A20-AF60-4AE4ED6951DA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{25D83DEA-0112-4F48-AC36-8D5ECDAF9C21}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FA7E24E-FA9F-4902-8E07-62E45EDE71B1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{673E1574-4647-48BB-9533-CB0F08B6D482}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27E6121D-D0FE-4F81-8C88-628F701AC7BD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E6E1163-2B07-4EE1-AA95-5E7102F2BE23}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{21A9EF4D-3555-4B20-B1B1-F8BC861304AF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3C2C7772-664A-41C0-88D0-0C6AAFC1DD10}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA4C3B06-2FF2-49B9-B4A7-0AEBC1545858}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43506C00-5517-4F5C-891B-61704A50BA61}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7226139F-45D0-4DAD-84BC-88458E9DF7BD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{861C0AEA-825C-4B98-BA4E-9D622AA7B67C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C521B11-1765-4AEE-8420-C7EB6A9E79FA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{609E358A-46D8-4F07-9AAD-BCC8EB78D4B3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5AB0F217-C2E6-4AB0-A1EF-DE867EF9251D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C2C0B3AC-23BA-419C-BC65-CAB42001CDAA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B02AB2F6-3F8B-4AC5-9E9A-E8AC06A46F61}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9CCE5909-42A8-494E-B0CA-9E0F8108E79C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E69F07A1-1017-4F11-8492-4687C009029F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{52A50E28-3780-4851-B3B8-69409A589A7C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{427D6A1F-5609-496C-BD8B-8ECFA493BE53}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B1ECFB1C-DA72-4CE7-BC51-A389E8701911}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FFDC7595-45DB-4B46-AA2A-3C12F0BEF01A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46CBE64F-69F7-47BF-B06C-E7BEC8FB3A75}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97421A2C-0C8D-4F66-AFAC-9FC536D22759}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{487B9D0B-74C8-43F9-AD21-711231E837C4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5490BAD7-3924-43D5-AF50-B59DF774B890}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE54685F-9BA0-417D-9AD3-01C5CF648A72}" => removed successfully

The system needed a reboot.
==== End of Fixlog 10:01:47 ====

  • 0

#6
iMacg3
Posted 22 April 2020 - 09:04 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi traindriver

Please do this.

---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
---------------------------------------------------

In your next reply

- Please include both logs and let me know how the computer is doing
  • 0

#7
traindriver
Posted 25 April 2020 - 09:20 PM

traindriver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Adwaere

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-26-2020
# Duration: 00:00:52
# OS:       Windows 10 Home
# Scanned:  31802
# Detected: 59

***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Amazon1Button      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
PUP.Optional.Amazon1Button      HKLM\Software\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
PUP.Optional.Amazon1Button      HKLM\Software\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
PUP.Optional.Amazon1Button      HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
PUP.Optional.Amazon1Button      HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
PUP.Optional.AmazonAssistant    HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
PUP.Optional.AmazonAssistant    HKLM\Software\Classes\AppID\{F18AE3C4-D2AD-42AC-9282-509DCF035D06}
PUP.Optional.AmazonAssistant    HKLM\Software\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
PUP.Optional.AmazonAssistant    HKLM\Software\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
PUP.Optional.AmazonAssistant    HKLM\Software\Wow6432Node\\AppDataLow\Software\Amazon\AmazonAssistant
PUP.Optional.AmazonAssistant    HKLM\Software\Wow6432Node\\Classes\AppID\AmazonAppIE.dll
PUP.Optional.AmazonAssistant    HKLM\Software\Wow6432Node\\Classes\AppID\{F18AE3C4-D2AD-42AC-9282-509DCF035D06}
PUP.Optional.AmazonAssistant    HKLM\Software\Wow6432Node\\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
PUP.Optional.AmazonAssistant    HKLM\Software\Wow6432Node\\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
PUP.Optional.Assistant          HKLM\System\CurrentControlSet\Services\EventLog\Application\Amazon Assistant Service
PUP.Optional.Conduit            HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Conduit            HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
PUP.Optional.InstallCore        HKCU\Software\csastats
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy             HKCU\Software\distromatic
PUP.Optional.Legacy             HKCU\Software\sparktrust
PUP.Optional.Legacy             HKLM\Software\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy             HKLM\Software\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\sparktrust
PUP.Optional.Legacy             HKLM\Software\pcv-var
PUP.Optional.Legacy             HKU\S-1-5-21-600410608-1858306824-1911990453-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy             HKU\S-1-5-21-600410608-1858306824-1911990453-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Norassie           HKCU\Software\Norassie
PUP.Optional.ProductSetup.A     HKCU\Software\PRODUCTSETUP
PUP.Optional.WebCompanion       HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\WebCompanion.exe
PUP.Optional.WebCompanion       HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.CyberLinkLabelPrint   File   C:\Users\Public\Desktop\CyberLink LabelPrint 2.5.lnk
Preinstalled.CyberLinkLabelPrint   Folder   C:\Program Files (x86)\CYBERLINK\LABELPRINT
Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkService   Folder   C:\Program Files\CYBERLINK\SHARED FILES\PLUGIN\NEWBLUE
Preinstalled.CyberLinkService   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\NewBlue Video Essentials for Cyberlink
Preinstalled.EpsonCustomerResearchParticipation   Folder   C:\Program Files\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION
Preinstalled.EpsonCustomerResearchParticipation   Folder   C:\ProgramData\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION
Preinstalled.EpsonCustomerResearchParticipation   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B26449A6-6007-4460-B4FE-C4776115BCEA}
Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Preinstalled.HPTouchSmart   File   C:\Users\Stepan\Desktop\Netflix.lnk
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
ESET
26/04/2020 11:17:53
Files scanned: 479514
Detected files: 11
Cleaned files: 11
Total scan time 02:49:21
Scan status: Finished
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\amtemu.v0.9.1-painter.exe Win32/HackTool.Crack.FS potentially unsafe application cleaned by deleting
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\amtemu.v0.9.1-painter.exe Win32/HackTool.Crack.FS potentially unsafe application cleaned by deleting
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\MSIMG32.dll Win32/HackTool.Crack.DT potentially unsafe application cleaned by deleting
C:\Program Files (x86)\File Type Advisor\fileadvisor.exe a variant of Win32/FileTypeAdvisor.A potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Sonic and All Stars Racing Transformed\steam_api.dll Win32/HackTool.Crack.BQ potentially unsafe application cleaned by deleting
C:\Program Files (x86)\uTorrent\uTorrent.exe a variant of Win32/uTorrent.D potentially unwanted application cleaned by deleting
C:\Users\Stepan\AppData\Roaming\uTorrent\updates\3.5.5_45341.exe a variant of Win32/uTorrent.C potentially unwanted application cleaned by deleting
C:\Users\Stepan\AppData\Roaming\uTorrent\updates\3.5.5_45365.exe a variant of Win32/uTorrent.C potentially unwanted application cleaned by deleting
C:\Users\Stepan\AppData\Roaming\uTorrent\updates\3.5.5_45608.exe a variant of Win32/uTorrent.C potentially unwanted application cleaned by deleting
C:\Users\Stepan\AppData\Roaming\uTorrent\uTorrent.exe a variant of Win32/uTorrent.C potentially unwanted application cleaned by deleting
D:\utorrent.exe a variant of Win32/uTorrent.D potentially unwanted application cleaned by deleting
 

  • 0

#8
iMacg3
Posted 28 April 2020 - 06:05 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi traindriver

Sorry for the delay


---------------------------------------------------
AdwCleaner - Clean
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now
  • When the scan has finished a Scan Results window will open.
  • Please ensure all boxes are checked and then click Quarantine
    • Click Next
    • If any pre-installed software was found on your machine, a prompt window will open ...
      • Click OK to close it
    • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
    • Click Quarantine
  • A prompt to save your work will appear ...
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear ...
    • Click Restart Now
  • Once your computer has restarted ...
    • If it doesn't open automatically, please start AdwCleaner ...
    • Click the Log Files tab ...
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

  • 0

#9
traindriver
Posted 01 May 2020 - 07:16 PM

traindriver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-02-2020
# Duration: 00:00:09
# OS:       Windows 10 Home
# Cleaned:  58
# Failed:   0

***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKCU\Software\Norassie
Deleted       HKCU\Software\PRODUCTSETUP
Deleted       HKCU\Software\csastats
Deleted       HKCU\Software\distromatic
Deleted       HKCU\Software\sparktrust
Deleted       HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
Deleted       HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
Deleted       HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\WebCompanion.exe
Deleted       HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
Deleted       HKLM\Software\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
Deleted       HKLM\Software\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
Deleted       HKLM\Software\Classes\AppID\{F18AE3C4-D2AD-42AC-9282-509DCF035D06}
Deleted       HKLM\Software\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted       HKLM\Software\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Deleted       HKLM\Software\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
Deleted       HKLM\Software\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted       HKLM\Software\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
Deleted       HKLM\Software\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted       HKLM\Software\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted       HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Deleted       HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\\AppDataLow\Software\Amazon\AmazonAssistant
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\AmazonAppIE.dll
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\{F18AE3C4-D2AD-42AC-9282-509DCF035D06}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
Deleted       HKLM\Software\Wow6432Node\sparktrust
Deleted       HKLM\Software\pcv-var
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\Amazon Assistant Service
Deleted       HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted       HKU\S-1-5-21-600410608-1858306824-1911990453-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\S-1-5-21-600410608-1858306824-1911990453-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted       Preinstalled.CyberLinkLabelPrint   File   C:\Users\Public\Desktop\CyberLink LabelPrint 2.5.lnk
Deleted       Preinstalled.CyberLinkLabelPrint   Folder   C:\Program Files (x86)\CYBERLINK\LABELPRINT
Deleted       Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted       Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted       Preinstalled.CyberLinkService   Folder   C:\Program Files\CYBERLINK\SHARED FILES\PLUGIN\NEWBLUE
Deleted       Preinstalled.CyberLinkService   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\NewBlue Video Essentials for Cyberlink
Deleted       Preinstalled.EpsonCustomerResearchParticipation   Folder   C:\Program Files\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION
Deleted       Preinstalled.EpsonCustomerResearchParticipation   Folder   C:\ProgramData\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION
Deleted       Preinstalled.EpsonCustomerResearchParticipation   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B26449A6-6007-4460-B4FE-C4776115BCEA}
Deleted       Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Deleted       Preinstalled.HPTouchSmart   File   C:\Users\Stepan\Desktop\Netflix.lnk

*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [7710 octets] - [26/04/2020 08:08:00]
AdwCleaner[S01].txt - [7680 octets] - [02/05/2020 09:07:43]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

  • 0

#10
iMacg3
Posted 01 May 2020 - 07:55 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi traindriver

Thank you for the logs. Please do the following

------------------------Scan with FRST------------------------
  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

  • 0

Advertisements

#11
traindriver
Posted 01 May 2020 - 08:29 PM

traindriver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-04-2020
Ran by Stepan (administrator) on STEPAN-PC (ASUS All Series) (02-05-2020 10:15:54)
Running from C:\Users\Stepan\Desktop
Loaded Profiles: Stepan & NeroMediaHomeUser.4 (Available Profiles: Stepan & NeroMediaHomeUser.4 & Jordyn & Natasha & Diane & DefaultAppPool)
Platform: Windows 10 Home Version 1909 18363.778 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(ABBYY Production LLC -> ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksdeui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\avpui.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Prolific Technology Inc.) [File not signed] C:\Windows\SysWOW64\IoctlSvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHMA.EXE
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\SAgent4.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2010-09-17] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2016-07-21] (ABBYY PRODUCTION LLC -> ABBYY Production LLC.) [File not signed]
HKLM-x32\...\Run: [TP-LINK USB Printer Controller] => C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe [4226048 2012-09-21] () [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1150760 2018-04-06] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [EPSON Stylus Photo 1410 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBUP.EXE [139264 2006-07-04] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2010-10-29] (Nero AG -> Nero AG)
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHMA.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [Prolific_OneButton] => C:\Program Files (x86)\Prolific Backup\OneBtn.exe [139264 2010-10-20] () [File not signed]
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe [582672 2020-04-01] (Kaspersky Lab -> AO Kaspersky Lab)
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [utweb] => "C:\Users\Stepan\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHMA.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365160 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\MountPoints2: {78805666-67e7-11ea-9f01-7824afc129ae} - "G:\launcher.exe"
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\MountPoints2: {788056d6-67e7-11ea-9f01-7824afc129ae} - "I:\setup.exe"
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\Run: [EPSON Stylus Photo 1410 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBUP.EXE [139264 2006-07-04] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2010-10-29] (Nero AG -> Nero AG)
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-04-30] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2020-03-12]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2016-08-25]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe () [File not signed]
GroupPolicy\User: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07DEFE58-0104-4E76-A64D-418F836F87AB} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {202B9C98-8397-4C1D-8816-E5CB32EE1987} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-08-26] (Google Inc -> Google Inc.)
Task: {275525EF-010D-4A6D-8111-EDD26CCFDC2F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {301891F7-9AE9-46B5-B6CD-AC52928045E9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-16] (Adobe Inc. -> Adobe)
Task: {4720EF61-D7AD-4C88-838C-29666D426201} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {651EE370-8FC1-4624-96DB-B48627003889} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-16] (Adobe Inc. -> Adobe)
Task: {7E735F77-9ADD-4465-8054-864DA42A935C} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Stepan\Desktop\esetonlinescanner.exe [14566496 2020-04-26] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {93C89BD4-DCED-4B2E-8394-DCA6A756F16A} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Stepan\Desktop\esetonlinescanner.exe [14566496 2020-04-26] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {9F8B5608-9E8E-4BAE-A6A5-E18D494F75E6} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {A1848D82-3D26-4137-B560-CE3918EFDDC3} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {A53684C2-F1AF-47F1-AB78-C4975C8A2178} - System32\Tasks\{61CD6456-A0C2-46D9-A1DC-A3A08D5D51C1} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {A8EEB754-3C67-4A13-B499-245A7CDAFE1A} - System32\Tasks\Opera scheduled Autoupdate 1498468288 => C:\Users\Stepan\AppData\Local\Programs\Opera\launcher.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B508C5B1-8C3C-43ED-AF43-AB3D3B0BFBD5} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Stepan\Desktop\AdwCleaner.exe [8196784 2020-04-26] (Malwarebytes Inc -> Malwarebytes)
Task: {BD0D8DEC-396C-48E6-99B9-E63464A7F733} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [791232 2019-09-10] (Kaspersky Lab -> AO Kaspersky Lab)
Task: {D6E77A3A-271C-4E89-8857-329B893FD614} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-08-26] (Google Inc -> Google Inc.)
Task: {DEE99C80-497E-4783-A8F6-07F1CB28FECA} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {F785096B-2909-40D1-B0DB-D1B0F80F69C8} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{aaf35c55-9740-40c9-bb04-9067357337f0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{b372b17b-aae5-404a-86c5-292d6999387b}: [DhcpNameServer] 10.10.6.1
Tcpip\..\Interfaces\{ceafe424-a186-49d6-bd98-7cd15d1e0654}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Internet Explorer:
==================
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.iinet.net.au/customers/
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.iinet.net.au/customers/
SearchScopes: HKU\S-1-5-21-600410608-1858306824-1911990453-1001 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-600410608-1858306824-1911990453-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-600410608-1858306824-1911990453-1004 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-600410608-1858306824-1911990453-1004 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) [File not signed]
BHO: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\IEExt\ie_plugin.dll [2019-12-18] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\x64\ie_engine.dll [2020-04-01] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\IEExt\ie_plugin.dll [2019-12-18] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\ie_engine.dll [2020-04-01] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) [File not signed]
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\IEExt\ie_plugin.dll [2019-12-18] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\IEExt\ie_plugin.dll [2019-12-18] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-600410608-1858306824-1911990453-1001 -> Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\IEExt\ie_plugin.dll [2019-12-18] (Kaspersky Lab -> AO Kaspersky Lab)
Edge:
======
DownloadDir: C:\Users\Stepan\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-600410608-1858306824-1911990453-1001 -> about:start
Edge Extension: (Kaspersky Password Manager) -> EdgeExtension_KasperskyLabKasperskyPasswordManagerExtension_8jx5e25qw3tdc => C:\Program Files\WindowsApps\KasperskyLab.KasperskyPasswordManagerExtension_2.10.0.0_x64__8jx5e25qw3tdc [2020-04-17]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-10-23] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2018-08-07] [Legacy] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll [2015-08-28] (Nero AG -> Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default [2020-04-30]
CHR Notifications: Default -> hxxps://engage.lasalle.wa.edu.au; hxxps://gibney.coneqt-p.cathednet.wa.edu.au; hxxps://shopping.qantas.com; hxxps://www.epson.de
CHR Extension: (Google Drive) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]
CHR Extension: (YouTube) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-15]
CHR Extension: (Google Search) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Kaspersky Password Manager) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhnkblpjbkfklfloegejegedcafpliaa [2020-04-21]
CHR Extension: (Tasty World (Moscow/RUSSIA)) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebchgchabgghpakkgbpmknjpadmpinih [2016-08-24]
CHR Extension: (Kaspersky Protection) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elhpdacimkjpccooodognopfhbdgnpbk [2020-02-17]
CHR Extension: (Hot Shot Sniper) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibbhkjoamnfmpcilggihmfeebhienpea [2015-12-26]
CHR Extension: (Qantas Shopping Points-Prompter) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchomknmfdaeojlimglgebnjlijedgnk [2020-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-11]
CHR Extension: (Gmail) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Stepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-21]
CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKU\S-1-5-21-600410608-1858306824-1911990453-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhnkblpjbkfklfloegejegedcafpliaa] - hxxps://chrome.google.com/webstore/detail/dhnkblpjbkfklfloegejegedcafpliaa
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]
CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC -> ABBYY Production LLC)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3374160 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2016-01-19] (ASUSTeK Computer Inc. -> )
R2 AVP20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\avp.exe [357416 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
S2 CLKMSVC10_90970B6B; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [246256 2010-11-09] (CyberLink -> CyberLink)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4506728 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
S3 klvssbridge64_20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\vssbridge64.exe [438928 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [354152 2020-04-01] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE4.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe [619752 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2010-10-29] (Nero AG -> Nero AG)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495280 2020-04-29] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3446576 2020-04-29] (Electronic Arts, Inc. -> Electronic Arts)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2010-10-20] (Prolific Technology Inc.) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2020-04-12] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2020-04-12] (Even Balance, Inc. -> )
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] (CyberLink -> )
R2 StatusAgent4; C:\WINDOWS\SysWOW64\SAgent4.exe [136576 2011-05-25] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S2 EpsonCustomerResearchParticipation; "C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 2310_00; C:\WINDOWS\system32\drivers\2310_00.sys [170528 2009-06-12] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 272x_1x; C:\WINDOWS\system32\drivers\272x_1x.sys [612672 2012-04-25] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 274x_3x; C:\WINDOWS\system32\drivers\274x_3x.sys [240960 2012-04-25] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 ahcix64s; C:\WINDOWS\system32\drivers\ahcix64s.sys [226616 2009-07-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc)
S3 amdhub30; C:\WINDOWS\system32\drivers\amdhub30.sys [106664 2012-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
S3 amdide64; C:\WINDOWS\system32\drivers\amdide64.sys [11904 2011-12-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
S3 amdxhc; C:\WINDOWS\system32\drivers\amdxhc.sys [226984 2012-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
S3 amd_sata; C:\WINDOWS\system32\drivers\amd_sata.sys [82560 2012-04-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 amd_xata; C:\WINDOWS\system32\drivers\amd_xata.sys [42624 2012-04-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 arcm_a64; C:\WINDOWS\system32\drivers\arcm_a64.sys [52768 2009-11-09] (Areca Technology Corporation -> ARECA Technology Corporation)
S3 asahci64; C:\WINDOWS\system32\drivers\asahci64.sys [49048 2012-07-18] (ASMedia Technology Inc. -> Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2016-01-19] (ASUSTeK Computer Inc. -> )
S3 b06diag; C:\WINDOWS\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation -> Broadcom Corporation)
S3 BFN7x64; C:\WINDOWS\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc. -> Bigfoot Networks, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-10-05] (Microsoft Corporation) [File not signed]
S3 cbaf; C:\WINDOWS\System32\Drivers\cbaf.sys [15872 2008-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corp.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [246912 2019-02-16] (Kaspersky Lab -> AO Kaspersky Lab)
S3 DC133; C:\WINDOWS\system32\drivers\DC133.sys [39320 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC150; C:\WINDOWS\system32\drivers\DC150.sys [39832 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC154; C:\WINDOWS\system32\drivers\DC154.sys [48136 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC300e; C:\WINDOWS\system32\drivers\DC300e.sys [40344 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC324e; C:\WINDOWS\system32\drivers\DC324e.sys [49752 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC3410; C:\WINDOWS\system32\drivers\DC3410.sys [48328 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC4300; C:\WINDOWS\system32\drivers\DC4300.sys [48360 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC600e; C:\WINDOWS\system32\drivers\DC600e.sys [40744 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 dfuuwb; C:\WINDOWS\System32\Drivers\DfuUWB.sys [503296 2008-09-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corp.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EtronHub3; C:\WINDOWS\System32\Drivers\EtronHub3.sys [65152 2012-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
S3 EtronSTOR; C:\WINDOWS\System32\Drivers\EtronSTOR.sys [32512 2012-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
S3 EtronXHCI; C:\WINDOWS\System32\Drivers\EtronXHCI.sys [88832 2012-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
S3 FLxHCIh; C:\WINDOWS\system32\drivers\FLxHCIh.sys [77040 2012-11-02] (Fresco Logic Inc -> Fresco Logic)
S3 hptiop; C:\WINDOWS\system32\drivers\hptiop.sys [17440 2009-05-26] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 hptmv; C:\WINDOWS\system32\drivers\hptmv.sys [93472 2006-09-18] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 hptmv6; C:\WINDOWS\system32\drivers\hptmv6.sys [152096 2007-11-01] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 HWA; C:\WINDOWS\System32\Drivers\HWA.sys [61440 2008-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corp.)
S3 iaStorS; C:\WINDOWS\system32\drivers\iaStorS.sys [651224 2012-06-30] (Intel Corporation -> Intel Corporation)
S3 iteatapi; C:\WINDOWS\system32\drivers\iteatapi.sys [38680 2008-05-14] (ITE Tech. Inc. -> ITE Tech. Inc.)
S3 iteraid; C:\WINDOWS\system32\drivers\iteraid.sys [32768 2007-05-02] (Microsoft Windows Hardware Compatibility Publisher -> ITE Tech. Inc.)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [79768 2020-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [145504 2020-02-12] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [93312 2019-03-12] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37816 2019-01-24] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [251800 2020-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [586496 2020-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1163216 2020-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys [214592 2020-04-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [998296 2020-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [58192 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [79760 2020-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [59512 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [51328 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45904 2019-03-10] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [48592 2018-03-16] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [256752 2020-04-09] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [309968 2020-04-09] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [117496 2020-04-09] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [206880 2020-04-10] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_swmon; C:\WINDOWS\System32\Drivers\klupd_klif_swmon.sys [209928 2018-10-04] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [105600 2019-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [211048 2019-12-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [232344 2020-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-01] (Malwarebytes Corporation -> Malwarebytes)
S3 megasas2; C:\WINDOWS\system32\drivers\megasas2.sys [51496 2012-02-29] (LSI Corporation -> LSI Corporation)
S3 megasr1; C:\WINDOWS\system32\drivers\MegaSR1.sys [461320 2009-04-16] (LSI Corporation -> LSI Corporation, Inc.)
R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
S3 mv61xx; C:\WINDOWS\system32\drivers\mv61xx.sys [183144 2012-05-23] (Marvell Semiconductor -> Marvell Semiconductor, Inc.)
S3 mv91cons; C:\WINDOWS\system32\drivers\mv91cons.sys [28008 2012-10-09] (Marvell Semiconductor -> Marvell Semiconductor Inc.)
S3 mvs91xx; C:\WINDOWS\system32\drivers\mvs91xx.sys [322920 2012-10-09] (Marvell Semiconductor -> Marvell Semiconductor, Inc.)
S3 mvs94xx; C:\WINDOWS\system32\drivers\mvs94xx.sys [367920 2010-12-01] (Marvell Semiconductor -> Marvell Semiconductor, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_db678424d2641c3d\nvlddmkm.sys [22094728 2019-10-04] (NVIDIA Corporation -> NVIDIA Corporation)
S3 nvrd64; C:\WINDOWS\system32\drivers\nvrd64.sys [175720 2010-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ocz10xx; C:\WINDOWS\system32\drivers\ocz10xx.sys [139056 2012-04-06] (OCZ Technology Group -> OCZ Technology Group, Inc.)
S3 ocz12xx; C:\WINDOWS\system32\drivers\ocz12xx.sys [138544 2011-09-15] (OCZ Technology Group -> OCZ Technology Group, Inc.)
S3 Pnp680; C:\WINDOWS\system32\drivers\pnp680.sys [80424 2007-11-13] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 rr174x; C:\WINDOWS\system32\drivers\rr174x.sys [159264 2007-11-01] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr2210; C:\WINDOWS\system32\drivers\rr2210.sys [153632 2007-11-01] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr232x; C:\WINDOWS\system32\drivers\rr232x.sys [152096 2008-05-06] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr2340; C:\WINDOWS\system32\drivers\rr2340.sys [162400 2010-01-01] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr2522; C:\WINDOWS\system32\drivers\rr2522.sys [168032 2010-01-01] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr276x; C:\WINDOWS\system32\drivers\rr276x.sys [241472 2012-04-25] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr278x; C:\WINDOWS\system32\drivers\rr278x.sys [240960 2012-04-25] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr62x; C:\WINDOWS\system32\drivers\rr62x.sys [156256 2010-06-17] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-10-15] (Realtek Semiconductor Corp -> Realtek )
S3 rusb3hub; C:\WINDOWS\system32\drivers\rusb3hub.sys [114568 2012-08-28] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
S3 rusb3xhc; C:\WINDOWS\system32\drivers\rusb3xhc.sys [230280 2012-08-28] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
S3 Ser2pl; C:\WINDOWS\system32\drivers\ser2pl64.sys [158720 2012-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.)
S3 SI3112r; C:\WINDOWS\system32\drivers\SI3112r.sys [164656 2007-02-01] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 SI3114; C:\WINDOWS\system32\drivers\SI3114.sys [99120 2006-11-10] (Silicon Image, Inc. -> Silicon Image, Inc.)
S3 SI3114r; C:\WINDOWS\system32\drivers\SI3114R.sys [163632 2007-04-11] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 SI3124; C:\WINDOWS\system32\drivers\SI3124.sys [113456 2006-11-02] (Silicon Image, Inc. -> Silicon Image, Inc.)
S3 Si3124r5; C:\WINDOWS\system32\drivers\Si3124r5.sys [340008 2010-04-13] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 SI3132; C:\WINDOWS\system32\drivers\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 Si3531; C:\WINDOWS\system32\drivers\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc. -> Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\drivers\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc. -> Silicon Image, Inc)
R0 SiRemFil; C:\WINDOWS\System32\drivers\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc. -> Silicon Image, Inc)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [207344 2020-03-19] (Disc Soft Ltd -> Duplex Secure Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-04-11] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 TplinkUDSMBus; C:\WINDOWS\system32\drivers\TplinkUDSMBus.sys [102688 2012-09-21] (KCODES CORPORATION -> Windows ® Codename Longhorn DDK provider)
S3 uwbusb; C:\WINDOWS\System32\Drivers\usbuwbmini.sys [13312 2008-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corp.)
S3 viamrx64; C:\WINDOWS\system32\drivers\viamrx64.sys [161904 2010-12-03] (VIA Technologies Inc. -> VIA Technologies Inc.,Ltd)
S3 videX64; C:\WINDOWS\system32\drivers\videX64.sys [15000 2010-02-11] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 VUSB3HUB; C:\WINDOWS\system32\drivers\ViaHub3.sys [210944 2012-05-30] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [14800 2016-03-31] (Lespeed Technology Ltd. -> wisecleaner.com) [File not signed]
R0 xfiltx64; C:\WINDOWS\System32\drivers\xfiltx64.sys [26776 2010-02-11] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 xhcdrv; C:\WINDOWS\system32\drivers\xhcdrv.sys [261120 2012-05-30] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp. -> CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-05-02 10:15 - 2020-05-02 10:17 - 000046965 _____ C:\Users\Stepan\Desktop\FRST.txt
2020-05-02 10:15 - 2020-05-02 10:15 - 000000000 ____D C:\Users\Stepan\Desktop\FRST-OlderVersion
2020-05-02 09:32 - 2020-05-02 09:32 - 000022806 _____ C:\Users\Stepan\Desktop\PFT Document Control Register V1.xlsx
2020-05-02 09:09 - 2020-05-02 09:09 - 000003160 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot
2020-04-26 11:19 - 2020-04-26 11:19 - 000003792 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-04-26 11:19 - 2020-04-26 11:19 - 000003350 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-04-26 11:18 - 2020-04-26 11:18 - 000003426 _____ C:\Users\Stepan\Documents\eset.txt
2020-04-26 08:10 - 2020-04-26 08:11 - 000000666 _____ C:\Users\Stepan\Desktop\ESET Online Scanner.lnk
2020-04-26 08:10 - 2020-04-26 08:10 - 000000783 _____ C:\Users\Stepan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-04-26 08:10 - 2020-04-26 08:10 - 000000000 ____D C:\Users\Stepan\AppData\Local\ESET
2020-04-26 08:06 - 2020-04-26 08:06 - 014566496 _____ (ESET spol. s r.o.) C:\Users\Stepan\Desktop\esetonlinescanner.exe
2020-04-26 08:06 - 2020-04-26 08:06 - 008196784 _____ (Malwarebytes) C:\Users\Stepan\Desktop\AdwCleaner.exe
2020-04-20 12:01 - 2020-04-20 12:01 - 000002503 _____ C:\Users\Public\Desktop\Tom Clancy's Rainbow Six Vegas.lnk
2020-04-20 12:01 - 2020-04-20 12:01 - 000002503 _____ C:\ProgramData\Desktop\Tom Clancy's Rainbow Six Vegas.lnk
2020-04-20 12:00 - 2020-04-20 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2020-04-17 12:15 - 2020-04-17 12:15 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-17 12:15 - 2020-04-17 12:15 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-17 12:15 - 2020-04-17 12:15 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-17 12:15 - 2020-04-17 12:15 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-17 12:15 - 2020-04-17 12:15 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-17 12:15 - 2020-04-17 12:15 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-17 12:15 - 2020-04-17 12:15 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-17 12:15 - 2020-04-17 12:15 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-17 12:15 - 2020-04-17 12:15 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-17 12:15 - 2020-04-17 12:15 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-17 12:15 - 2020-04-17 12:15 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-17 12:14 - 2020-04-17 12:14 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-17 12:14 - 2020-04-17 12:14 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-17 12:14 - 2020-04-17 12:14 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-17 12:14 - 2020-04-17 12:14 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-17 12:14 - 2020-04-17 12:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-17 12:13 - 2020-04-17 12:13 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-17 12:13 - 2020-04-17 12:13 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-17 12:13 - 2020-04-17 12:13 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-17 12:13 - 2020-04-17 12:13 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-17 11:51 - 2020-04-17 11:51 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-17 11:51 - 2020-04-17 11:51 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-17 10:00 - 2020-04-17 10:01 - 000016734 _____ C:\Users\Stepan\Desktop\Fixlog.txt
2020-04-14 08:18 - 2020-04-14 08:18 - 000032768 _____ C:\WINDOWS\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-shm
2020-04-14 08:18 - 2020-04-14 08:18 - 000032768 _____ C:\WINDOWS\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-shm
2020-04-14 08:18 - 2020-04-14 08:18 - 000032768 _____ C:\WINDOWS\SysWOW64\antimalware.patch_management.product_registry.kvdb-shm
2020-04-14 08:18 - 2020-04-14 08:18 - 000012288 _____ C:\WINDOWS\SysWOW64\antimalware.unwanted_products.product_registry.kvdb
2020-04-14 08:18 - 2020-04-14 08:18 - 000012288 _____ C:\WINDOWS\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb
2020-04-14 08:18 - 2020-04-14 08:18 - 000012288 _____ C:\WINDOWS\SysWOW64\antimalware.patch_management.product_registry.kvdb
2020-04-14 08:18 - 2020-04-14 08:18 - 000000000 _____ C:\WINDOWS\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-wal
2020-04-14 08:18 - 2020-04-14 08:18 - 000000000 _____ C:\WINDOWS\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-wal
2020-04-14 08:18 - 2020-04-14 08:18 - 000000000 _____ C:\WINDOWS\SysWOW64\antimalware.patch_management.product_registry.kvdb-wal
2020-04-13 09:53 - 2020-04-17 10:26 - 000000000 ____D C:\Users\Stepan\Desktop\Geks to go
2020-04-13 08:48 - 2020-05-02 10:15 - 002283520 _____ (Farbar) C:\Users\Stepan\Desktop\FRST64.exe
2020-04-12 19:14 - 2020-04-12 19:14 - 000000000 ____D C:\ProgramData\Ubisoft
2020-04-12 19:13 - 2020-04-12 19:39 - 002337865 _____ C:\WINDOWS\SysWOW64\pbsvc.exe
2020-04-12 19:13 - 2020-04-12 19:39 - 000107832 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2020-04-12 19:13 - 2020-04-12 19:39 - 000066872 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2020-04-12 18:01 - 2020-04-12 18:01 - 000178800 _____ (Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\CmdLineExt_x64.dll
2020-04-12 18:01 - 2020-04-12 18:01 - 000000000 __RHD C:\Users\Stepan\AppData\Roaming\SecuROM
2020-04-12 17:52 - 2020-04-20 12:01 - 000000000 ____D C:\Users\Stepan\Documents\Ubisoft
2020-04-12 17:43 - 2020-04-20 11:54 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2020-04-12 17:42 - 2020-04-12 18:57 - 000000000 ____D C:\Users\Stepan\Desktop\Games
2020-04-12 09:01 - 2020-04-12 09:27 - 000000000 ____D C:\Users\Stepan\Downloads\www.alt.bitworld.to...Tom.Clancys.Rainbow.Six.Vegas.2-RELOADED
2020-04-09 09:47 - 2020-04-09 09:47 - 000309968 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2020-04-09 09:45 - 2020-04-10 10:31 - 000206880 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2020-04-09 09:45 - 2020-04-09 09:45 - 000256752 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2020-04-09 09:45 - 2020-04-09 09:45 - 000117496 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-05-02 10:18 - 2019-10-04 22:13 - 000972156 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-05-02 10:18 - 2019-03-19 12:50 - 000000000 ____D C:\WINDOWS\INF
2020-05-02 10:16 - 2016-08-21 16:42 - 000000000 ____D C:\FRST
2020-05-02 10:16 - 2014-11-29 16:09 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-05-02 10:12 - 2019-10-04 22:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-02 10:12 - 2019-10-04 22:00 - 000000000 ____D C:\Users\NeroMediaHomeUser.4
2020-05-02 10:12 - 2019-10-04 21:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-02 10:12 - 2019-03-19 12:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-05-02 10:12 - 2017-06-02 15:56 - 000000000 ____D C:\ProgramData\NVIDIA
2020-05-02 10:12 - 2015-08-08 17:46 - 000152048 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_90970B6B.sys
2020-05-02 09:25 - 2014-11-30 10:39 - 000000000 ____D C:\Program Files (x86)\Origin
2020-05-02 09:20 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-05-02 09:10 - 2019-03-19 12:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-05-02 09:09 - 2014-11-29 16:28 - 000000000 ____D C:\Program Files (x86)\CyberLink
2020-05-02 09:09 - 2014-11-29 15:29 - 000000000 ____D C:\Program Files\EPSON
2020-05-02 08:31 - 2019-10-01 13:28 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-05-02 08:31 - 2019-10-01 13:28 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-05-01 16:35 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2020-04-30 17:27 - 2019-03-19 12:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-30 16:11 - 2016-08-26 11:15 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-26 14:14 - 2019-03-19 12:37 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2020-04-26 09:41 - 2019-10-11 10:23 - 000000000 ____D C:\Users\Stepan\AppData\Roaming\uTorrent
2020-04-26 09:14 - 2014-11-29 20:27 - 000000000 ____D C:\Program Files (x86)\uTorrent
2020-04-26 09:11 - 2017-07-03 10:54 - 000000000 ____D C:\Program Files (x86)\Sonic and All Stars Racing Transformed
2020-04-26 08:51 - 2016-04-26 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2020-04-26 08:51 - 2016-04-26 19:36 - 000000000 ____D C:\Program Files (x86)\File Type Advisor
2020-04-26 08:08 - 2016-08-21 19:29 - 000000000 ____D C:\AdwCleaner
2020-04-26 08:04 - 2019-10-11 10:25 - 000000000 ____D C:\Users\Stepan\AppData\Local\BitTorrentHelper
2020-04-26 07:54 - 2016-04-27 11:32 - 000000000 ____D C:\Users\Stepan\AppData\Roaming\FileAdvisor
2020-04-22 18:30 - 2014-11-29 20:05 - 000000000 ____D C:\torrents
2020-04-22 11:30 - 2014-11-30 10:42 - 000000000 ____D C:\Users\Stepan\AppData\Roaming\Origin
2020-04-22 11:30 - 2014-11-30 10:39 - 000000000 ____D C:\ProgramData\Origin
2020-04-22 10:41 - 2014-11-30 10:45 - 000000000 ____D C:\Program Files (x86)\Origin Games
2020-04-22 10:37 - 2014-11-30 10:42 - 000000000 ____D C:\Users\Stepan\AppData\Local\Origin
2020-04-21 16:15 - 2019-10-04 22:00 - 000000000 ____D C:\Users\Stepan
2020-04-20 12:01 - 2018-05-23 12:16 - 000000000 ____D C:\Users\Stepan\AppData\Local\D3DSCache
2020-04-20 11:54 - 2014-11-29 15:17 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-04-18 11:16 - 2015-01-09 10:02 - 000000000 ____D C:\Users\Stepan\AppData\Local\ElevatedDiagnostics
2020-04-18 09:18 - 2019-10-04 21:49 - 005195688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-17 20:12 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-17 20:12 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-17 20:12 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-17 20:12 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-17 20:12 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-17 20:12 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-17 12:19 - 2019-03-19 12:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-17 12:14 - 2014-01-02 05:35 - 000410838 __RSH C:\bootmgr
2020-04-16 08:35 - 2019-10-04 22:32 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-600410608-1858306824-1911990453-1001
2020-04-16 08:35 - 2019-10-04 22:00 - 000002405 _____ C:\Users\Stepan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-16 08:35 - 2015-08-08 18:12 - 000000000 ___RD C:\Users\Stepan\OneDrive
2020-04-16 08:18 - 2019-10-04 22:32 - 000004590 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-16 08:18 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-16 08:18 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-14 08:16 - 2019-03-19 02:01 - 000079768 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupdisk.sys
2020-04-14 08:16 - 2018-05-21 15:50 - 000998296 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2020-04-14 08:16 - 2018-05-21 15:50 - 000251800 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2020-04-14 08:16 - 2018-05-21 15:50 - 000232344 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kneps.sys
2020-04-14 08:16 - 2018-05-21 15:50 - 000079760 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klkbdflt.sys
2020-04-12 19:47 - 2014-12-03 13:47 - 000000000 ____D C:\Users\Stepan\Documents\My Games
2020-04-12 10:07 - 2017-11-25 09:51 - 000000000 ____D C:\Users\Stepan\AppData\Roaming\SlickVPN
2020-04-12 10:07 - 2017-11-24 08:47 - 000000000 ____D C:\Program Files (x86)\SlickVPN
2020-04-12 10:04 - 2018-11-13 07:42 - 000000000 ____D C:\Users\Stepan\Documents\iZotope
2020-04-12 09:55 - 2014-12-12 20:02 - 000000000 ____D C:\ProgramData\Apple
2020-04-12 09:43 - 2018-12-19 08:50 - 000000000 ____D C:\ProgramData\Citrix
2020-04-12 09:41 - 2018-12-19 08:49 - 000000000 ____D C:\Users\Stepan\AppData\Local\Citrix
==================== Files in the root of some directories ========
2016-08-21 20:06 - 2016-08-21 20:41 - 000000115 _____ () C:\Users\Stepan\AppData\Roaming\LogFile.txt
2014-11-29 21:28 - 2014-12-04 07:28 - 000000166 _____ () C:\Users\Stepan\AppData\Roaming\WB.CFG
2015-08-13 20:21 - 2015-09-07 15:49 - 212809145 _____ () C:\Users\Stepan\AppData\Local\ACCCx3_2_0_129.zip.aamdownload
2015-08-13 20:21 - 2015-09-07 15:49 - 000002489 _____ () C:\Users\Stepan\AppData\Local\ACCCx3_2_0_129.zip.aamdownload.aamd
2016-12-05 16:28 - 2018-11-18 12:55 - 000007680 _____ () C:\Users\Stepan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-01 19:29 - 2014-12-03 07:28 - 000000001 _____ () C:\Users\Stepan\AppData\Local\DSI.DAT
2014-11-29 22:00 - 2014-11-29 22:00 - 000000036 _____ () C:\Users\Stepan\AppData\Local\housecall.guid.cache
2018-09-23 18:33 - 2018-09-23 18:33 - 000000000 _____ () C:\Users\Stepan\AppData\Local\oobelibMkey.log
2015-07-13 14:25 - 2015-07-13 14:25 - 000000600 _____ () C:\Users\Stepan\AppData\Local\PUTTY.RND
2016-04-20 08:22 - 2016-04-20 08:22 - 000000017 _____ () C:\Users\Stepan\AppData\Local\resmon.resmoncfg
2014-11-30 09:14 - 2015-11-22 07:58 - 000000010 _____ () C:\Users\Stepan\AppData\Local\sponge.last.runtime.cache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-04-2020
Ran by Stepan (02-05-2020 10:22:00)
Running from C:\Users\Stepan\Desktop
Windows 10 Home Version 1909 18363.778 (X64) (2019-10-04 14:33:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-600410608-1858306824-1911990453-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-600410608-1858306824-1911990453-503 - Limited - Disabled)
Diane (S-1-5-21-600410608-1858306824-1911990453-1007 - Limited - Enabled) => C:\Users\Diane
Guest (S-1-5-21-600410608-1858306824-1911990453-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-600410608-1858306824-1911990453-1003 - Limited - Enabled)
Jordyn (S-1-5-21-600410608-1858306824-1911990453-1005 - Limited - Enabled) => C:\Users\Jordyn
Natasha (S-1-5-21-600410608-1858306824-1911990453-1006 - Limited - Enabled) => C:\Users\Natasha
NeroMediaHomeUser.4 (S-1-5-21-600410608-1858306824-1911990453-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
Stepan (S-1-5-21-600410608-1858306824-1911990453-1001 - Administrator - Enabled) => C:\Users\Stepan
WDAGUtilityAccount (S-1-5-21-600410608-1858306824-1911990453-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Total Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\uTorrent) (Version: 3.5.5.45608 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Administrative Templates (ADMX) for Windows 10 (HKLM-x32\...\{166A4A62-D19E-4DFB-8499-FBA08716D847}) (Version: 1.0 - Microsoft Corporation)
Administrative Templates (ADMX) for Windows 10 Version 1511 (HKLM-x32\...\{39E58F1A-1DE1-4B60-8ECF-B54E2580D59C}) (Version: 1.0 - Microsoft Corporation)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Advertising Center (HKLM-x32\...\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden
Camera RAW Plug-In for EPSON Creativity Suite (HKLM-x32\...\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}) (Version: 2.1.0.0 - )
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.50.1 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.30.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.30.0 - Canon Inc.)
Chicken Invaders 5 - Cluck of the Dark Side (HKLM-x32\...\Chicken Invaders 5 - Cluck of the Dark Side1.1) (Version: 1.1 - Foxy Games)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2109.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2109.0 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4704.58 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.5.3.2325 - CyberLink Corp.)
CyberLink PowerProducer 6 (HKLM-x32\...\InstallShield_{D7EACFE3-BC6A-48bb-B28C-4DBF318225E3}) (Version: 6.0.2103.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1152 - Disc Soft Ltd)
EPSON Artisan 1430 Series Printer Uninstall (HKLM\...\EPSON Artisan 1430 Series) (Version:  - SEIKO EPSON Corporation)
Epson Copy Utility 4 (HKLM-x32\...\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation)
EPSON CopyFactory (HKLM-x32\...\{52B4C42B-A110-4236-95C8-AA4B137C16AC}) (Version: 4.7.0.0 - Seiko Epson Corporation)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{0324C972-6139-489C-9003-857C4F195A80}) (Version: 3.10.0094 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON PERFECTION V30_V300 PHOTO Manual (HKLM-x32\...\EPSON PERFECTION V30_V300 PHOTO User’s Guide) (Version:  - )
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.05.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Epson Software Updater (HKLM-x32\...\{4830989D-5FA5-41DF-A02F-5D1B4D5C73B8}) (Version: 4.4.10 - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky)
Kaspersky Total Security (HKLM-x32\...\{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Mass Effect™ (HKLM-x32\...\{44A570EE-FD93-4086-8997-2C38DFDE0019}) (Version: 1.2.20608.0 - Electronic Arts)
Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Mass Effect™: Andromeda (HKLM-x32\...\{72BBCA87-9350-48BC-9E2F-6DBC1E80C993}) (Version: 1.0.0.10 - Electronic Arts)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Nero 2016 Content Pack (HKLM-x32\...\{006F5CFF-ED35-41AF-9B2A-F52B0F545BF4}) (Version: 17.0.00200 - Nero AG)
Nero MediaHome 4 Essentials (HKLM-x32\...\{c58b8d2f-2381-4a7e-8037-50e713f5781f}) (Version:  - Nero AG)
Nero MediaHome Free (HKLM-x32\...\{14A8A437-1BC1-4B14-8887-3B5EF324A7FA}) (Version: 16.0.00800 - Nero AG)
Network Guide EPSON Artisan 1430 Series (HKLM-x32\...\EPSON Artisan 1430 Series Netg) (Version:  - )
NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.5 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials II for PowerDirector (HKLM\...\NewBlue Video Essentials II for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials III for PowerDirector (HKLM\...\NewBlue Video Essentials III for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VII for Windows (HKLM-x32\...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Graphics Driver 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 432.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.69.40136 - Electronic Arts, Inc.)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PHOTOfunSTUDIO 9.0 SE (HKLM-x32\...\{42B815EE-C908-4FE4-8B8E-E8B907F5B06F}) (Version: 9.00.312 - Panasonic Corporation)
Prerequisite installer (HKLM-x32\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{799AFA36-4EA5-4323-8689-74C06645A26B}) (Version: 16.0.0003 - Nero AG) Hidden
Prolific Backup (HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\{D88A7919-C81E-4F6A-8B77-D1B2E42EE0CD}) (Version: 3.9.1.8 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.91.1119.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SteamWorld Dig (HKLM-x32\...\{F81E6BA3-5772-4435-B635-D71E90130052}) (Version: 1.10.0.0 - Image & Form)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tom Clancys Rainbow Six Siege (HKLM-x32\...\Tom Clancys Rainbow Six Siege_is1) (Version:  - )
Tom Clancy's Rainbow Six Vegas (HKLM-x32\...\{5731C0A8-B266-451A-8D3F-8066AA21836F}) (Version: 1.06.000 - Ubisoft)
Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.00 - Ubisoft)
TP-LINK USB Printer Controller (HKLM-x32\...\{3EC900B5-28EE-4472-A9FF-B11A879EC838}) (Version: 1.12.0927 - TP-LINK)
Treasure Pack v1.1 for Super DX-Ball Deluxe (HKLM-x32\...\Treasure Pack for Super DX-Ball Deluxe_is1) (Version: 1.1 - BlitWise Productions, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
User's Guide EPSON Artisan 1430 Series (HKLM-x32\...\EPSON Artisan 1430 Series Useg) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
Windows 10 Codec Pack 2.0.8 (HKLM-x32\...\Windows 10 - Codec Pack) (Version: 2.0.8 - Windows 10 Codec Pack)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Packages:
=========
ASUS Welcome -> C:\Program Files\WindowsApps\B9ECED6F.ASUSWelcome_1.0.1.0_x64__qmba6cd70vzyy [2015-08-08] (ASUSTeK COMPUTER INC.)
Despicable Me: Minion Rush -> C:\Program Files\WindowsApps\GAMELOFTSA.DespicableMeMinionRush_4.1.4.1_x86__0pp20fcewvvtj [2019-11-08] (GAMELOFT  SA)
Kaspersky Password Manager Extension -> C:\Program Files\WindowsApps\KasperskyLab.KasperskyPasswordManagerExtension_2.10.0.0_x64__8jx5e25qw3tdc [2020-04-17] (Kaspersky Lab)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_1.9.1911.0_x86__8wekyb3d8bbwe [2019-12-20] (Microsoft Studios) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.10.2011.0_x64__8wekyb3d8bbwe [2020-04-22] (Microsoft Studios) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.4282.0_x64__8wekyb3d8bbwe [2020-04-30] (Microsoft Studios) [MS Ad]
Microsoft Wireless Display Adapter -> C:\Program Files\WindowsApps\Microsoft.SurfaceWirelessDisplayAdapter_3.4.137.1000_x64__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation)
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-12] (Netflix, Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2015-11-14] (Microsoft Corporation)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2015-11-26] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY PRODUCTION LLC -> ABBYY Production LLC.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [2019-10-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [2019-10-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [2019-10-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY PRODUCTION LLC -> ABBYY Production LLC.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [2019-10-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\system32\prodad-codec.dll [607256 2016-08-26] (proDAD GmbH -> proDAD GmbH)
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [249536 2016-09-21] (Cole Williams Software Limited -> )
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [3635904 2016-10-04] (Cole Williams Software Limited -> x264vfw project)
HKLM\...\Drivers32: [vidc.lags] => C:\Windows\SysWOW64\lagarith.dll [230080 2016-09-21] (Cole Williams Software Limited ->  )
HKLM\...\Drivers32: [msacm.divxa32] => C:\Windows\SysWOW64\DivXa32.acm [291408 2013-12-17] (Packed With Joy !) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\Stepan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chicken Invaders 5 - Cluck of the Dark Side\Chicken Invaders 5 - Cluck of the Dark Side.lnk -> C:\Program Files (x86)\Foxy Games\Chicken Invaders 5 - Cluck of the Dark Side\Start_Game.bat ()
ShortcutWithArgument: C:\Users\Stepan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2016-08-25 13:06 - 2015-02-18 14:11 - 000112128 _____ ( () [File not signed])  [File is in use ] C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2017-06-02 15:55 - 2020-05-02 10:12 - 000027648 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2018-04-30 17:00 - 2018-04-30 17:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-10-05 13:37 - 2019-10-05 13:37 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2015-06-17 16:44 - 2015-06-17 16:44 - 000500736 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2012-01-14 07:31 - 2020-04-12 08:44 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2012-01-14 07:31 - 2020-04-12 08:44 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2014-11-30 11:10 - 2020-04-12 08:44 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2020-05-02 09:25 - 2020-04-12 08:44 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2020-05-02 09:25 - 2020-04-12 08:44 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2020-05-02 09:25 - 2020-04-12 08:44 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2020-05-02 09:25 - 2020-04-12 08:44 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2020-05-02 09:25 - 2020-04-12 08:44 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2020-05-02 09:25 - 2020-04-12 08:44 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\123simsen.com -> www.123simsen.com
There are 7912 more sites.
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\123simsen.com -> www.123simsen.com
There are 7912 more sites.

==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 10:34 - 2009-06-11 05:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\ArcSoft\Bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\Control Panel\Desktop\\Wallpaper -> c:\users\stepan\appdata\local\microsoft\windows\themes\transcodedwallpaper
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 9.0 SE.lnk => C:\Windows\pss\PHOTOfunSTUDIO 9.0 SE.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Stepan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR12"
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\StartupApproved\Run: => "EPSON Stylus Photo 1410 Series"
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\StartupApproved\Run: => "EPSON Stylus Photo 1410 Series"
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0628CCDD-AE77-4DAC-8242-B7ADE427C880}] => (Allow) C:\Users\Stepan\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{7E0D9499-5C7A-4F6F-B3BA-8A9278D077A4}] => (Allow) C:\Users\Stepan\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{27994549-1AD4-4C47-8DD6-078E3918F932}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{6B1C3705-FFF0-4CB3-8928-68A3DACE2ADD}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{007F0AB7-F976-48A9-9831-6E2EFB77017D}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromeda.exe (Electronic Arts -> Electronic Arts - BioWare)
FirewallRules: [{411D4F9B-45B3-43A3-8E02-9912FD386CC9}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromeda.exe (Electronic Arts -> Electronic Arts - BioWare)
FirewallRules: [{CC7D53D7-8696-43B3-A44E-8FD588174934}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromedaTrial.exe (Electronic Arts - BioWare) [File not signed]
FirewallRules: [{4B9790BB-9335-4114-AB67-758F8C023A70}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect Andromeda\MassEffectAndromedaTrial.exe (Electronic Arts - BioWare) [File not signed]
FirewallRules: [{6190AE6F-5BBD-4741-BD8B-92B4D3C89D02}] => (Allow) C:\Program Files (x86)\Origin Games\SteamWorld Dig\SteamWorldDig.exe (Electronic Arts -> )
FirewallRules: [{6C589FE3-7BC6-45C1-B2CA-C8B419A10036}] => (Allow) C:\Program Files (x86)\Origin Games\SteamWorld Dig\SteamWorldDig.exe (Electronic Arts -> )
FirewallRules: [{97F5FD09-A354-4BBB-9C0B-1C9D367987D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{87EA50CA-C85D-4A76-980F-B789313EB7E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{71E6AAFA-E238-4B08-9F30-CCC1119CAF0D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{661C3A1A-7CD8-4E51-8C33-ED8CD9B088E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe No File
FirewallRules: [{A6C8F960-1143-499A-80CC-2D51C73986F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe No File
FirewallRules: [{81CB942F-685E-45F8-8886-D43E658AC97B}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect\Binaries\MassEffect.exe (Electronic Arts -> BioWare)
FirewallRules: [{11868A1E-7B92-4DA6-BBB7-28AE6F6D8113}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect\Binaries\MassEffect.exe (Electronic Arts -> BioWare)
FirewallRules: [{B88831DC-C27B-4E9E-B1FB-0CA7BC864879}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe (Nero AG -> Nero AG)
FirewallRules: [{397D0BFA-2F1A-456F-AE22-96BEAF23E36A}] => (Allow) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe () [File not signed]
FirewallRules: [{C8F06330-4A56-4D9B-A034-BE271BA1E07A}] => (Allow) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe () [File not signed]
FirewallRules: [{5D85116B-5834-42C6-8A85-0C5D579E82FC}] => (Allow) LPort=7437
FirewallRules: [{487A6627-3525-4AFE-B348-3B93E4BC1D29}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe (Electronic Arts -> BioWare)
FirewallRules: [{D2290D92-D732-481B-8FDC-F24740D4019D}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe (Electronic Arts -> BioWare)
FirewallRules: [{6CFF4968-3013-4B4A-952D-46075AECEC52}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{5FA4761C-A75B-4E8C-8940-86B334D974EC}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{C4FB434D-A4D3-4CB9-8CE3-B5451B85EB15}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{73921BFB-5E37-4F9D-9F9A-56C74A39BD28}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{591A1799-FC4E-40B0-8946-3EE9B348ED1E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{CA35F41E-9164-4BF0-9EFD-AA0322E93973}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{A7045599-AAC5-4D45-8C31-954E2EF5E0D0}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe () [File not signed]
FirewallRules: [{50B7AAB7-9EC5-4502-B350-1E710B4DE097}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe () [File not signed]
FirewallRules: [{51F224D0-9555-4CAE-91C4-4613D0D2964E}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{C5AB63E7-F2A1-4AC6-BDFE-2E920C60682D}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{0E4E09AD-D899-47A0-9463-06F30D6B68EA}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe () [File not signed]
FirewallRules: [{82020927-E6AA-47C1-8117-09A8D117EBD4}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe () [File not signed]
FirewallRules: [{EBC7EE7E-3562-4B7F-AF47-616B620A8905}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe (Ubisoft) [File not signed]
FirewallRules: [{4F64E1E8-DE0E-4E33-87F0-A238FE33E44C}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe (Ubisoft) [File not signed]
FirewallRules: [{D35192D1-353C-4E8D-B9E4-2D89AE0E9771}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
26-04-2020 19:00:11 Windows Backup
02-05-2020 09:08:34 AdwCleaner_BeforeCleaning_02/05/2020_09:08:33
==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
Application errors:
==================
Error: (05/02/2020 10:19:32 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6028,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (05/02/2020 09:25:53 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6160,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (05/02/2020 09:09:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
Error: (05/02/2020 09:09:57 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (05/02/2020 09:09:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
Error: (05/02/2020 09:09:57 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (05/02/2020 08:33:40 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10000,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (05/01/2020 07:37:29 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10108,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

System errors:
=============
Error: (05/02/2020 10:12:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The W3SVC service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Error: (05/02/2020 10:12:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetPipeActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Error: (05/02/2020 10:12:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Error: (05/02/2020 10:12:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetMsmqActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Error: (05/02/2020 10:12:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WAS service terminated with the following error:
The system cannot find the drive specified.
Error: (05/02/2020 10:12:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EpsonCustomerResearchParticipation service failed to start due to the following error:
The system cannot find the file specified.
Error: (05/02/2020 10:12:21 AM) (Source: WAS) (EventID: 5005) (User: )
Description: Windows Process Activation Service (WAS) is stopping because it encountered an error. The data field contains the error number.
Error: (05/02/2020 10:12:21 AM) (Source: WAS) (EventID: 5215) (User: )
Description: The Windows Process Activation Service (WAS) failed to execute initialization for offline setup. The data field contains the error number.

CodeIntegrity:
===================================
Date: 2020-05-02 10:14:40.871
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2020-05-02 10:14:40.529
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2020-05-02 10:14:40.090
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2020-05-02 10:14:40.074
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2020-05-02 10:14:32.157
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2020-05-02 10:14:32.134
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2020-05-02 10:14:32.109
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2020-05-02 09:15:51.663
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 2001 06/16/2014
Motherboard: ASUSTeK COMPUTER INC. H81M-PLUS
Processor: Intel® Core™ i3-4160 CPU @ 3.60GHz
Percentage of memory in use: 41%
Total physical RAM: 8127.7 MB
Available physical RAM: 4785.91 MB
Total Virtual: 16319.7 MB
Available Virtual: 12598.06 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.98 GB) (Free:484.89 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:74.53 GB) (Free:2.2 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:465.75 GB) (Free:0 GB) NTFS
\\?\Volume{d1cf5b0c-0000-0000-0000-f0bee8000000}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D1CF5B0C)
Partition 1: (Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=541 MB) - (Type=27)
==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: E6CAE6CA)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: 069A6176)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================

  • 0

#12
iMacg3
Posted 04 May 2020 - 09:38 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi traindriver

How is the computer running?
  • 0

#13
traindriver
Posted 06 May 2020 - 05:26 AM

traindriver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

compurte is running good at the moment thank you


  • 0

#14
iMacg3
Posted 07 May 2020 - 09:01 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
The following will remove the tools we used as well as reset system restore points:

---------------------------------------------------
KpRm

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
----------------------------------------------------
Some tips to keep your computer safe on the Internet

Make sure to use strong passwords. There are password managers (for example, Bitwarden) that can help you use secure passwords, and keep track of them.

How to create a strong password
----------------------------------------------------
Keeping software up-to-date is important as well. Programs such as UCheck, Heimdal Free, or PatchMyPC can help keep software on your computer up-to-date.

To keep your operating system up-to-date, make sure that Windows Update is enabled on your computer.
----------------------------------------------------
I recommend backing up your PC regularly. There are several ways to back up your computer, such as using a cloud-based service online, external hard drive, or CD/DVD.

The following articles have more information about methods to back up your computer:

What's the Best Way to Back Up My Computer?

5 Ways to Back up Your Data
----------------------------------------------------
Here are some articles about how to keep your computer safe on the Internet -

Simple and easy ways to keep your computer safe and secure on the Internet - by Lawrence Abrams

Answers to common security questions - Best Practices - by quietman7

COMPUTER SECURITY - a short guide to staying safer online - Malware Removal

PC Safety and Security - What Do I Need? - Tech Support Forum
----------------------------------------------------

Safe surfing :)
  • 0

#15
traindriver
Posted 10 May 2020 - 05:34 PM

traindriver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Run at 11/05/2020 07:32:20
# KpRm (Kernel-panik) version 2.8
# Website https://kernel-panik.me/tool/kprm/
# Run by Stepan from C:\Users\Stepan\Downloads
# Computer Name: STEPAN-PC
# OS: Windows 10 X64 (18363)
# Number of passes: 1
- Checked options -
    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines after 7 days
- Create Registry Backup -
   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\Stepan\NTUSER.dat backed up
     [OK] Registry Backup: C:\KPRM\backup\2020-05-11-07-32-20
- Delete Tools -

  ## AdwCleaner
     [OK] C:\Users\Stepan\Desktop\AdwCleaner.exe deleted
  ## ESET Online Scanner
     [OK] C:\Users\Stepan\Desktop\ESET Online Scanner.lnk deleted
     [OK] C:\Users\Stepan\Desktop\esetonlinescanner.exe deleted
  ## FRST
     [OK] C:\Users\Stepan\Desktop\Addition.txt deleted
     [OK] C:\Users\Stepan\Desktop\Fixlog.txt deleted
     [OK] C:\Users\Stepan\Desktop\FRST-OlderVersion deleted
     [OK] C:\Users\Stepan\Desktop\FRST.txt deleted
     [OK] C:\Users\Stepan\Desktop\FRST64.exe deleted
     [OK] C:\Users\Stepan\Desktop\Geks to go\Addition.txt deleted
     [OK] C:\Users\Stepan\Desktop\Geks to go\Fixlog_17-04-2020 10.10.02.txt deleted
     [OK] C:\Users\Stepan\Desktop\Geks to go\FRST.txt deleted
- Other Lines -

  ## Quarantines that will be deleted in 7 days (2020/05/18)
    ~ C:\AdwCleaner (AdwCleaner)
    ~ C:\Users\Stepan\AppData\Local\ESET\ESETOnlineScanner (ESET Online Scanner)
    ~ C:\FRST (FRST)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\5781842222.quar (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\5781842222.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\6382013603.quar (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\6382013603.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\5642134307.quar (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\5543700701.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\5304629851.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\5642134307.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\5543700701.quar (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\9210410557.quar (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\9210410557.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\9433472060.quar (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\9433472060.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\8603684721.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\6662000317.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\6415196797.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\7523080877.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\7395600785.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3843048616.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3647614516.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3928099410.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3843048616.quar (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3604683087.quar (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\1083770656.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\0100485373.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3604683087.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3571232326.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3928099410.quar (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\4700112736.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\4543523011.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\5297009579.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\4789683293.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\4513900398.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\4124479768.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\4030872267.data (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\4377771235.quar (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\4377771235.data (Malwarebytes Anti-Rootkit)
- Restore System Settings -
     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files
- Restore UAC -
     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value
- Clear Restore Points -
   ~ [OK] RP named Windows Backup created at 04/26/2020 11:00:11 deleted
   ~ [OK] RP named AdwCleaner_BeforeCleaning_02/05/2020_09:08:33 created at 05/02/2020 01:08:34 deleted
   ~ [OK] RP named Windows Backup created at 05/04/2020 11:43:54 deleted
   ~ [OK] RP named Windows Backup created at 05/10/2020 23:19:41 deleted
     [OK] All system restore points have been successfully deleted
- Create Restore Point -
     [OK] System Restore Point created
- Display System Restore Point -
   ~ [I] RP named KpRm created at 05/10/2020 23:33:11
-- KPRM finished in 82.06s --

- Errors -
    ~ Unable to copy binary in C:\KPRM\tasks-quarantines\kprm-quarantines.exe

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP