Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC has slowed down and startupchecklibrary.dll problem [Closed]

startupchecklibrary.dll malware virus

  • This topic is locked This topic is locked

#1
yuyuti

yuyuti

    New Member

  • Member
  • Pip
  • 2 posts

Hi, I have read and followed the instructions on how to run FRST. 

 

My computer has gradually slowed down, persistent ads are popping up on some sites and there is an error on startup (startupchecklibrary.dll).

 

I have used AVAST and ESET for virus/malware detection.

 

Hope someone could help me. Thanks a lot in advance!

 

________________________

Below is the log from FRST.txt

----------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2020
Ran by INTEL (administrator) on DESKTOP-0VBR7UG (16-04-2020 13:22:07)
Running from C:\Users\INTEL\Downloads
Loaded Profiles: INTEL (Available Profiles: INTEL)
Platform: Windows 10 Pro Version 1809 17763.678 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\Kinoni\EpocCam\KinoniSvc.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Elaborate Bytes AG -> Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <22>
(Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [277664 2020-03-28] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1710568 2015-07-24] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [105280 2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\Run: [Spotify] => C:\Users\INTEL\AppData\Roaming\Spotify\Spotify.exe [22825376 2020-03-15] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3371296 2020-04-04] (Valve -> Valve Corporation)
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91512680 2020-02-14] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\MountPoints2: {1333e17e-590c-11ea-9d50-c86000a198cd} - "D:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\MountPoints2: {8d1c8e9f-5780-11ea-9d4d-c86000a198cd} - "H:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\MountPoints2: {94a05316-4212-11e9-9bcd-c86000a198cd} - "H:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\MountPoints2: {bb0f17a1-69c1-11e9-9bd5-c86000a198cd} - "D:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\MountPoints2: {da559726-4074-11e9-9bc6-806e6f6e6963} - "G:\CDViewer.exe" 
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\MountPoints2: {de3f2499-6fe5-11ea-9d84-806e6f6e6963} - "D:\HiSuiteDownLoader.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-08] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\78.1.0.1\Installer\chrmstp.exe [2019-11-20] (Brave Software, Inc.) [File not signed]
Startup: C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-07-16]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01C302C5-9565-4B66-8D47-B01474111471} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2019-03-07] (Google Inc -> Google Inc.)
Task: {19A0D5A6-4708-44AF-A552-F8A528D796C0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1A854DA9-0538-4145-9B57-F0FA65D8FE51} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158760 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {200D3484-9189-4D9A-A71B-E373D1DCC7BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {33F58AF4-7708-4FAC-B597-B5164308FF9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2019-03-07] (Google Inc -> Google Inc.)
Task: {3E4A2B7C-5649-4BD7-8346-7B143E24A648} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-03-28] (Avast Software s.r.o. -> Avast Software)
Task: {41EEFC99-6EE2-4AE1-9A95-C89FF63D77B7} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
Task: {49D46E25-F1F7-4B3A-B9D7-02579193BC53} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\INTEL\Downloads\esetonlinescanner_enu.exe [14566496 2020-04-10] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {4ABE4703-1F17-41C9-8158-D987AC340C94} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {58D21163-BC02-461C-A03C-DB71904322DA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B59086D-0DC6-4B8F-8CC9-AB70D17DAACA} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {6D2D1BC4-2494-44E1-9470-5B140AB07C4B} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-11-10] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {6F91B5BD-8B32-4B41-95B2-2BA45ABCDFFC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158760 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A97D3BC-BBA7-4CD2-B495-6FECD34EDF05} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
Task: {7CBBE706-70DC-4232-A01D-BC791BCB567B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6147688 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {7EE04B03-A9AC-4E31-97C7-6A8B8BB6F20D} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {7F32B9B5-E046-4440-8CB9-BEFD3CE6CE6F} - \Microsoft\Windows\WDI\SrvHost -> No File <==== ATTENTION
Task: {83546678-1360-4F70-930B-7670D8D69B53} - System32\Tasks\Microsoft\Windows\NetFramework\Microsoft .NET Framework => C:\Windows\Microsoft.NET\Framework\v3.5\mscorsvw.exe
Task: {97087734-AA8E-43A7-ADEA-DD2E3240271E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702024 2020-03-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C8A0EDD-ADD2-4BA4-8C2E-D1077DD66166} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\INTEL\Downloads\esetonlinescanner_enu.exe [14566496 2020-04-10] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {AF980167-49A0-4D54-B2C9-64241F12BEE3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B9B95796-4E0F-47ED-8F2C-A0210987A56C} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-11-10] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {BE4EF73F-35E4-423B-9859-0377B75EB9C7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3894664 2020-03-28] (Avast Software s.r.o. -> AVAST Software)
Task: {D2099023-C065-44D6-95AB-35D4B4D88A2F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6147688 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {D727DF5A-7BCC-4F1C-9280-34101553DFD5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702024 2020-03-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {F18F2847-5CAA-4504-A1A5-0F6ADF520C15} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1692296 2020-02-28] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {F28686BB-8693-4D38-BB85-5E16FA114BF9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{78e8d524-e2ff-4243-bd17-b34984097fac}: [DhcpNameServer] 192.168.43.123
Tcpip\..\Interfaces\{efa5dc13-8c9b-4ddd-86c8-60c26f91388b}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171101&iDate=2020-03-28 05:15:23&bName=
SearchScopes: HKU\S-1-5-21-1514647402-2240813474-3395892600-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1514647402-2240813474-3395892600-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1514647402-2240813474-3395892600-1002 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-01-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-04-09] (McAfee, LLC -> McAfee, LLC)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-01-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-04-09] (McAfee, LLC -> McAfee, LLC)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
 
Edge: 
======
Edge Notifications: HKU\S-1-5-21-1514647402-2240813474-3395892600-1002 -> hxxps://www.facebook.com
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-04-09] [UpdateUrl:hxxps://www.siteadvisor.com/waffinstall/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2019-03-07] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1235205.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-01-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-11-10] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-11-10] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1514647402-2240813474-3395892600-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\INTEL\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-03-27] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default [2020-04-16]
CHR Notifications: Default -> hxxps://ask.fm; hxxps://www.chess.com; hxxps://www.instagram.com; hxxps://www.techinasia.com; hxxps://www.thecrucible.online; hxxps://www.travelbook.ph
CHR Extension: (Docs) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-07]
CHR Extension: (Google Drive) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-07]
CHR Extension: (YouTube) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-07]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-06]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-04-16]
CHR Extension: (Chrome Remote Desktop) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-07-19]
CHR Extension: (Google Docs Offline) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-13]
CHR Extension: (Screen Recorder) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniebljpgcogalllopnjokppmgbhaden [2019-12-08]
CHR Extension: (rikaikun) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2019-09-24]
CHR Extension: (Grammarly for Chrome) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-04-07]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2020-03-24]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2019-12-24]
CHR Extension: (Google Maps Platform API Checker) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlikepnkghhlnkgeejmlkfeheihlehne [2019-11-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Free VPN - the fastest VPN in the house) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogojkdkkcopeepagdlddbninobfhfbcb [2019-11-07]
CHR Extension: (Gmail) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6046624 2020-03-28] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [413472 2020-03-28] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57536 2020-03-28] (Avast Software s.r.o. -> AVAST Software)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-11-10] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-11-10] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10626328 2020-03-30] (Microsoft Corporation -> Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation -> NVIDIA Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2019-12-27] (Huawei Technologies Co., Ltd. -> ) [File not signed]
R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam\KinoniSvc.exe [743936 2019-01-26] () [File not signed]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [913640 2020-04-09] (McAfee, LLC -> McAfee, LLC)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation -> NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation -> NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12001112 2019-08-07] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 avg; "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc [X]
S3 avgm; "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /medsvc [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37856 2020-04-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [206120 2020-04-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [234776 2020-04-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [178968 2020-04-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [60696 2020-04-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-03-28] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42984 2020-04-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175400 2020-03-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [491832 2020-04-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [109480 2020-04-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85056 2020-04-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851808 2020-04-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [459608 2020-04-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [235184 2020-03-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [317280 2020-04-16] (Avast Software s.r.o. -> AVAST Software)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2019-03-07] (Hewlett-Packard Company -> Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2019-03-07] (Hewlett-Packard Company -> Windows ® Win 7 DDK provider)
S3 dot4usb; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [49056 2019-03-07] (Hewlett-Packard Company -> Microsoft Corporation)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 kinonivd; C:\WINDOWS\system32\DRIVERS\kinonivd.sys [283120 2019-01-31] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R3 KINONI_Wave; C:\WINDOWS\system32\drivers\kinonivad.sys [23040 2019-01-04] (Kinoni Oy -> Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-29] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
R3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [47616 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-04-16 13:22 - 2020-04-16 13:24 - 000032143 _____ C:\Users\INTEL\Downloads\FRST.txt
2020-04-16 13:18 - 2020-04-16 13:23 - 000000000 ____D C:\FRST
2020-04-16 13:18 - 2020-04-16 13:18 - 002281472 _____ (Farbar) C:\Users\INTEL\Downloads\FRST64.exe
2020-04-16 13:13 - 2020-04-16 13:12 - 000491832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2020-04-16 13:13 - 2020-04-16 13:12 - 000337048 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-04-16 13:13 - 2020-04-16 13:12 - 000235696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbd0b0c91f85dbadf.tmp
2020-04-16 13:13 - 2020-04-16 13:12 - 000175920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw18bcaf965d217667.tmp
2020-04-15 08:59 - 2020-04-15 08:59 - 000018000 _____ C:\Users\INTEL\Downloads\IATFID_template.xlsx
2020-04-14 03:27 - 2020-04-14 03:27 - 005176118 _____ C:\Users\INTEL\Downloads\2020-04-14_03-24-13.flv
2020-04-13 12:29 - 2020-04-13 12:29 - 000000000 ____D C:\Users\INTEL\AppData\Local\Origin
2020-04-13 11:04 - 2020-04-13 11:04 - 000000505 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2020-04-13 11:04 - 2020-04-13 11:04 - 000000505 _____ C:\ProgramData\Desktop\The Sims 4.lnk
2020-04-12 21:54 - 2020-04-12 21:58 - 172392176 _____ C:\Users\INTEL\Downloads\The.Sims.4.Strangerville.Update.v1.51.77.1020-CODEX.zip
2020-04-12 21:37 - 2020-04-12 21:37 - 000000000 ____D C:\Users\INTEL\Documents\Electronic Arts
2020-04-12 21:29 - 2014-10-19 15:54 - 000447752 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2020-04-12 21:27 - 2020-04-12 21:27 - 000001272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4.lnk
2020-04-12 21:02 - 2020-04-12 21:02 - 000001327 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2020-04-12 21:02 - 2020-04-12 21:02 - 000001327 _____ C:\ProgramData\Desktop\Virtual CloneDrive.lnk
2020-04-12 21:01 - 2020-04-12 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2020-04-12 21:01 - 2020-04-12 21:01 - 000000000 ____D C:\Program Files (x86)\Elaborate Bytes
2020-04-12 21:00 - 2020-04-12 21:00 - 001804880 _____ C:\Users\INTEL\Downloads\SetupVCD5520.exe
2020-04-12 19:21 - 2020-04-12 19:21 - 000106002 _____ C:\Users\INTEL\Downloads\The.Sims.4.Discover.University-CODEX-[rarbg.to].torrent
2020-04-11 20:36 - 2020-04-11 20:36 - 000357814 _____ C:\Users\INTEL\Downloads\the_sims_4_-_digital_deluxe_v1_62_67_1020.torrent
2020-04-11 17:04 - 2020-04-11 17:04 - 000000607 _____ C:\Users\Public\Desktop\Resident Evil 7 - Biohazard.lnk
2020-04-11 17:04 - 2020-04-11 17:04 - 000000607 _____ C:\ProgramData\Desktop\Resident Evil 7 - Biohazard.lnk
2020-04-11 07:02 - 2020-04-11 07:02 - 004677968 _____ (BitTorrent Inc.) C:\Users\INTEL\Downloads\uTorrent (1).exe
2020-04-10 23:21 - 2020-04-10 23:21 - 000000000 ____D C:\Users\INTEL\Documents\Klei
2020-04-10 23:04 - 2020-04-10 23:04 - 000000222 _____ C:\Users\INTEL\Desktop\Don't Starve Together.url
2020-04-10 21:20 - 2020-04-10 21:20 - 000000000 ____D C:\Users\INTEL\AppData\Local\AdAwareUpdater
2020-04-10 21:04 - 2020-04-10 21:04 - 000000000 ____D C:\Users\INTEL\AppData\Local\AdAwareDesktop
2020-04-10 20:55 - 2020-04-11 07:04 - 000000896 _____ C:\Users\INTEL\Desktop\µTorrent.lnk
2020-04-10 20:55 - 2020-04-11 07:04 - 000000876 _____ C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2020-04-10 12:01 - 2020-04-10 12:01 - 000002134 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2020-04-10 12:01 - 2020-04-10 12:01 - 000002134 _____ C:\ProgramData\Desktop\3D Vision Photo Viewer.lnk
2020-04-10 11:26 - 2020-04-10 12:24 - 000001189 _____ C:\Users\INTEL\Desktop\RivaTuner Statistics Server (2).lnk
2020-04-10 11:25 - 2020-04-10 11:25 - 000000000 ____D C:\Users\INTEL\AppData\Local\NVIDIA Corporation
2020-04-10 11:22 - 2020-04-10 11:22 - 000001454 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2020-04-10 11:22 - 2020-04-10 11:22 - 000001454 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2020-04-10 11:21 - 2015-07-24 12:21 - 001756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2020-04-10 11:21 - 2015-07-24 12:21 - 001710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2020-04-10 11:21 - 2015-07-24 12:21 - 001423304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2020-04-10 11:21 - 2015-07-24 12:21 - 001316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2020-04-10 11:20 - 2015-07-23 08:44 - 000572048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2020-04-10 11:19 - 2015-07-23 09:10 - 000937800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2020-04-10 11:17 - 2015-07-23 12:02 - 000112784 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-04-10 11:16 - 2020-04-10 11:20 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2020-04-10 11:15 - 2020-04-10 14:23 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2020-04-10 11:15 - 2020-04-10 11:26 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2020-04-10 11:15 - 2015-07-25 08:14 - 000040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2020-04-10 11:15 - 2015-07-23 12:02 - 018376584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2020-04-10 11:15 - 2015-07-03 12:28 - 000069992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2020-04-10 11:15 - 2015-07-03 12:28 - 000065896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2020-04-10 11:15 - 2015-07-03 12:28 - 000047976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2020-04-10 11:14 - 2015-07-23 12:02 - 042730312 _____ C:\WINDOWS\system32\nvcompiler.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 037749064 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 030518928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 022973584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 016160440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 016011680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 015754192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 014511608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 013274904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 012973680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 011843384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 011142984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2020-04-10 11:14 - 2015-07-23 12:02 - 002963208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 002360976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 002164040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 001898128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435362.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 001557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435362.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 001165192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 001061008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 001053000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 000991152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 000983368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 000976528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 000176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 000155280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 000150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2020-04-10 11:14 - 2015-07-23 12:02 - 000128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2020-04-10 11:13 - 2020-04-10 11:22 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2020-04-10 11:13 - 2020-04-10 11:13 - 000001159 _____ C:\Users\INTEL\Desktop\MSI Afterburner.lnk
2020-04-10 11:13 - 2020-04-10 11:13 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2020-04-10 11:12 - 2020-04-10 11:12 - 050449037 _____ C:\Users\INTEL\Downloads\MSIAfterburnerSetup.zip
2020-04-10 11:05 - 2020-04-10 11:06 - 294933088 _____ (NVIDIA Corporation) C:\Users\INTEL\Downloads\353.62-desktop-win10-64bit-international-whql.exe
2020-04-09 19:56 - 2020-04-09 19:57 - 000000000 ____D C:\Users\INTEL\Documents\Assassin's Creed Origins
2020-04-09 19:56 - 2020-04-09 19:56 - 000000000 ____D C:\Users\Public\Documents\uPlay
2020-04-09 19:56 - 2020-04-09 19:56 - 000000000 ____D C:\ProgramData\Documents\uPlay
2020-04-05 11:11 - 2020-04-05 11:11 - 000000000 ____D C:\Users\INTEL\AppData\Local\Melodics
2020-04-05 11:11 - 2020-04-05 11:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Melodics
2020-04-05 11:11 - 2020-04-05 11:11 - 000000000 ____D C:\Program Files\Melodics
2020-04-05 11:10 - 2020-04-05 11:10 - 069188136 _____ ( ) C:\Users\INTEL\Downloads\MelodicsV2Installer.exe
2020-04-04 17:41 - 2020-04-04 22:07 - 000615711 _____ C:\Users\INTEL\Downloads\First_Composition_LOL.flp
2020-04-04 17:25 - 2020-04-04 17:26 - 000997309 _____ C:\Users\INTEL\Downloads\EAHB-AGIJ-JDJB-JEFGPHP.Pdf
2020-04-04 17:24 - 2020-04-04 17:24 - 000001211 _____ C:\Users\INTEL\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2020-04-04 17:24 - 2020-04-04 17:24 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2020-04-04 17:24 - 2020-04-04 17:24 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2020-04-04 17:22 - 2020-04-04 17:22 - 000002133 _____ C:\Users\INTEL\Desktop\FL Studio 12 (64bit).lnk
2020-04-04 17:22 - 2020-04-04 17:22 - 000002117 _____ C:\Users\INTEL\Desktop\FL Studio 12.lnk
2020-04-04 17:22 - 2020-04-04 17:22 - 000000000 ____D C:\Program Files\Common Files\VST2
2020-04-04 17:22 - 2020-04-04 17:22 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2020-04-04 17:22 - 2020-04-04 17:22 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2020-04-04 17:20 - 2020-04-04 17:20 - 000000000 ____D C:\Users\INTEL\Documents\Image-Line
2020-04-04 17:20 - 2020-04-04 17:20 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2020-04-04 17:20 - 2020-04-04 17:20 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\Image-Line
2020-04-04 17:20 - 2020-04-04 17:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2020-04-04 17:20 - 2020-04-04 17:20 - 000000000 ____D C:\Program Files\Image-Line
2020-04-04 17:13 - 2020-04-04 17:24 - 000000000 ____D C:\Program Files (x86)\Image-Line
2020-04-04 17:02 - 2020-04-04 17:02 - 000020560 _____ C:\Users\INTEL\Downloads\kat.crimage.line.fl.studio.12.1.2.producer.edition.32bit.64bit.eng.regkey.r2r.at.team.torrent
2020-04-03 13:45 - 2020-04-03 13:45 - 000073937 _____ C:\Users\INTEL\Downloads\peter resume.pdf
2020-04-01 12:38 - 2020-04-06 19:46 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\Game
2020-04-01 00:31 - 2020-04-01 00:31 - 000001759 _____ C:\Users\INTEL\Desktop\CivilizationVI - Shortcut.lnk
2020-04-01 00:29 - 2020-04-01 00:29 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\FiraxisLive
2020-03-31 23:06 - 2020-03-31 23:06 - 000001021 _____ C:\Users\Public\Desktop\Sid Meier's Civilization 6.lnk
2020-03-31 23:06 - 2020-03-31 23:06 - 000001021 _____ C:\ProgramData\Desktop\Sid Meier's Civilization 6.lnk
2020-03-31 18:52 - 2020-03-31 18:52 - 000187875 _____ C:\Users\INTEL\Downloads\2020-2021 Policy-W.Mendres.pdf
2020-03-31 13:34 - 2020-03-31 13:34 - 000000000 ____D C:\Users\Public\Documents\Steam
2020-03-31 13:34 - 2020-03-31 13:34 - 000000000 ____D C:\ProgramData\Documents\Steam
2020-03-29 17:29 - 2020-03-29 17:38 - 000000000 ____D C:\Users\INTEL\Desktop\TetrisOnlinePoland
2020-03-29 13:16 - 2020-03-29 13:16 - 000179728 _____ C:\Users\INTEL\Downloads\720089EC324C.pdf
2020-03-28 19:54 - 2020-03-28 19:54 - 000000000 ____D C:\ProgramData\Age of Empires 3
2020-03-28 13:25 - 2020-03-28 13:25 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\AVAST Software
2020-03-28 13:24 - 2020-04-13 19:03 - 000002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-03-28 13:24 - 2020-04-13 19:03 - 000002076 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-03-28 13:24 - 2020-04-13 19:03 - 000002076 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2020-03-28 13:19 - 2020-04-16 13:14 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-03-28 13:18 - 2020-04-16 13:12 - 000459608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-03-28 13:18 - 2020-04-16 13:12 - 000317280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-03-28 13:18 - 2020-04-16 13:12 - 000109480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-03-28 13:18 - 2020-04-16 13:12 - 000085056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-03-28 13:18 - 2020-04-16 13:12 - 000042984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-03-28 13:18 - 2020-04-16 13:11 - 000851808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-03-28 13:18 - 2020-04-16 13:11 - 000234776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-03-28 13:18 - 2020-04-16 13:11 - 000206120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-03-28 13:18 - 2020-04-16 13:11 - 000178968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-03-28 13:18 - 2020-04-16 13:11 - 000060696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-03-28 13:18 - 2020-04-16 13:11 - 000037856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-03-28 13:18 - 2020-03-28 13:19 - 000458584 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswd0c17dc7c76b5079.tmp
2020-03-28 13:18 - 2020-03-28 13:19 - 000458584 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\asw0d71fa1d00d218e3.backup
2020-03-28 13:18 - 2020-03-28 13:18 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2020-03-28 13:18 - 2020-03-28 13:17 - 000848672 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswef6f4eb134f5635f.tmp
2020-03-28 13:18 - 2020-03-28 13:17 - 000848672 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\asw40e5675688679502.backup
2020-03-28 13:18 - 2020-03-28 13:17 - 000316256 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\asw460fd2de4d380bd5.tmp
2020-03-28 13:18 - 2020-03-28 13:17 - 000279360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw175393bf2fd89d88.tmp
2020-03-28 13:18 - 2020-03-28 13:17 - 000271120 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\asw2a7c231f05b9ad9d.tmp
2020-03-28 13:18 - 2020-03-28 13:17 - 000271120 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\asw1ec9853e5cbf0562.backup
2020-03-28 13:18 - 2020-03-28 13:17 - 000235184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-03-28 13:18 - 2020-03-28 13:17 - 000206608 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\asw906e1e8bed96db03.tmp
2020-03-28 13:18 - 2020-03-28 13:17 - 000205576 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswf58ce6cf377e7c9b.backup
2020-03-28 13:18 - 2020-03-28 13:17 - 000205576 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\asweb3cce75ac654892.tmp
2020-03-28 13:18 - 2020-03-28 13:17 - 000175400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-03-28 13:18 - 2020-03-28 13:17 - 000110560 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswad6f0cf1e08e8c31.tmp
2020-03-28 13:18 - 2020-03-28 13:17 - 000110560 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\asw33dc32e1e314d577.backup
2020-03-28 13:18 - 2020-03-28 13:17 - 000084056 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\asw14ee603e156b6348.tmp
2020-03-28 13:18 - 2020-03-28 13:17 - 000064272 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswd8ebb84eb0bad767.tmp
2020-03-28 13:18 - 2020-03-28 13:17 - 000042976 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswceef6b9a12dd64d0.tmp
2020-03-28 13:18 - 2020-03-28 13:17 - 000042976 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswa583d4d627ac5a2a.backup
2020-03-28 13:18 - 2020-03-28 13:17 - 000037864 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\asw702e2d9484f6c672.tmp
2020-03-28 13:18 - 2020-03-28 13:17 - 000016304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2020-03-28 13:16 - 2020-04-01 17:22 - 000000000 ____D C:\ProgramData\AVAST Software
2020-03-28 13:16 - 2020-03-28 13:16 - 000000000 ____D C:\Program Files\AVAST Software
2020-03-28 13:15 - 2020-03-28 13:15 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\Lavasoft
2020-03-28 13:15 - 2020-03-28 13:15 - 000000000 ____D C:\Users\INTEL\AppData\Local\Lavasoft
2020-03-28 13:15 - 2020-03-28 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2020-03-28 13:15 - 2020-03-28 13:15 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-03-28 13:14 - 2020-03-28 13:14 - 000000000 ____D C:\ProgramData\Lavasoft
2020-03-28 13:08 - 2020-03-28 13:10 - 002907000 _____ (BitTorrent Inc.) C:\Users\INTEL\Downloads\uTorrent.exe
2020-03-27 22:10 - 2020-03-27 22:10 - 000000000 ____D C:\Users\INTEL\Documents\Fruitbat Factory
2020-03-27 22:09 - 2020-04-16 13:03 - 000002976 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-03-27 22:09 - 2020-04-16 13:03 - 000002596 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-03-27 21:57 - 2020-03-27 21:57 - 000000222 _____ C:\Users\INTEL\Desktop\100% Orange Juice.url
2020-03-27 20:25 - 2020-03-27 20:25 - 000000000 ____D C:\Users\INTEL\Documents\MuseScore3
2020-03-27 20:22 - 2020-04-01 22:44 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\MuseScore
2020-03-27 20:22 - 2020-03-27 20:22 - 000000000 ____D C:\Users\INTEL\AppData\Local\MuseScore
2020-03-27 20:22 - 2020-03-27 20:22 - 000000000 ____D C:\Users\INTEL\AppData\Local\cache
2020-03-27 20:21 - 2020-03-27 20:21 - 000001089 _____ C:\Users\INTEL\Desktop\MuseScore 3.lnk
2020-03-27 20:21 - 2020-03-27 20:21 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 3
2020-03-27 20:21 - 2020-03-27 20:21 - 000000000 ____D C:\Program Files\MuseScore 3
2020-03-27 20:17 - 2020-03-27 20:17 - 111783936 _____ C:\Users\INTEL\Downloads\MuseScore-3.4.2-x86_64.msi
2020-03-27 18:25 - 2020-04-10 14:24 - 000000670 _____ C:\Users\INTEL\Desktop\ESET Online Scanner.lnk
2020-03-27 18:24 - 2020-03-27 18:24 - 000000769 _____ C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-03-27 18:24 - 2020-03-27 18:24 - 000000000 ____D C:\Users\INTEL\AppData\Local\ESET
2020-03-27 18:18 - 2020-04-10 14:25 - 014566496 _____ (ESET spol. s r.o.) C:\Users\INTEL\Downloads\esetonlinescanner_enu.exe
2020-03-27 13:05 - 2020-03-27 13:05 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-03-27 13:04 - 2020-03-27 13:05 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\Zoom
2020-03-27 13:02 - 2020-03-27 13:03 - 011298712 _____ (Zoom Video Communications, Inc.) C:\Users\INTEL\Downloads\ZoomInstaller.exe
2020-03-26 19:57 - 2020-03-26 19:57 - 000000000 ____D C:\Users\INTEL\AppData\Local\UnrealEngine
2020-03-26 19:57 - 2020-03-26 19:57 - 000000000 ____D C:\Users\INTEL\AppData\Local\THQ Nordic
2020-03-24 20:25 - 2020-03-24 20:25 - 000000219 _____ C:\Users\INTEL\Desktop\Dota 2.url
2020-03-24 20:09 - 2020-03-24 20:09 - 000000000 ____D C:\Users\INTEL\AppData\LocalLow\Paranoid Productions
2020-03-24 20:00 - 2020-03-24 20:00 - 000018201 _____ C:\Users\INTEL\Downloads\The.Church.in.the.Darkness.v1.25-CODEX.torrent
2020-03-20 22:30 - 2020-03-20 22:30 - 021567032 _____ (Adobe) C:\Users\INTEL\Downloads\flashplayer_32_ppapi_debug.exe
2020-03-20 22:27 - 2020-03-20 22:27 - 013126832 _____ (Adobe Inc.) C:\Users\INTEL\Downloads\sw_lic_full_installer.exe
2020-03-20 22:27 - 2020-03-20 22:27 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2020-03-18 14:51 - 2020-03-18 14:51 - 011767044 _____ C:\Users\INTEL\Downloads\xRF_533431_0106_5492215S128.mp4
2020-03-18 14:07 - 2020-04-15 02:17 - 000000000 ____D C:\Users\INTEL\Desktop\Banmeshi Album 2
2020-03-17 23:07 - 2020-03-17 23:07 - 000001731 _____ C:\Users\INTEL\Downloads\2ndMonth.txt
2020-03-17 17:15 - 2020-03-17 17:15 - 001901515 _____ C:\Users\INTEL\Downloads\Gl-06-Final-Paper.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-04-16 13:17 - 2018-09-15 15:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-16 13:13 - 2018-09-15 15:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-04-16 13:06 - 2019-05-07 19:54 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-04-16 13:06 - 2019-03-27 12:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-16 13:06 - 2019-03-06 18:12 - 000000000 ____D C:\ProgramData\NVIDIA
2020-04-16 13:05 - 2018-09-15 14:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-04-16 13:03 - 2019-12-31 12:12 - 000003108 _____ C:\WINDOWS\system32\Tasks\KMSAutoNet
2020-04-16 13:03 - 2019-12-15 18:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2020-04-16 13:03 - 2019-12-11 16:00 - 000003340 _____ C:\WINDOWS\system32\Tasks\AVGUpdateTaskMachineUA
2020-04-16 13:03 - 2019-12-11 16:00 - 000003116 _____ C:\WINDOWS\system32\Tasks\AVGUpdateTaskMachineCore
2020-04-16 13:03 - 2019-11-10 11:27 - 000003364 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2020-04-16 13:03 - 2019-11-10 11:27 - 000003140 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2020-04-16 13:03 - 2019-03-27 12:58 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-04-16 13:03 - 2019-03-27 12:58 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-04-16 13:03 - 2019-03-27 12:58 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-04-16 13:03 - 2019-03-27 12:58 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1514647402-2240813474-3395892600-1002
2020-04-16 12:56 - 2019-05-27 18:31 - 000000000 ____D C:\Users\INTEL\AppData\Local\CrashDumps
2020-04-16 12:54 - 2019-06-01 01:21 - 000000000 ____D C:\Program Files (x86)\Steam
2020-04-16 12:39 - 2019-03-27 12:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-15 18:47 - 2019-03-27 12:42 - 000002367 _____ C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-15 18:47 - 2019-03-07 09:14 - 000000000 ___RD C:\Users\INTEL\OneDrive
2020-04-15 08:59 - 2019-03-07 09:12 - 000000000 ____D C:\Users\INTEL\AppData\Local\Packages
2020-04-14 23:10 - 2019-04-19 11:20 - 000000000 ____D C:\Users\INTEL\AppData\Local\osu!
2020-04-14 03:28 - 2019-03-26 11:45 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\vlc
2020-04-13 11:00 - 2019-04-09 19:35 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\uTorrent
2020-04-13 10:53 - 2019-04-09 19:36 - 000000000 ____D C:\Users\INTEL\AppData\Local\BitTorrentHelper
2020-04-12 21:29 - 2019-03-07 00:42 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-12 21:02 - 2018-09-15 15:31 - 000000000 ____D C:\WINDOWS\INF
2020-04-10 21:31 - 2019-05-25 14:25 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\NVIDIA
2020-04-10 21:30 - 2019-11-28 12:25 - 000000000 ____D C:\eBIRForms
2020-04-10 12:00 - 2019-03-27 12:34 - 005155072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-10 11:25 - 2019-03-15 23:24 - 000000000 ____D C:\Users\INTEL\AppData\Local\NVIDIA
2020-04-10 11:21 - 2019-03-07 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2020-04-10 11:21 - 2019-03-06 18:11 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-04-10 11:21 - 2019-03-06 18:11 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-04-10 11:21 - 2019-03-06 18:11 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-04-10 11:15 - 2019-08-08 16:49 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2020-04-10 11:15 - 2019-08-08 16:20 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2020-04-10 09:55 - 2018-09-15 15:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-04-10 09:52 - 2019-03-06 18:13 - 000000000 ____D C:\Program Files\Microsoft Office
2020-04-08 11:58 - 2019-03-07 09:27 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-08 11:58 - 2019-03-07 09:27 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-08 11:58 - 2019-03-07 09:27 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-08 11:52 - 2020-01-06 17:29 - 000000000 ____D C:\Users\INTEL\Documents\Kris
2020-04-06 11:18 - 2019-12-19 06:17 - 000000000 _____ C:\WINDOWS\system32\last.dump
2020-04-04 19:49 - 2019-03-07 09:12 - 000000000 ____D C:\Users\INTEL\AppData\Local\VirtualStore
2020-04-02 14:21 - 2019-03-27 12:42 - 000000000 ____D C:\Users\INTEL
2020-04-01 11:23 - 2020-02-25 13:05 - 000000000 ____D C:\Users\INTEL\Documents\HiSuite
2020-04-01 00:24 - 2019-08-10 23:29 - 000000000 ____D C:\Users\INTEL\Documents\My Games
2020-04-01 00:24 - 2019-03-30 20:26 - 000000000 ____D C:\Users\INTEL\AppData\Local\D3DSCache
2020-03-28 20:21 - 2019-11-20 00:54 - 000000000 ____D C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-03-28 19:55 - 2018-09-15 15:41 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2020-03-28 19:55 - 2018-09-15 15:41 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2020-03-28 19:55 - 2018-09-15 15:41 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2020-03-28 19:55 - 2018-09-15 15:41 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2020-03-28 19:55 - 2018-09-15 15:41 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2020-03-28 19:55 - 2018-09-15 15:41 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2020-03-28 19:55 - 2018-09-15 15:41 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2020-03-28 19:55 - 2018-09-15 15:41 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2020-03-28 19:55 - 2018-09-15 15:41 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2020-03-28 19:55 - 2018-09-15 15:41 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2020-03-28 19:55 - 2018-09-15 15:41 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2020-03-28 19:55 - 2018-09-15 15:37 - 000472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2020-03-28 19:55 - 2018-09-15 15:37 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2020-03-28 19:55 - 2018-09-15 15:37 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2020-03-28 19:55 - 2018-09-15 15:37 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2020-03-28 19:55 - 2018-09-15 15:37 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2020-03-28 19:55 - 2018-09-15 15:37 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2020-03-28 19:55 - 2018-09-15 15:37 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2020-03-28 19:55 - 2018-09-15 15:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-03-27 19:20 - 2019-12-31 12:12 - 000000000 ____D C:\ProgramData\KMSAutoS
2020-03-27 13:02 - 2019-08-08 15:46 - 000000000 ____D C:\Games
2020-03-26 11:20 - 2019-05-01 13:30 - 000000000 ____D C:\Users\INTEL\Documents\Scanned Documents
2020-03-24 20:55 - 2019-07-07 09:11 - 000000000 ____D C:\Cannon Ballers
2020-03-24 20:54 - 2019-05-07 23:09 - 000000000 ____D C:\Users\INTEL\Downloads\LDJ-2016083100
2020-03-24 20:54 - 2019-05-07 22:47 - 000000000 ____D C:\Users\INTEL\Downloads\M39-2018082100
2020-03-20 22:31 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-03-20 22:30 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-03-20 22:26 - 2019-07-31 01:17 - 000000000 ____D C:\Users\INTEL\Desktop\Peter Files
 
==================== Files in the root of some directories ========
 
2019-05-26 19:09 - 2020-01-10 13:17 - 000000128 _____ () C:\Users\INTEL\AppData\Local\PUTTY.RND
2020-01-17 08:01 - 2020-01-17 08:01 - 000017262 _____ () C:\Users\INTEL\AppData\Local\recently-used.xbel
2020-01-16 15:00 - 2020-01-16 15:00 - 000000000 _____ () C:\Users\INTEL\AppData\Local\{A57F673C-9308-4344-B6CE-896767A114ED}
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
|
|
|
|
|
|
|
|
|
|
|
|
 
__________________________

Below is the log from Addition.txt

-------------------------------------------

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2020
Ran by INTEL (16-04-2020 13:25:39)
Running from C:\Users\INTEL\Downloads
Windows 10 Pro Version 1809 17763.678 (X64) (2019-03-27 05:00:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1514647402-2240813474-3395892600-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1514647402-2240813474-3395892600-503 - Limited - Disabled)
Guest (S-1-5-21-1514647402-2240813474-3395892600-501 - Limited - Enabled)
INTEL (S-1-5-21-1514647402-2240813474-3395892600-1002 - Administrator - Enabled) => C:\Users\INTEL
WDAGUtilityAccount (S-1-5-21-1514647402-2240813474-3395892600-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\uTorrent) (Version: 3.5.5.45449 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.344 - Adobe)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.5.205 - Adobe, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.2.2401 - Avast Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 78.1.0.1 - Brave Software Inc)
Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version:  - getcomposer.org)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
eBIRForms version v7.4.2 (HKLM-x32\...\eBIRForms_is1) (Version: v7.4.2 - )
FileZilla Client 3.42.1 (HKLM-x32\...\FileZilla Client) (Version: 3.42.1 - Tim Kosse)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
GIMP 2.10.12 (HKLM\...\GIMP-2_is1) (Version: 2.10.12 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Grand Theft Auto V_is1) (Version: 1.0.877.1 - )
HiSuite (HKLM-x32\...\Hi Suite) (Version: 10.0.1.100 - )
HP DeskJet 2600 series Basic Device Software (HKLM\...\{FB71D010-BD89-4624-B681-355F72DE4E58}) (Version: 43.3.2478.18107 - HP Inc.)
HP DeskJet 2600 series Help (HKLM-x32\...\{9A36A9D9-787C-4E75-914B-CF133FA88FC9}) (Version: 44.0.0 - HP)
HP Dropbox Plugin (HKLM-x32\...\{C68BD3B6-3CC4-4871-94D1-3412A571001F}) (Version: 36.0.100.66344 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{763E42DC-F6DB-49E5-AAFD-CC3273F858CB}) (Version: 43.0.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{1E02EFE9-1EDB-4EE4-B02F-1B23C9AF3CD5}) (Version: 43.0.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{ADA6C223-3EEA-4CAF-822A-5380A7A40342}) (Version: 36.0.100.66344 - HP)
HP OneDrive Plugin (HKLM-x32\...\{16DB1A9B-1180-43E7-BE29-7201EE339206}) (Version: 36.0.0.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{1F73FB9B-71BC-47F8-8AA6-DA9076E4E52B}) (Version: 43.0.0.0 - HP)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Java 8 Update 211 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
KinoniDrivers 2.9.4 (HKLM-x32\...\KinoniDrivers) (Version: 2.9.4 - Kinoni)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.90 - McAfee, LLC.)
Melodics version 2.1.4208.0 (HKLM\...\Melodics_is1) (Version: 2.1.4208.0 - )
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.12624.20382 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.12624.20382 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.12624.20382 - Microsoft Corporation)
Microsoft Project Professional 2019 - en-us (HKLM\...\ProjectPro2019Retail - en-us) (Version: 16.0.12624.20382 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.12624.20382 - Microsoft Corporation)
Microsoft Visio Professional 2019 - en-us (HKLM\...\VisioPro2019Retail - en-us) (Version: 16.0.12624.20382 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mobirise4 (HKLM-x32\...\Mobirise4_is1) (Version:  - Mobirise.com)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
MuseScore 3 (HKLM\...\{778D5D3D-5448-40F4-AACC-47D443C3E8A1}) (Version: 3.4.2.9788 - Werner Schweer and Others)
MySQL Workbench 8.0 CE (HKLM\...\{C806C745-44EB-4934-8531-7A38D4C75E62}) (Version: 8.0.16 - Oracle Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6.4 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.1.0 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
osu! (HKLM-x32\...\{6eb578df-63a2-4925-a92b-3b27ab348278}) (Version: latest - ppy Pty Ltd)
PuTTY release 0.72 (64-bit) (HKLM\...\{8EFBA1C7-A8B8-4FB9-BEC0-6CEC6C7145DE}) (Version: 0.72.0.0 - Simon Tatham)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Resident Evil 7: Biohazard (HKLM-x32\...\Resident Evil 7: Biohazard_is1) (Version:  - )
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 6 (HKLM-x32\...\Sid Meier's Civilization 6_is1) (Version:  - )
Skype version 8.57 (HKLM-x32\...\Skype_is1) (Version: 8.57 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\Spotify) (Version: 1.1.28.721.g5b5ee660 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.5.1691 - TeamViewer)
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{13668B9F-F140-4BAB-AB06-08E0D43564F4}) (Version: 2.51.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 25.0 - Ubisoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.2.0 - Elaborate Bytes)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Web Companion (HKLM-x32\...\{62f6bdf3-b4a7-4099-93cb-3b543f2b84e1}) (Version: 4.10.2225.4082 - Lavasoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2017 (HKLM-x32\...\{3CC29C1A-B5FE-457B-1234-32A2557A92C7}}_is1) (Version:  - winmoviemaker)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 7.2.16-0 - Bitnami)
Zoom (HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)
 
Packages:
=========
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-04-03] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-07-20] (HP Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-27] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-08] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.9.0_x64__nfy108tqq3p12 [2019-04-03] (Thumbmunkeys Ltd) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-03-28] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-03-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-01-28] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-03-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-03-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2015-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-03-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [msacm.vorbis] => C:\WINDOWS\system32\vorbis.acm [1470976 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-29] () [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-29] () [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\INTEL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e2f3576b7abb043d\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) =============
 
2018-08-16 20:54 - 2018-08-16 20:54 - 001484800 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam\avcodec-58.dll
2018-08-16 20:52 - 2018-08-16 20:52 - 000556544 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam\avutil-56.dll
2018-08-16 20:54 - 2018-08-16 20:54 - 000190464 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam\swresample-3.dll
2018-08-16 20:55 - 2018-08-16 20:55 - 000514048 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam\swscale-5.dll
2019-03-07 09:26 - 2016-10-04 22:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-04-10 11:20 - 2015-07-23 08:44 - 001367232 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2020-04-10 11:21 - 2015-07-24 12:21 - 001942360 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2020-04-10 11:21 - 2015-07-24 12:21 - 001710568 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\WINDOWS\system32\nvspcap64.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\INTEL\Application Data:c7637b1ddf4ebe3cea300c7598738ba3 [394]
AlternateDataStreams: C:\Users\INTEL\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\INTEL\AppData\Roaming:c7637b1ddf4ebe3cea300c7598738ba3 [394]
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 19:04 - 2019-12-31 12:03 - 000000876 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 cracksmind.com
0.0.0.0 www.cracksmind.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\xampp\php;C:\ProgramData\ComposerSetup\bin;C:\Program Files (x86)\Windows Live\Shared;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\PuTTY\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\StartupApproved\Run: => "AVGBrowserAutoLaunch_F8DC4CE4B7007F84B29263E477879FEC"
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\StartupApproved\Run: => "Skype for Desktop"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{484B9087-FA93-46CB-AB1D-FBF8617CAAD3}] => (Allow) LPort=1900
FirewallRules: [{989716BF-FD16-4583-B604-6C139EBF61DC}] => (Allow) LPort=2869
FirewallRules: [{FF6A5491-D9EF-486E-A4CD-089FB6300D6D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{9B52689B-8525-49D4-B4F8-AA2B4C04A505}C:\xampp3\mysql\bin\mysqld.exe] => (Allow) C:\xampp3\mysql\bin\mysqld.exe No File
FirewallRules: [TCP Query User{FC697744-A2AB-49EF-B383-2A47F18A8734}C:\xampp3\mysql\bin\mysqld.exe] => (Allow) C:\xampp3\mysql\bin\mysqld.exe No File
FirewallRules: [UDP Query User{398F02E2-BF3B-45D9-B9E2-BB86EC767083}C:\xampp3\apache\bin\httpd.exe] => (Allow) C:\xampp3\apache\bin\httpd.exe No File
FirewallRules: [TCP Query User{E0EA74F5-85D7-4733-979F-30DCCE2BF062}C:\xampp3\apache\bin\httpd.exe] => (Allow) C:\xampp3\apache\bin\httpd.exe No File
FirewallRules: [UDP Query User{3B357D89-1465-41F3-9E2F-5FE2C084C57C}C:\xampp2\mysql\bin\mysqld.exe] => (Allow) C:\xampp2\mysql\bin\mysqld.exe No File
FirewallRules: [TCP Query User{CFFF77B7-25D0-4C61-85EB-F3A11B188EF0}C:\xampp2\mysql\bin\mysqld.exe] => (Allow) C:\xampp2\mysql\bin\mysqld.exe No File
FirewallRules: [UDP Query User{1BF8BAF1-294A-4F19-9181-EACC2A967C11}C:\xampp2\apache\bin\httpd.exe] => (Allow) C:\xampp2\apache\bin\httpd.exe No File
FirewallRules: [TCP Query User{21F555BF-47B9-41F6-9856-DF6729B22310}C:\xampp2\apache\bin\httpd.exe] => (Allow) C:\xampp2\apache\bin\httpd.exe No File
FirewallRules: [UDP Query User{B5DE120F-F991-49AB-A1BA-9001BD0EFCAF}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [TCP Query User{9C4C80B6-54B1-438D-B938-14EB9381186A}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [UDP Query User{F9A25F13-34D7-49A6-84EB-246D0627C236}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{4E8262C4-0FCC-4584-8719-67BD05D4C9A9}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{88F91C72-F927-42D3-B643-E12002433F24}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe No File
FirewallRules: [TCP Query User{B97DFC92-94FC-4311-A5E5-9738A069EDEA}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe No File
FirewallRules: [{DC8C875B-C44C-4C9A-8A6D-7A4A255E1CEB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D66C2EAC-D95D-4E40-B2BA-9CD2EC787F1F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5BB3F4E6-15EE-4BA8-8220-427CCC4888A7}] => (Allow) C:\Users\INTEL\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{28238460-4265-4A67-97F4-A65FBF1C8E6C}] => (Allow) C:\Users\INTEL\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{5EF4B4ED-FD52-46BF-B1F9-9AD71ED3E703}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
FirewallRules: [TCP Query User{7ECD39EF-9D37-4A9B-94D4-ED144A0E8952}C:\users\intel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\intel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{B4CBFB61-69AC-4C46-951E-35050CE907C9}C:\users\intel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\intel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{E99CA314-4EB4-46AB-BD6E-9BE2E2B1F562}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe (FileZilla Project) [File not signed]
FirewallRules: [UDP Query User{7903CBE2-C210-4C55-ACC1-E1B928D33B46}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe (FileZilla Project) [File not signed]
FirewallRules: [{A92632D2-ABDD-437F-A6C5-C6CD5656A748}] => (Block) C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit) ()
FirewallRules: [{B7BD37EB-FC2A-4186-AEAC-F44109B110DE}] => (Block) C:\Program Files\Adobe\Adobe After Effects CS6 ()
FirewallRules: [{9130C6C0-CA21-4A4F-96F0-FD6FFE1E4428}] => (Block) C:\Program Files\Adobe\Adobe Media Encoder CS6 ()
FirewallRules: [{78F252F6-C967-414C-9598-A5C0135D77F4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{318A4BE2-0F9B-40A2-9418-D484F8076ED1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{20A4F72D-1978-4858-BD55-01E55F353EF2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{52DF64D9-7DDE-45DD-B281-A821A16504A1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{C9214680-AA6C-4B76-A143-EA8287B76113}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{B7BC1DF6-BBA0-4091-8138-6CAF7209AE1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TAPSONIC BOLD\BOLD.exe () [File not signed]
FirewallRules: [{D94927B7-248F-43FC-BCA1-CA8AC8726706}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TAPSONIC BOLD\BOLD.exe () [File not signed]
FirewallRules: [TCP Query User{C5B0E9CC-F658-4782-890A-8CD0A045FEE7}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [File not signed]
FirewallRules: [UDP Query User{3E42100B-6249-4F39-BAA2-FB072C6A70E0}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [File not signed]
FirewallRules: [{CDFAFD00-D570-4B2E-AEA2-46A7F530840C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E9856FED-053D-4E77-A429-D47ACEE6454A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0898812B-E07E-4513-99FB-0E44C3808C3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Groove Coaster for Steam\App\Release\gcst.exe (Taito) [File not signed]
FirewallRules: [{1247FCDF-5305-447A-8E84-861D26AC2633}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Groove Coaster for Steam\App\Release\gcst.exe (Taito) [File not signed]
FirewallRules: [{4B10E2EB-9C4A-4AF5-96E5-DDC2F0A03A96}] => (Allow) LPort=5055
FirewallRules: [{AF3D17FD-C58C-41CC-B1CD-17D630BB5957}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FAB7D1FC-ECAF-468B-B403-0424EC5C864B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DFB2781B-19EA-418A-B46A-90C2C0C47337}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{94C4FC4C-9FC9-48B7-BD3B-91C7E157D4E3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{08980466-ECFC-4DBD-A84E-E71B5216AE85}C:\cannon ballers\ldj-2018091900\contents\launcher.exe] => (Allow) C:\cannon ballers\ldj-2018091900\contents\launcher.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{6C040A47-BF2F-443D-8794-B22D176094B6}C:\cannon ballers\ldj-2018091900\contents\launcher.exe] => (Allow) C:\cannon ballers\ldj-2018091900\contents\launcher.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{9165C42E-B75B-47F0-A533-C37D12120472}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe (Rockstar Games) [File not signed]
FirewallRules: [UDP Query User{26397864-1FA4-41A1-8099-A828CD90959B}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe (Rockstar Games) [File not signed]
FirewallRules: [{13B1156D-1E7A-4C64-B292-1D90AB3DFD7E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{C4CBC531-497C-466B-A883-20D90102EC51}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{77EE9A8B-44F2-4EE6-82D4-82AFE4A86CAB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{FE4F3A6C-1672-4CEF-8388-37086E609847}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{1BB750C4-0A81-4E93-8306-5916ABF9A88E}] => (Allow) C:\Users\INTEL\AppData\Local\Temp\7zS533E\HP.EasyStart.exe No File
FirewallRules: [{F4AE4EBD-E24B-43F3-BDE8-C8F1FAE11E9F}] => (Allow) C:\Users\INTEL\AppData\Local\Temp\7zS6480\HP.EasyStart.exe No File
FirewallRules: [{813CDB05-CD52-4B47-B865-31016DF1C1B8}] => (Allow) C:\Program Files\HP\HP DeskJet 2600 series\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{4854AE23-A945-4546-8E39-E1EC42FACAAE}] => (Allow) C:\Program Files\HP\HP DeskJet 2600 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{CBBD65F4-FA0C-4EF8-B2F5-C9BFF841F8DC}] => (Allow) LPort=5357
FirewallRules: [{590C5AF5-E3E5-4C20-84C9-95C9C051B6C5}] => (Allow) C:\Program Files\HP\HP DeskJet 2600 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{FFA0B437-6E8F-4D32-B2A6-B28A6169C33D}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{B14258C7-B8A4-4CCD-A288-E3238EAC9F87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DJMAX RESPECT V\DJMAX RESPECT V.exe (NEOWIZ -> )
FirewallRules: [{7E11C23E-F4EE-421E-88EA-F1877A0571EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DJMAX RESPECT V\DJMAX RESPECT V.exe (NEOWIZ -> )
FirewallRules: [{88E40B9B-6F2B-4F34-ABD8-C6A23D56374D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2611F237-E456-46FE-9405-1EF318F2EBC6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BED73A1A-88CE-4166-AE92-2DB69169FF04}] => (Allow) LPort=1688
FirewallRules: [{BAEE7F0F-3956-4F48-B5A7-111A45F41388}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DAD37398-4004-4EC2-992C-B9E307499E76}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{59677B14-9B39-4534-9A84-20AFAFC3FA41}] => (Allow) C:\Users\INTEL\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{228F3FD8-D61E-48B3-A695-56BAD3027206}] => (Allow) C:\Users\INTEL\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{78EF5B40-58DC-4AC1-9069-963040295029}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\100 Orange Juice\100orange.exe () [File not signed]
FirewallRules: [{415EF686-6BE2-4A0E-A54B-9693A29914B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\100 Orange Juice\100orange.exe () [File not signed]
FirewallRules: [TCP Query User{3D549D31-3329-4C67-B535-5B1E582A5680}C:\users\intel\desktop\tetrisonlinepoland\tetris.exe] => (Allow) C:\users\intel\desktop\tetrisonlinepoland\tetris.exe (Tetris Online Japan) [File not signed]
FirewallRules: [UDP Query User{9259DB9D-1834-470F-89AD-E4AAA5D91521}C:\users\intel\desktop\tetrisonlinepoland\tetris.exe] => (Allow) C:\users\intel\desktop\tetrisonlinepoland\tetris.exe (Tetris Online Japan) [File not signed]
FirewallRules: [TCP Query User{A9C7C496-D001-42EA-8C84-87F96C6A3F96}E:\games\crash bandicoot n. sane trilogy\crashbandicootnsanetrilogy.exe] => (Allow) E:\games\crash bandicoot n. sane trilogy\crashbandicootnsanetrilogy.exe No File
FirewallRules: [UDP Query User{1E0F276B-96B6-4974-96BB-BE7015F2D361}E:\games\crash bandicoot n. sane trilogy\crashbandicootnsanetrilogy.exe] => (Allow) E:\games\crash bandicoot n. sane trilogy\crashbandicootnsanetrilogy.exe No File
FirewallRules: [{28FE6F24-50F2-4AE1-B21A-C659F764D0D8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2C157996-B988-45E5-A375-45F30B31DECB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6129760D-F69A-4442-B4F5-43EB5DFD1469}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{8BD59DBE-0ED6-4BDA-9161-2D9358F9817A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{7B62B1D3-4F58-405E-B504-A34D8046B238}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe (SEGA EUROPE LIMITED -> SEGA)
FirewallRules: [{126789FB-74AF-4B88-A317-3C572886EFE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe (SEGA EUROPE LIMITED -> SEGA)
FirewallRules: [TCP Query User{F228CBC8-5435-4D12-8619-D32D1D03A0A6}E:\sims 54\game\bin\ts4_x64.exe] => (Allow) E:\sims 54\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{59F02431-BBB1-4DF3-B676-96B0E9FBED12}E:\sims 54\game\bin\ts4_x64.exe] => (Allow) E:\sims 54\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
 
==================== Restore Points =========================
 
05-04-2020 10:18:39 Scheduled Checkpoint
10-04-2020 20:57:24 AA11
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/16/2020 01:07:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/16/2020 01:07:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (04/16/2020 12:55:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17763.1, time stamp: 0xb900eeff
Faulting module name: wpnuserservice.dll, version: 10.0.17763.1, time stamp: 0xcb4f608f
Exception code: 0xc0000409
Fault offset: 0x0000000000008a6d
Faulting process id: 0x2ea8
Faulting application start time: 0x01d613ab40cdeda6
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\wpnuserservice.dll
Report Id: 4a4bbe74-38ba-4656-bf3e-2895d6c15589
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/16/2020 09:17:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (04/16/2020 09:17:40 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/15/2020 06:24:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17763.1, time stamp: 0xb900eeff
Faulting module name: wpnuserservice.dll, version: 10.0.17763.1, time stamp: 0xcb4f608f
Exception code: 0xc0000409
Fault offset: 0x0000000000008a6d
Faulting process id: 0x1514
Faulting application start time: 0x01d6130f6931237a
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\wpnuserservice.dll
Report Id: 8750a279-695b-4fff-8a4a-824e37aa847f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/15/2020 06:20:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (04/15/2020 06:20:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (04/16/2020 01:29:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/16/2020 01:29:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (04/16/2020 01:27:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/16/2020 01:27:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (04/16/2020 01:25:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/16/2020 01:25:09 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (04/16/2020 01:23:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/16/2020 01:23:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0VBR7UG)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2019-08-12 21:20:23.631
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {AB7C9DC7-5BD2-4E99-B404-1484FEF46735}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-08-12 21:10:47.674
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DD4B7F4D-7CB1-4E68-A551-4E9132D5DA29}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-08-12 20:58:11.134
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {880CF904-DF1B-49B9-AB76-7DF3C1C8589B}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-08-12 19:24:37.041
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {294AA2C8-3563-4313-AC41-05CC7D66FF96}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-08-12 19:18:58.619
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {87D45B9C-49A0-4F31-A85A-3D010813454B}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-08-15 08:13:48.481
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2019-08-03 09:58:29.612
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.299.1111.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16200.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2019-07-24 09:35:15.738
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.299.372.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16200.1
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2020-04-16 13:21:53.940
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-04-16 13:21:53.937
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-04-16 13:21:22.224
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-04-16 13:21:22.219
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-04-16 13:17:28.240
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-04-16 13:17:28.212
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-04-16 13:17:23.198
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-04-16 13:17:23.161
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 0604 02/07/2012
Motherboard: ASUSTeK COMPUTER INC. SABERTOOTH Z77
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 78%
Total physical RAM: 4051.26 MB
Available physical RAM: 870.96 MB
Total Virtual: 9421.26 MB
Available Virtual: 5638.26 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:409.67 GB) (Free:19.34 GB) NTFS
Drive e: () (Fixed) (Total:357.29 GB) (Free:189.11 GB) NTFS
Drive f: (Stupidity) (Fixed) (Total:164.06 GB) (Free:20.09 GB) NTFS
 
\\?\Volume{c1839af6-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C1839AF6)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=409.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=357.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=164.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

 

|
|
|
|

  • 0

Advertisements


#2
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 1,789 posts

Hi, yuyuti.
 
Welcome to Geeks to Go!

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before act! Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the proceedure, unless I ask you to do so.

3. Please, copy all the content of the required logs and paste it inside your post. Do not attach any log or other file, unless directed otherwise.

4. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs. I will be with you, as far as I can.

 

5. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

 

I will be back to you soon. :)


  • 0

#3
yuyuti

yuyuti

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Thank you Dr. M! Cheers!  :geek:


  • 0

#4
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 1,789 posts

Hi, yuyuti.

Warnings

  • You have signs of KMSpico installed on your computer. This program is used to illegally activate Microsoft's products, such as Windows or Office. My instructions will remove these items, and this means that either your Windows or Office (or both) will stop being activated, and therefore they will stop working properly. Note that if the problem is with your Windows activation, you will have many restrictions soon or later, including not receiving security updates.
  • I also notice that you are using a method to bypass activation of licensed software. Doing so is illegal, plus the tools we use here often remove anything having to do with these methods. Please, remove all traces of such methods before you continue, as well as any pirate program you may have installed.
  • You have Bittorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.
    • If you decide to uninstall it, uninstall it along with the unwanted programs in Step 4 below.
    • If you decide to keep it, DON'T use it during the cleaning procedure.

 

You can proceed with the following, only if you agree with the above.

=======================================================================================================================

1. Windows updates

Assuming that your Windows operating system is legally activated, is there any reason why you haven't upgraded from Windows 10 Version 1809 to Version 1909 that was released last November? It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer. Either enable Automatic Updates or get into the habit of checking for Windows updates regularly. The end of service for Version 1809 is May 12, 2020, so you should consider updating your operating system after the cleaning procedure.

 

2. Notifications

Did you intentionally enable notifications from these sites?


hxxps://ask.fm
hxxps://www.chess.com
hxxps://www.instagram.com
hxxps://www.techinasia.com
hxxps://www.thecrucible.online
hxxps://www.travelbook.ph
hxxps://www.facebook.com

3. Program in question

Did you intentionally install McAfee WebAdvisor? If not, please uninstall it along with Web Companion, at the next step.

 

4. Uninstall programs

You have already AVAST installed on your computer, as an antivirus. You also have Web Companion, which, although a legitimate program, is often bundled with 3rd party software. Have in mind that installing more than one of those programs may conflict with each other and cause the following:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
  • Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

I recommend you to uninstall WebCompanion.

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Web Companion
(McAfee WebAdvisor)*
(μTorrent)*
* If you decide to uninstall it
  • Select the program / programs and click Uninstall.
  • Restart the computer.

 

5. Chrome extensions in question

Did you intentionally installed these Chrome extensions?


McAfee® WebAdvisor
AVG SafePrice

If yes, it's OK. No need to remove them.

If not, uninstall them, doing the following:

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find the extensions in the code below, and remove them, clicking on Remove.
McAfee® WebAdvisor
AVG SafePrice
  • Confirm the action by clicking Remove once again.
  • Do the procedure separately, for each one of the extensions.

 

6. Run AVG Remover

  • Please download AVG remover.
  • Save it on your Desktop and run it.
  • Follow the instructions to uninstall AVG remnants.
  • Restart the computer.

 

7. FRST fix

Please do the following to run a FRST fix:

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\...\Run: [AdobeBridge] => [X]
Task: {4ABE4703-1F17-41C9-8158-D987AC340C94} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {7EE04B03-A9AC-4E31-97C7-6A8B8BB6F20D} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {7F32B9B5-E046-4440-8CB9-BEFD3CE6CE6F} - \Microsoft\Windows\WDI\SrvHost -> No File <==== ATTENTION
HKU\S-1-5-21-1514647402-2240813474-3395892600-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171101&iDate=2020-03-28 05:15:23&bName=
SearchScopes: HKU\S-1-5-21-1514647402-2240813474-3395892600-1002 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
AlternateDataStreams: C:\Users\INTEL\Application Data:c7637b1ddf4ebe3cea300c7598738ba3 [394]
AlternateDataStreams: C:\Users\INTEL\AppData\Roaming:c7637b1ddf4ebe3cea300c7598738ba3 [394]
FirewallRules: [UDP Query User{88F91C72-F927-42D3-B643-E12002433F24}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe No File
FirewallRules: [TCP Query User{B97DFC92-94FC-4311-A5E5-9738A069EDEA}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe No Fil
C:\ProgramData\KMSAutoS
Hosts:
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

8. FRST scan

  • Move the FRST from your Downloads folder on your Desktop.
  • Double-click to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.

In your next reply please post:

  • Your reply about the notifications
  • The fixlog.txt
  • FRST.txt and Addition.txt

 


  • 0

#5
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 1,789 posts

Hi, yuyuti.

 

Do you still need assistance?


  • 0

#6
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,536 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#7
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,536 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: startupchecklibrary.dll, malware, virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP