Solved WMC Agent Won't Leave Along with Other Files

Riccrocc789

New Member
Thread author
Apr 2, 2018
10
I used a file that downloaded a bunch of programs and I believe that I got most of them out but along with WMC Agent there still still things I can't delete and keep coming back. I've used multiple software programs to try to delete them but after I restart my computer and scan again they are still there. I posted pictures of what is still present in my computer. I've tried to get them out for a couple days and nothing seems to have come close to deleting these Trojans and Virus. Hopefully these pics and logs will help thank you for your time.
 

Attachments

  • Capture.PNG
    Capture.PNG
    25.6 KB · Views: 7
  • Capture.PNG
    Capture.PNG
    53 KB · Views: 10
  • Addition.txt
    68.3 KB · Views: 1
  • FRST.txt
    73 KB · Views: 2
  • JRT.txt
    626 bytes · Views: 2
  • Capture.PNG
    Capture.PNG
    38.1 KB · Views: 6

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.
  • Now you should get a window like this where you need to click Troubleshoot.
Windows-10-2.jpg

  • In the next window, click Advanced options and select Command Prompt.
  • Now you should log in into your account and after that Command Promptwindow.
notepad.png
Access the notepad and identify your USB drive

In the Command Prompt please type in:
Code:
notepad
and press Enter.
  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.
  • Note down the letter and close the notepad.


FRST.gif
Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:
  • Type in e:\frst64.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.
  • When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.
 

Riccrocc789

New Member
Thread author
Apr 2, 2018
10
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by SYSTEM on MININT-180LNFK (03-04-2018 16:13:11)
Running from F:\
Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Fight Stick Alpha] => C:\Program Files\Mad Catz\Fight Stick Alpha\Fight_Stick_Alpha_Profiler.exe [671232 2016-03-04] (Mad Catz Inc)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16073336 2016-08-10] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16776192 2016-12-02] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11328464 2015-09-11] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [GammingApp] => C:\Program Files (x86)\MSI\MSI Gaming APP\SGamingApp.exe [1147048 2015-09-03] (Micro-Star Int'l Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-12-12] (Copyright (c) 2017 Plays.tv, LLC)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\Kai\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\Kai\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\Kai\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3198752 2018-03-26] (Valve Corporation)
HKU\Kai\...\Run: [Discord] => C:\Users\Kai\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\Kai\...\RunOnce: [Application Restart #5] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MSI)
HKU\Kai\...\RunOnce: [Application Restart #0] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MSI)
HKU\Kai\...\RunOnce: [Application Restart #1] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MSI)
HKU\Kai\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-19] (Google Inc.)
HKU\Kai\...\RunOnce: [Application Restart #3] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MSI)
Startup: C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2018-01-21]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.)
Startup: C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2018-01-22]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2017-10-18]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software)
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"HKLM\System\ControlSet001\Services\aehknr" => removed successfully
"HKLM\System\ControlSet001\Services\anhot" => removed successfully
C:\Windows\System32\drivers\rtradhkn.sys => moved successfully
C:\Users\Kai\AppData\Local\tihawem\wmczogt.exe => moved successfully
C:\Users\Kai\AppData\Local\wmcagent\wmcagent.exe => moved successfully
C:\Users\Kai\AppData\Local\wmcagent\wow_helper.exe => moved successfully
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S4 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2016-05-27] ()
S2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-03-08] ()
S4 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [34984 2015-09-03] (Micro-Star Int'l Co., Ltd.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe [426416 2018-04-02] (AO Kaspersky Lab)
S2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-28] (IObit)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-08-10] (Logitech Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S2 Microsoft DirectX Configuration Service; C:\Windows\SysWOW64\dxconfig.exe [64512 2016-02-15] ()
S4 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1768912 2015-09-11] (Micro-Star INT'L CO., LTD.)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-12-12] (Copyright (c) 2017 Plays.tv, LLC)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S2 RealtekWlanU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
S2 RTLDHCPService; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [261848 2013-11-12] (Realtek)
S2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-02] (Microsoft Corporation)
S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-02] (Microsoft Corporation)
S2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-02] (Microsoft Corporation)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2016-04-23] (ASRock Incorporation)
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA)
S0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-30] (Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-02-03] (Intel Corporation)
S3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-10-17] (ELECOM)
S3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-10-17] (ELECOM)
S1 epp; C:\EEK\bin64\epp.sys [142448 2018-03-27] (Emsisoft Ltd)
S3 EvolveVirtualAdapter; C:\Windows\System32\drivers\evolve.sys [21656 2016-01-01] (Echobit, LLC)
S3 hcwE5bda; C:\Windows\system32\drivers\hcwE5bda.sys [985096 2016-02-08] (Hauppauge Computer Work, Inc.)
S3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
S3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
S3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
S3 Kinonih; C:\Windows\System32\drivers\kinonih.sys [32256 2016-06-22] (Kinoni)
S3 KINONI_Wave; C:\Windows\system32\drivers\kinonivad.sys [32360 2016-04-17] (Windows (R) Win 7 DDK provider)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
S0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-25] (AO Kaspersky Lab)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [120008 2018-04-02] (AO Kaspersky Lab)
S2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab)
S3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [207576 2018-04-02] (AO Kaspersky Lab)
S1 KLHK; C:\Windows\System32\drivers\klhk.sys [594144 2018-04-02] (AO Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1055944 2018-04-02] (AO Kaspersky Lab)
S1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-04-02] (AO Kaspersky Lab)
S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab)
S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50672 2017-12-25] (AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [44768 2017-01-20] (AO Kaspersky Lab)
S3 kltap; C:\Windows\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
S0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [231312 2018-04-02] (AO Kaspersky Lab)
S3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [87584 2018-04-02] (AO Kaspersky Lab)
S3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [252600 2018-04-02] (AO Kaspersky Lab)
S0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [107656 2018-04-02] (AO Kaspersky Lab)
S3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [174664 2018-04-02] (AO Kaspersky Lab)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [93888 2018-04-02] (AO Kaspersky Lab)
S1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [135904 2017-12-25] (AO Kaspersky Lab)
S1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199392 2017-12-25] (AO Kaspersky Lab)
S3 ladfGSS; C:\Windows\system32\drivers\ladfGSS.sys [45208 2016-08-09] (Logitech Inc.)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2016-06-24] (Logitech Inc.)
S1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2018-04-01] ()
S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [102112 2018-04-02] (Malwarebytes)
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S2 mi2c; C:\WINDOWS\system32\drivers\mi2c.sys [20784 2017-01-04] (Nicomsoft Ltd.)
S4 most; C:\Windows\System32\drivers\mefrkund.sys [79064 2018-03-31] (Malwarebytes)
S1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [107488 2017-02-08] (Panda Security, S.L.)
S1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [211376 2016-07-05] (Panda Security, S.L.)
S1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [121312 2017-02-08] (Panda Security, S.L.)
S1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [125872 2016-07-05] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [80152 2016-07-06] (Panda Security, S.L.)
S1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [116656 2016-07-05] (Panda Security, S.L.)
S1 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [91104 2017-02-08] (Panda Security, S.L.)
S1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [135088 2016-07-05] (Panda Security, S.L.)
S1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [335792 2016-07-05] (Panda Security, S.L.)
S1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [197600 2017-02-08] (Panda Security, S.L.)
S1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [123312 2016-07-05] (Panda Security, S.L.)
S1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [278960 2016-07-05] (Panda Security, S.L.)
S1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [125360 2016-07-05] (Panda Security, S.L.)
S2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_95d88c9d04436846\nvlddmkm.sys [17526688 2018-03-16] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2014-11-12] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [58816 2018-03-15] (NVIDIA Corporation)
S2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [177424 2017-02-12] (Panda Security, S.L.)
S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [129296 2017-02-12] (Panda Security, S.L.)
S1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [205584 2017-02-20] (Panda Security, S.L.)
S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2017-02-12] (Panda Security, S.L.)
S2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [144656 2017-02-12] (Panda Security, S.L.)
S2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [114960 2017-02-12] (Panda Security, S.L.)
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [8213328 2018-01-31] (Realtek Semiconductor Corporation )
S3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [47312 2015-09-03] (Razer Inc)
S2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
S2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 SaiX8180; C:\Windows\System32\drivers\SaiX8180.sys [65784 2016-03-08] (Saitek, Madcatz, Ltd.)
S3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 sparkocam; C:\Windows\system32\DRIVERS\sparkocam.sys [37200 2016-09-01] (Sparkosoft)
S3 sparkocammic; C:\Windows\system32\drivers\sparkocammic.sys [34640 2018-01-10] (Sparkosoft)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider)
S3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-10-17] (Windows (R) Win 7 DDK provider)
S4 vysj; C:\Windows\System32\drivers\fljm.sys [79064 2018-03-31] (Malwarebytes)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2018-03-02] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [288296 2018-03-02] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-02] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36832 2017-03-22] (Wellbia.com Co., Ltd.)
S1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-04-01] (Zemana Ltd.)
S3 aswbdisk; no ImagePath
S0 PsBoot; system32\Drivers\PsBoot.sys [X]
S4 sxmgr; System32\drivers\nvhgkixc.sys [X]
S1 texuxkqt; \??\C:\WINDOWS\system32\drivers\texuxkqt.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-03 15:05 - 2018-04-03 15:05 - 000000000 ____D C:\Users\Kai\AppData\Local\aubroml
2018-04-03 15:01 - 2018-04-03 15:01 - 002403328 _____ (Farbar) C:\Users\Kai\Downloads\FRST64.exe
2018-04-03 14:50 - 2018-04-03 14:50 - 000000000 ____D C:\Users\Kai\AppData\Local\pcsxndu
2018-04-02 20:38 - 2018-04-02 20:38 - 000000000 ____D C:\Users\Kai\AppData\Local\pcbvxeg
2018-04-02 19:38 - 2018-04-02 19:38 - 000000000 ____D C:\Users\Kai\AppData\Local\conabxz
2018-04-02 19:30 - 2018-04-02 19:30 - 000000000 ____D C:\Users\Kai\AppData\Local\raaebdc
2018-04-02 19:25 - 2018-04-02 19:25 - 000000000 ____D C:\ProgramData\Emsisoft
2018-04-02 19:24 - 2018-04-02 19:27 - 000000000 ____D C:\EEK
2018-04-02 19:20 - 2018-04-02 19:23 - 323431136 _____ C:\Users\Kai\Desktop\EmsisoftEmergencyKit.exe
2018-04-02 19:14 - 2018-04-02 19:14 - 000074734 _____ C:\Users\Kai\Desktop\FRST.txt
2018-04-02 19:14 - 2018-04-02 19:14 - 000069971 _____ C:\Users\Kai\Desktop\Addition.txt
2018-04-02 19:14 - 2018-04-02 19:14 - 000000000 ____D C:\Users\Kai\AppData\Roaming\ProductData
2018-04-02 19:14 - 2018-04-02 19:14 - 000000000 ____D C:\Users\Kai\AppData\Local\wdnxvlo
2018-04-02 19:06 - 2018-04-02 19:06 - 000000000 ____D C:\Users\Kai\AppData\Local\exbulwp
2018-04-02 19:04 - 2018-04-02 19:04 - 000000000 ____D C:\Users\Kai\AppData\Local\exivsth
2018-04-02 18:57 - 2018-04-02 18:57 - 000000000 ____D C:\Users\Kai\AppData\Local\lsnvepb
2018-04-02 18:48 - 2018-04-02 18:48 - 002403328 _____ (Farbar) C:\Users\Kai\Desktop\FRST64.exe
2018-04-02 18:47 - 2018-04-02 18:51 - 195689920 _____ (Sophos Limited) C:\Users\Kai\Desktop\Sophos Virus Removal Tool.exe
2018-04-02 18:28 - 2018-04-02 18:28 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\725297C9.sys
2018-04-02 18:27 - 2018-04-02 18:37 - 000000000 ____D C:\Users\Kai\Desktop\mbar
2018-04-02 18:27 - 2018-04-02 18:37 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-02 18:27 - 2018-04-02 18:27 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Kai\Desktop\mbar-1.10.3.1001.exe
2018-04-02 18:07 - 2018-04-02 18:07 - 000000000 ____D C:\Users\Kai\AppData\Local\nvirulz
2018-04-02 17:47 - 2018-04-02 17:47 - 000000000 ____D C:\Users\Kai\AppData\Local\wdsicmx
2018-04-02 16:24 - 2018-04-02 16:24 - 000000000 ___HD C:\$Windows.~WS
2018-04-02 16:18 - 2018-04-02 16:18 - 000252600 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klupd_klif_klark.sys
2018-04-02 16:17 - 2018-04-02 16:17 - 000087584 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klupd_klif_kimul.sys
2018-04-02 16:12 - 2018-04-02 16:12 - 000231312 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klupd_klif_arkmon.sys
2018-04-02 16:12 - 2018-04-02 16:12 - 000174664 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klupd_klif_mark.sys
2018-04-02 16:12 - 2018-04-02 16:12 - 000107656 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klupd_klif_klbg.sys
2018-04-02 16:11 - 2018-04-03 15:09 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-04-02 16:11 - 2018-04-02 16:17 - 001055944 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2018-04-02 16:11 - 2018-04-02 16:11 - 000594144 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klhk.sys
2018-04-02 16:11 - 2018-04-02 16:11 - 000207576 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klflt.sys
2018-04-02 16:11 - 2018-04-02 16:11 - 000149304 _____ (AO Kaspersky Lab) C:\Windows\System32\klhkum.dll
2018-04-02 16:11 - 2018-04-02 16:11 - 000002122 _____ C:\Users\Public\Desktop\Kaspersky Free.lnk
2018-04-02 16:11 - 2018-04-02 16:11 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-04-02 16:11 - 2013-05-06 07:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\System32\klfphc.dll
2018-04-02 16:10 - 2018-04-02 16:10 - 000000000 ____D C:\Users\Kai\AppData\Local\psduoga
2018-04-02 16:08 - 2018-04-02 16:08 - 002438712 _____ (Kaspersky Lab) C:\Users\Kai\Downloads\kfa18.0.0.405abcden_es_fr_13382.exe
2018-04-02 16:00 - 2018-04-02 16:00 - 000000000 ____D C:\Users\Kai\AppData\Local\niegzlw
2018-04-02 15:51 - 2018-04-02 15:51 - 000002340 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-02 15:49 - 2018-04-02 15:49 - 000000000 ____D C:\Program Files (x86)\GUMCBFD.tmp
2018-04-02 15:03 - 2018-04-02 15:03 - 000000000 ____D C:\Users\Kai\AppData\Local\Simply Super Software
2018-04-02 15:02 - 2018-04-02 15:02 - 002928184 _____ (Kaspersky Lab) C:\Users\Kai\Downloads\ksk1.0.3.326en_13497.exe
2018-04-02 14:59 - 2018-04-02 14:59 - 000388608 _____ (Trend Micro Inc.) C:\Users\Kai\Desktop\HijackThis.exe
2018-04-02 14:42 - 2018-04-02 14:42 - 000000000 ____D C:\Users\Kai\AppData\Local\sneabkl
2018-04-02 14:37 - 2018-04-02 19:09 - 000000626 _____ C:\Users\Kai\Desktop\JRT.txt
2018-04-02 14:36 - 2018-04-02 14:36 - 000000000 ____D C:\Users\Kai\AppData\Local\sbczodh
2018-04-02 14:30 - 2018-04-02 14:30 - 000000000 ____D C:\Users\Kai\AppData\Local\scbidmz
2018-04-02 14:28 - 2018-04-02 14:28 - 018617536 _____ (Microsoft Corporation) C:\Users\Kai\Downloads\MediaCreationTool.exe
2018-04-02 14:26 - 2018-04-02 14:26 - 000000000 ____D C:\Users\Kai\AppData\Local\sidnmkg
2018-04-02 05:35 - 2018-04-02 05:35 - 000000000 ____D C:\Users\Kai\AppData\Local\scrbkun
2018-04-02 03:29 - 2017-07-25 12:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Kai\Desktop\rkill.exe
2018-04-01 19:03 - 2018-04-01 19:03 - 000000000 ____D C:\ProgramData\SystemAcCrux
2018-04-01 17:11 - 2018-04-02 19:14 - 000000000 ____D C:\FRST
2018-04-01 16:56 - 2018-04-01 16:56 - 000061304 _____ () C:\Windows\System32\Drivers\lpsport.sys
2018-04-01 14:16 - 2018-04-01 14:16 - 001129816 _____ (Google Inc.) C:\Users\Kai\Downloads\ChromeSetup.exe
2018-04-01 14:01 - 2018-04-03 15:09 - 000027515 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-04-01 14:01 - 2018-04-01 19:20 - 000085693 _____ C:\Windows\ZAM.krnl.trace
2018-04-01 14:01 - 2018-04-01 14:01 - 000203680 _____ (Zemana Ltd.) C:\Windows\System32\Drivers\zamguard64.sys
2018-04-01 14:01 - 2018-04-01 14:01 - 000000000 ____D C:\Users\Kai\AppData\Local\Zemana
2018-04-01 13:44 - 2018-04-02 14:34 - 000000422 _____ C:\Windows\System32\.crusader
2018-04-01 13:40 - 2018-04-02 19:38 - 000055232 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2018-04-01 13:39 - 2018-04-01 13:44 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-01 13:39 - 2018-04-01 13:39 - 011605440 _____ (SurfRight B.V.) C:\Users\Kai\Desktop\HitmanPro_x64.exe
2018-04-01 12:37 - 2018-04-02 19:12 - 000000000 ____D C:\AdwCleaner
2018-04-01 12:37 - 2018-04-01 12:37 - 001790024 _____ (Malwarebytes) C:\Users\Kai\Desktop\JRT.exe
2018-04-01 12:36 - 2018-04-01 12:37 - 008222496 _____ (Malwarebytes) C:\Users\Kai\Desktop\AdwCleaner.exe
2018-04-01 04:07 - 2018-04-01 04:07 - 000004274 _____ C:\Windows\System32\Tasks\TR_Updater
2018-04-01 04:07 - 2018-04-01 04:07 - 000004054 _____ C:\Windows\System32\Tasks\TR_FastScan_Daily_Kai
2018-04-01 04:07 - 2018-04-01 04:07 - 000003880 _____ C:\Windows\System32\Tasks\TR_FastScan_AtLogon
2018-04-01 04:07 - 2018-04-01 04:07 - 000000000 ____D C:\Users\Kai\Documents\Simply Super Software
2018-04-01 04:07 - 2018-04-01 04:07 - 000000000 ____D C:\ProgramData\Simply Super Software
2018-04-01 04:07 - 2018-04-01 04:07 - 000000000 ____D C:\Program Files (x86)\Trojan Remover
2018-03-31 20:53 - 2018-04-02 18:58 - 000002101 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-31 20:53 - 2018-03-19 11:57 - 000076192 _____ C:\Windows\System32\Drivers\mbae64.sys
2018-03-31 18:26 - 2018-04-03 14:44 - 000000000 ____D C:\Program Files\Common Files\AV
2018-03-31 18:19 - 2018-04-02 16:10 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-03-31 18:12 - 2018-04-02 19:03 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-31 18:12 - 2018-04-02 03:30 - 000000000 ____D C:\Windows\pss
2018-03-31 17:51 - 2018-04-01 12:06 - 000000000 ____D C:\Windows\Minidump
2018-03-31 17:42 - 2018-04-02 19:05 - 000102112 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2018-03-31 17:42 - 2018-03-31 17:42 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-31 17:31 - 2018-03-31 17:31 - 000079064 _____ (Malwarebytes) C:\Windows\System32\Drivers\fljm.sys
2018-03-31 17:13 - 2018-03-31 17:13 - 000079064 _____ (Malwarebytes) C:\Windows\System32\Drivers\mefrkund.sys
2018-03-31 17:00 - 2018-04-03 16:13 - 000000000 ____D C:\Users\Kai\AppData\Local\wmcagent
2018-03-31 17:00 - 2018-04-01 05:30 - 000000000 ____D C:\Users\Kai\AppData\Local\wmmvtpn
2018-03-31 16:57 - 2018-04-03 16:13 - 000000000 ____D C:\Users\Kai\AppData\Local\tihawem
2018-03-31 16:56 - 2018-04-03 15:08 - 002888704 _____ C:\Windows\System32\dsoclegsvc.exe
2018-03-31 16:56 - 2018-03-31 16:56 - 000000000 ____D C:\Windows\SysWOW64\widmkhl
2018-03-31 16:56 - 2018-03-31 16:56 - 000000000 ____D C:\Windows\System32\widmkhl
2018-03-31 16:55 - 2018-03-31 16:55 - 000003758 _____ C:\Windows\System32\Tasks\{5C03E5CF-1BA7-9901-9FA4-7E0E72E817E9}
2018-03-31 16:55 - 2018-03-31 16:55 - 000003544 _____ C:\Windows\System32\Tasks\{B3FDCEDF-0075-C5AB-3BDA-5A116786AAE3}
2018-03-31 16:55 - 2018-03-31 16:55 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-03-31 16:55 - 2018-03-31 16:55 - 000000000 ____D C:\Users\Kai\AppData\Roaming\et
2018-03-31 16:12 - 2017-12-22 09:53 - 108846128 _____ (CANON INC.) C:\Users\Kai\Desktop\euw3.8.20-installer.exe
2018-03-31 16:01 - 2018-03-31 16:01 - 000000000 ____D C:\Users\Kai\AppData\Roaming\Canon_Inc_IC
2018-03-31 00:52 - 2018-03-31 00:52 - 000052429 _____ C:\Windows\uninstaller.dat
2018-03-31 00:52 - 2018-03-31 00:52 - 000014040 _____ C:\Windows\System32\Drivers\6a6cff5e551f4623b5a589ceaf395356.sys
2018-03-29 21:46 - 2018-03-29 22:30 - 418386912 _____ C:\Users\Kai\Desktop\Brothers First BlowJob - Mandy Flores [720p].wmv
2018-03-29 19:21 - 2018-03-31 14:18 - 000000000 ____D C:\PSO2 Tweaker
2018-03-29 19:21 - 2018-03-29 20:12 - 000000000 ____D C:\Users\Kai\AppData\Roaming\PSO2 Tweaker
2018-03-29 19:21 - 2018-03-29 19:21 - 000000000 ____D C:\Users\Kai\Documents\SEGA
2018-03-29 19:21 - 2018-03-29 19:21 - 000000000 ____D C:\PHANTASYSTARONLINE2
2018-03-25 13:57 - 2018-03-29 20:07 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-03-23 14:28 - 2018-03-23 14:28 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-03-23 14:28 - 2018-03-15 14:42 - 000137664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-03-23 14:28 - 2017-12-08 14:25 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-03-23 14:28 - 2017-12-08 14:25 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-03-23 14:28 - 2017-12-08 14:24 - 000928568 _____ C:\Windows\System32\vulkan-1.dll
2018-03-23 14:28 - 2017-12-08 14:24 - 000591672 _____ C:\Windows\System32\vulkaninfo.exe
2018-03-23 14:27 - 2018-03-23 14:27 - 000000000 ____D C:\Windows\LastGood.Tmp
2018-03-23 14:26 - 2018-03-16 10:12 - 000997280 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2018-03-23 14:26 - 2018-03-16 10:12 - 000949176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-03-23 14:26 - 2018-03-16 10:12 - 000625592 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2018-03-23 14:26 - 2018-03-16 10:12 - 000515672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-03-23 14:26 - 2018-03-16 10:11 - 040278616 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2018-03-23 14:26 - 2018-03-16 10:11 - 035189336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-03-23 14:26 - 2018-03-16 10:11 - 004318464 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2018-03-23 14:26 - 2018-03-16 10:11 - 003719200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-03-23 14:26 - 2018-03-16 10:11 - 001985280 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6439124.dll
2018-03-23 14:26 - 2018-03-16 10:11 - 001684000 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6439124.dll
2018-03-23 14:26 - 2018-03-16 10:11 - 001138432 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2018-03-23 14:26 - 2018-03-16 10:11 - 001066072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-03-23 14:26 - 2018-03-16 10:11 - 000748960 _____ (NVIDIA Corporation) C:\Windows\System32\nvDecMFTMjpeg.dll
2018-03-23 14:26 - 2018-03-16 10:11 - 000608344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2018-03-23 14:26 - 2018-03-16 10:01 - 019854816 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2018-03-23 14:26 - 2018-03-16 10:01 - 013571008 _____ (NVIDIA Corporation) C:\Windows\System32\nvptxJitCompiler.dll
2018-03-23 14:26 - 2018-03-16 10:01 - 011131872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-03-23 14:26 - 2018-03-16 10:01 - 001355408 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncMFThevc.dll
2018-03-23 14:26 - 2018-03-16 10:01 - 001346128 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncMFTH264.dll
2018-03-23 14:26 - 2018-03-16 10:01 - 001153568 _____ (NVIDIA Corporation) C:\Windows\System32\nvfatbinaryLoader.dll
2018-03-23 14:26 - 2018-03-16 10:01 - 001067368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2018-03-23 14:26 - 2018-03-16 10:01 - 000811992 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2018-03-23 14:26 - 2018-03-16 10:01 - 000650232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-03-23 14:26 - 2018-03-16 10:01 - 000633224 _____ (NVIDIA Corporation) C:\Windows\System32\nvmcumd.dll
2018-03-23 14:26 - 2018-03-16 10:00 - 012966216 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2018-03-23 14:26 - 2018-03-16 10:00 - 001061168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2018-03-23 14:20 - 2018-03-23 14:20 - 000004088 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-19 16:18 - 2018-03-26 19:23 - 000000000 ____D C:\Users\Kai\vmlogs
2018-03-19 16:18 - 2018-03-26 19:23 - 000000000 ____D C:\Users\Kai\.android
2018-03-13 21:36 - 2018-03-13 21:36 - 000004556 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-13 20:52 - 2018-03-01 19:36 - 017085440 _____ (Microsoft Corporation) C:\Windows\System32\HologramCompositor.dll
2018-03-13 20:52 - 2018-03-01 19:02 - 000037888 _____ C:\Windows\System32\SpectrumSyncClient.dll
2018-03-13 20:52 - 2018-03-01 19:01 - 000640000 _____ (Microsoft Corporation) C:\Windows\System32\HeadTrackerStorage.dll
2018-03-13 20:52 - 2018-03-01 19:00 - 000329728 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.Feedback.Analog.dll
2018-03-13 20:52 - 2018-03-01 19:00 - 000248320 _____ (Microsoft Corporation) C:\Windows\System32\svf.dll
2018-03-13 20:52 - 2018-03-01 19:00 - 000230912 _____ (Microsoft Corporation) C:\Windows\System32\HoloShellRuntime.dll
2018-03-13 20:52 - 2018-03-01 18:59 - 000956416 _____ (Microsoft Corporation) C:\Windows\System32\Spectrum.exe
2018-03-13 20:52 - 2018-03-01 12:28 - 000181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HoloShellRuntime.dll
2018-03-13 20:52 - 2018-02-28 23:50 - 000270744 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2018-03-13 20:52 - 2018-02-28 23:49 - 000389536 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2018-03-13 20:52 - 2018-02-28 23:48 - 000664472 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2018-03-13 20:52 - 2018-02-28 23:47 - 000749464 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2018-03-13 20:52 - 2018-02-28 23:47 - 000035224 _____ (Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
2018-03-13 20:52 - 2018-02-28 23:46 - 002003352 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2018-03-13 20:52 - 2018-02-28 23:46 - 001568664 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2018-03-13 20:52 - 2018-02-28 23:46 - 000609176 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2018-03-13 20:52 - 2018-02-28 23:46 - 000138144 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2018-03-13 20:52 - 2018-02-28 23:45 - 000070040 _____ (Microsoft Corporation) C:\Windows\System32\win32appinventorycsp.dll
2018-03-13 20:52 - 2018-02-28 23:40 - 002514936 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2018-03-13 20:52 - 2018-02-28 23:40 - 000461720 _____ (Microsoft Corporation) C:\Windows\System32\dcntel.dll
2018-03-13 20:52 - 2018-02-28 23:40 - 000273304 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2018-03-13 20:52 - 2018-02-28 23:37 - 007831760 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2018-03-13 20:52 - 2018-02-28 23:31 - 008602520 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2018-03-13 20:52 - 2018-02-28 23:30 - 000540064 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2018-03-13 20:52 - 2018-02-28 23:30 - 000264040 _____ (Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
2018-03-13 20:52 - 2018-02-28 23:29 - 000733592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2018-03-13 20:52 - 2018-02-28 23:27 - 001173576 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2018-03-13 20:52 - 2018-02-28 23:26 - 000170912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2018-03-13 20:52 - 2018-02-28 23:25 - 000377752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2018-03-13 20:52 - 2018-02-28 23:23 - 000749976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms2.sys
2018-03-13 20:52 - 2018-02-28 23:19 - 000710768 _____ (Microsoft Corporation) C:\Windows\System32\MSVideoDSP.dll
2018-03-13 20:52 - 2018-02-28 23:17 - 002710736 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2018-03-13 20:52 - 2018-02-28 23:17 - 000519152 _____ (Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
2018-03-13 20:52 - 2018-02-28 23:17 - 000408984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2018-03-13 20:52 - 2018-02-28 23:15 - 002574232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2018-03-13 20:52 - 2018-02-28 23:14 - 007675784 _____ (Microsoft Corporation) C:\Windows\System32\windows.storage.dll
2018-03-13 20:52 - 2018-02-28 23:14 - 007384576 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Protection.PlayReady.dll
2018-03-13 20:52 - 2018-02-28 23:14 - 005105664 _____ (Microsoft Corporation) C:\Windows\System32\AuthFWSnapin.dll
2018-03-13 20:52 - 2018-02-28 23:14 - 001694224 _____ (Microsoft Corporation) C:\Windows\System32\winmde.dll
2018-03-13 20:52 - 2018-02-28 23:14 - 000356952 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2018-03-13 20:52 - 2018-02-28 23:14 - 000147872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wcifs.sys
2018-03-13 20:52 - 2018-02-28 23:14 - 000128928 _____ (Microsoft Corporation) C:\Windows\System32\offlinelsa.dll
2018-03-13 20:52 - 2018-02-28 23:12 - 000677272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2018-03-13 20:52 - 2018-02-28 23:12 - 000250264 _____ (Microsoft Corporation) C:\Windows\System32\offlinesam.dll
2018-03-13 20:52 - 2018-02-28 23:12 - 000189344 _____ (Microsoft Corporation) C:\Windows\System32\SecurityHealthAgent.dll
2018-03-13 20:52 - 2018-02-28 23:11 - 000093600 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2018-03-13 20:52 - 2018-02-28 23:10 - 001779936 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2018-03-13 20:52 - 2018-02-28 23:10 - 000075168 _____ (Microsoft Corporation) C:\Windows\System32\SecurityHealthProxyStub.dll
2018-03-13 20:52 - 2018-02-28 23:10 - 000022936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys
2018-03-13 20:52 - 2018-02-28 23:09 - 001054272 _____ (Microsoft Corporation) C:\Windows\System32\msvproc.dll
2018-03-13 20:52 - 2018-02-28 22:51 - 000777904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-03-13 20:52 - 2018-02-28 22:48 - 001930736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-03-13 20:52 - 2018-02-28 22:39 - 000213400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2018-03-13 20:52 - 2018-02-28 22:30 - 005615968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-03-13 20:52 - 2018-02-28 22:29 - 006092152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-03-13 20:52 - 2018-02-28 22:29 - 000574960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2018-03-13 20:52 - 2018-02-28 22:28 - 006480616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 20:52 - 2018-02-28 22:28 - 002193168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-03-13 20:52 - 2018-02-28 22:28 - 000115096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinelsa.dll
2018-03-13 20:52 - 2018-02-28 22:27 - 000284112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-03-13 20:52 - 2018-02-28 22:27 - 000221592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2018-03-13 20:52 - 2018-02-28 22:26 - 001524776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2018-03-13 20:52 - 2018-02-28 22:26 - 001057816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2018-03-13 20:52 - 2018-02-28 22:23 - 005105664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll
2018-03-13 20:52 - 2018-02-28 22:21 - 001558856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2018-03-13 20:52 - 2018-02-28 22:09 - 025251840 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2018-03-13 20:52 - 2018-02-28 22:03 - 002902528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-03-13 20:52 - 2018-02-28 22:03 - 000471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2018-03-13 20:52 - 2018-02-28 22:03 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-03-13 20:52 - 2018-02-28 22:03 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2018-03-13 20:52 - 2018-02-28 22:03 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2018-03-13 20:52 - 2018-02-28 22:01 - 019354624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-03-13 20:52 - 2018-02-28 22:01 - 006575616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 20:52 - 2018-02-28 22:01 - 000155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-03-13 20:52 - 2018-02-28 22:01 - 000019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-03-13 20:52 - 2018-02-28 22:00 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-03-13 20:52 - 2018-02-28 21:59 - 000220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 20:52 - 2018-02-28 21:58 - 004839424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-03-13 20:52 - 2018-02-28 21:58 - 000459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-03-13 20:52 - 2018-02-28 21:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Payments.dll
2018-03-13 20:52 - 2018-02-28 21:58 - 000368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-03-13 20:52 - 2018-02-28 21:57 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-03-13 20:52 - 2018-02-28 21:56 - 018922496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-03-13 20:52 - 2018-02-28 21:56 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-03-13 20:52 - 2018-02-28 21:55 - 000346112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-03-13 20:52 - 2018-02-28 21:54 - 003664384 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2018-03-13 20:52 - 2018-02-28 21:54 - 003181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-03-13 20:52 - 2018-02-28 21:54 - 001296896 _____ (Microsoft Corporation) C:\Windows\System32\usocore.dll
2018-03-13 20:52 - 2018-02-28 21:54 - 000665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-03-13 20:52 - 2018-02-28 21:54 - 000496128 _____ (Microsoft Corporation) C:\Windows\System32\updatehandlers.dll
2018-03-13 20:52 - 2018-02-28 21:54 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-03-13 20:52 - 2018-02-28 21:53 - 000863232 _____ (Microsoft Corporation) C:\Windows\System32\MusUpdateHandlers.dll
2018-03-13 20:52 - 2018-02-28 21:53 - 000536576 _____ (Microsoft Corporation) C:\Windows\System32\edgeIso.dll
2018-03-13 20:52 - 2018-02-28 21:53 - 000399872 _____ (Microsoft Corporation) C:\Windows\System32\MusNotification.exe
2018-03-13 20:52 - 2018-02-28 21:53 - 000246272 _____ (Microsoft Corporation) C:\Windows\System32\MusNotificationUx.exe
2018-03-13 20:52 - 2018-02-28 21:53 - 000206848 _____ (Microsoft Corporation) C:\Windows\System32\IndexedDbLegacy.dll
2018-03-13 20:52 - 2018-02-28 21:53 - 000107520 _____ (Microsoft Corporation) C:\Windows\System32\musdialoghandlers.dll
2018-03-13 20:52 - 2018-02-28 21:53 - 000097792 _____ (Microsoft Corporation) C:\Windows\System32\updatecsp.dll
2018-03-13 20:52 - 2018-02-28 21:53 - 000092160 _____ (Microsoft Corporation) C:\Windows\System32\usoapi.dll
2018-03-13 20:52 - 2018-02-28 21:53 - 000056320 _____ (Microsoft Corporation) C:\Windows\System32\AcSpecfc.dll
2018-03-13 20:52 - 2018-02-28 21:53 - 000039424 _____ (Microsoft Corporation) C:\Windows\System32\UsoClient.exe
2018-03-13 20:52 - 2018-02-28 21:52 - 011923968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-03-13 20:52 - 2018-02-28 21:52 - 006030336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-03-13 20:52 - 2018-02-28 21:51 - 002329088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2018-03-13 20:52 - 2018-02-28 21:51 - 000201728 _____ (Microsoft Corporation) C:\Windows\System32\EdgeManager.dll
2018-03-13 20:52 - 2018-02-28 21:51 - 000034816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BasicRender.sys
2018-03-13 20:52 - 2018-02-28 21:51 - 000023552 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2018-03-13 20:52 - 2018-02-28 21:50 - 003677184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-03-13 20:52 - 2018-02-28 21:50 - 002869760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-03-13 20:52 - 2018-02-28 21:50 - 000526336 _____ (Microsoft Corporation) C:\Windows\System32\daxexec.dll
2018-03-13 20:52 - 2018-02-28 21:50 - 000118272 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2018-03-13 20:52 - 2018-02-28 21:50 - 000075264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wcnfs.sys
2018-03-13 20:52 - 2018-02-28 21:49 - 000675328 _____ (Microsoft Corporation) C:\Windows\System32\webplatstorageserver.dll
2018-03-13 20:52 - 2018-02-28 21:49 - 000529408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2018-03-13 20:52 - 2018-02-28 21:49 - 000301056 _____ (Microsoft Corporation) C:\Windows\System32\MicrosoftAccountWAMExtension.dll
2018-03-13 20:52 - 2018-02-28 21:49 - 000066048 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2018-03-13 20:52 - 2018-02-28 21:48 - 000543232 _____ (Microsoft Corporation) C:\Windows\System32\HolographicExtensions.dll
2018-03-13 20:52 - 2018-02-28 21:48 - 000431616 _____ (Microsoft Corporation) C:\Windows\System32\msIso.dll
2018-03-13 20:52 - 2018-02-28 21:47 - 023674368 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2018-03-13 20:52 - 2018-02-28 21:47 - 000579584 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Payments.dll
2018-03-13 20:52 - 2018-02-28 21:47 - 000484352 _____ (Microsoft Corporation) C:\Windows\System32\cdpusersvc.dll
2018-03-13 20:52 - 2018-02-28 21:46 - 004051968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-03-13 20:52 - 2018-02-28 21:46 - 000770048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdiWiFi.sys
2018-03-13 20:52 - 2018-02-28 21:46 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2018-03-13 20:52 - 2018-02-28 21:45 - 000708096 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2018-03-13 20:52 - 2018-02-28 21:45 - 000594944 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2018-03-13 20:52 - 2018-02-28 21:45 - 000386560 _____ (Microsoft Corporation) C:\Windows\System32\zipfldr.dll
2018-03-13 20:52 - 2018-02-28 21:44 - 008030720 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll
2018-03-13 20:52 - 2018-02-28 21:44 - 005195776 _____ (Microsoft Corporation) C:\Windows\System32\cdp.dll
2018-03-13 20:52 - 2018-02-28 21:43 - 012830208 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2018-03-13 20:52 - 2018-02-28 21:42 - 003505664 _____ (Microsoft Corporation) C:\Windows\System32\MSVidCtl.dll
2018-03-13 20:52 - 2018-02-28 21:42 - 002084352 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2018-03-13 20:52 - 2018-02-28 21:41 - 008103936 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2018-03-13 20:52 - 2018-02-28 21:41 - 004745728 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2018-03-13 20:52 - 2018-02-28 21:41 - 003334144 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2018-03-13 20:52 - 2018-02-28 21:41 - 001548288 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2018-03-13 20:52 - 2018-02-28 21:41 - 000812032 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2018-03-13 20:52 - 2018-02-28 21:40 - 005833216 _____ (Microsoft Corporation) C:\Windows\System32\dbgeng.dll
2018-03-13 20:52 - 2018-02-28 21:39 - 002222592 _____ (Microsoft Corporation) C:\Windows\System32\wlidsvc.dll
2018-03-13 20:52 - 2018-02-28 21:39 - 002035712 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2018-03-13 20:52 - 2018-02-28 21:39 - 000899584 _____ (Microsoft Corporation) C:\Windows\System32\samsrv.dll
2018-03-13 20:52 - 2018-02-28 21:39 - 000666624 _____ (Microsoft Corporation) C:\Windows\System32\DbgModel.dll
2018-03-13 20:52 - 2018-02-28 21:38 - 000963072 _____ (Microsoft Corporation) C:\Windows\System32\StorSvc.dll
2018-03-13 20:52 - 2018-02-28 21:38 - 000726016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2018-03-13 20:52 - 2018-02-28 21:36 - 004050432 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2018-03-13 20:52 - 2018-02-28 21:36 - 000030208 _____ (Microsoft Corporation) C:\Windows\System32\msisip.dll
2018-03-13 20:52 - 2018-02-28 21:35 - 000568320 _____ (Microsoft Corporation) C:\Windows\System32\msra.exe
2018-03-13 20:52 - 2018-02-28 21:35 - 000128000 _____ (Microsoft Corporation) C:\Windows\System32\racpldlg.dll
2018-03-13 20:52 - 2018-02-28 21:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\pcalua.exe
2018-03-13 20:52 - 2018-02-21 18:23 - 001092016 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2018-03-13 20:52 - 2018-02-21 18:23 - 000924648 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2018-03-13 20:52 - 2018-02-21 18:13 - 000279456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2018-03-13 20:52 - 2018-02-21 18:13 - 000077216 _____ (Microsoft Corporation) C:\Windows\System32\hvloader.dll
2018-03-13 20:52 - 2018-02-21 18:11 - 000109984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbus.sys
2018-03-13 20:52 - 2018-02-21 18:10 - 000285080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2018-03-13 20:52 - 2018-02-21 18:08 - 001206688 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe
2018-03-13 20:52 - 2018-02-21 18:08 - 001055648 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe
2018-03-13 20:52 - 2018-02-21 18:08 - 000571288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2018-03-13 20:52 - 2018-02-21 18:07 - 001415296 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2018-03-13 20:52 - 2018-02-21 18:07 - 001209248 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2018-03-13 20:52 - 2018-02-21 18:07 - 000194456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2018-03-13 20:52 - 2018-02-21 18:03 - 000712600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2018-03-13 20:52 - 2018-02-21 18:03 - 000082848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2018-03-13 20:52 - 2018-02-21 18:02 - 000149400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storahci.sys
2018-03-13 20:52 - 2018-02-21 18:00 - 000187296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys
2018-03-13 20:52 - 2018-02-21 17:59 - 021351624 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2018-03-13 20:52 - 2018-02-21 17:54 - 000437144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2018-03-13 20:52 - 2018-02-21 17:52 - 000103328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\stornvme.sys
2018-03-13 20:52 - 2018-02-21 17:51 - 000555424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2018-03-13 20:52 - 2018-02-21 17:51 - 000097176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdstor.sys
2018-03-13 20:52 - 2018-02-21 17:51 - 000045472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storufs.sys
2018-03-13 20:52 - 2018-02-21 17:50 - 000362904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2018-03-13 20:52 - 2018-02-21 17:50 - 000229272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
2018-03-13 20:52 - 2018-02-21 16:41 - 020286120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-03-13 20:52 - 2018-02-21 16:31 - 000057344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UcmUcsi.sys
2018-03-13 20:52 - 2018-02-21 16:30 - 000192512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netvsc.sys
2018-03-13 20:52 - 2018-02-21 16:30 - 000046080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2018-03-13 20:52 - 2018-02-21 16:30 - 000043008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RfxVmt.sys
2018-03-13 20:52 - 2018-02-21 16:27 - 001282048 _____ (Microsoft Corporation) C:\Windows\System32\MSVPXENC.dll
2018-03-13 20:52 - 2018-02-21 16:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\System32\cldapi.dll
2018-03-13 20:52 - 2018-02-21 16:16 - 001286144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2018-03-13 20:52 - 2018-02-21 16:12 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2018-03-13 19:44 - 2018-03-13 19:46 - 110092367 _____ C:\Users\Kai\Downloads\SpankBang_carolina+sweets+stepfatherdaughterperversions7_480p.mp4
2018-03-13 00:04 - 2018-02-25 19:44 - 001985384 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6439101.dll
2018-03-13 00:04 - 2018-02-25 19:44 - 001684000 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6439101.dll
2018-03-05 23:42 - 2018-03-05 23:42 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-03-05 23:39 - 2018-04-01 19:37 - 000000000 ____D C:\ProgramData\AVAST Software
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-03 15:09 - 2017-12-03 05:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-03 15:09 - 2017-09-29 00:45 - 022544384 _____ C:\Windows\System32\config\HARDWARE
2018-04-03 15:09 - 2017-09-29 00:45 - 000524288 _____ C:\Windows\System32\config\BBI
2018-04-03 15:09 - 2016-09-21 15:01 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-03 15:08 - 2017-10-18 05:54 - 000004553 _____ C:\Users\Kai\AppData\Roaming\VoiceMeeterDefault.xml
2018-04-03 14:55 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-04-03 14:51 - 2017-12-03 05:19 - 002022780 _____ C:\Windows\System32\PerfStringBackup.INI
2018-04-03 14:35 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\NDF
2018-04-03 14:30 - 2017-12-03 05:15 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-04-03 14:30 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\AppReadiness
2018-04-03 05:52 - 2017-12-03 05:09 - 000000000 ____D C:\Windows\System32\SleepStudy
2018-04-02 18:28 - 2015-11-04 21:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-02 18:15 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-02 17:21 - 2015-10-03 22:08 - 000000000 __RHD C:\ESD
2018-04-02 17:19 - 2017-12-02 10:19 - 000000000 ___DC C:\Windows\Panther
2018-04-02 16:47 - 2015-11-04 21:31 - 000000000 ____D C:\Users\Kai\AppData\Local\Google
2018-04-02 16:16 - 2016-12-20 16:51 - 000093888 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klwfp.sys
2018-04-02 16:16 - 2016-10-12 11:29 - 000057032 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klim6.sys
2018-04-02 16:13 - 2017-12-25 07:31 - 000120008 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klbackupflt.sys
2018-04-02 16:12 - 2017-09-29 05:44 - 000000000 ____D C:\Windows\INF
2018-04-02 16:11 - 2017-09-29 05:46 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-04-02 15:51 - 2016-03-12 22:49 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-02 15:00 - 2015-10-17 09:22 - 000000000 ____D C:\ProgramData\TEMP
2018-04-02 14:45 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-04-02 14:45 - 2017-05-07 15:19 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-02 14:45 - 2015-12-22 16:09 - 000000000 ____D C:\Users\Kai\AppData\Local\CrashDumps
2018-04-02 14:30 - 2016-01-18 20:30 - 000000000 ____D C:\Users\Kai\AppData\Local\ElevatedDiagnostics
2018-04-01 20:48 - 2015-10-04 10:56 - 000000000 ____D C:\Users\Kai\AppData\Roaming\vlc
2018-04-01 19:19 - 2017-12-03 05:11 - 000000000 ____D C:\users\Kai
2018-04-01 13:44 - 2016-03-02 17:20 - 000000000 ____D C:\ProgramData\Baidu
2018-04-01 12:41 - 2016-08-25 16:27 - 000000000 ____D C:\Users\Kai\AppData\Roaming\IObit
2018-04-01 04:41 - 2015-10-29 22:28 - 000000000 ____D C:\users\Default.migrated
2018-04-01 04:33 - 2015-10-13 20:05 - 000000000 ____D C:\Program Files (x86)\Panda Security
2018-04-01 04:11 - 2017-09-29 00:45 - 000032768 _____ C:\Windows\System32\config\ELAM
2018-04-01 01:39 - 2017-01-28 01:27 - 000000000 ____D C:\Users\Kai\AppData\Roaming\PlaysTV
2018-03-31 20:28 - 2017-01-25 19:44 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-03-31 20:09 - 2016-03-21 19:00 - 000000000 ____D C:\Users\Kai\AppData\Roaming\discord
2018-03-31 19:12 - 2017-04-27 00:30 - 000000000 ____D C:\Users\Kai\Documents\Wooxy
2018-03-31 17:42 - 2015-11-04 21:53 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-03-31 17:34 - 2016-09-21 15:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-31 17:31 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\TextInput
2018-03-31 17:12 - 2015-10-04 20:59 - 000000000 ____D C:\Users\Kai\AppData\Roaming\qBittorrent
2018-03-31 17:06 - 2017-09-02 03:18 - 000000000 ____D C:\Temp
2018-03-31 16:55 - 2015-10-11 10:02 - 000000000 ____D C:\ProgramData\Intel
2018-03-31 16:36 - 2016-11-10 17:10 - 000000000 ____D C:\Users\Kai\AppData\Roaming\obs-studio
2018-03-31 16:17 - 2018-01-21 18:53 - 000000000 ____D C:\Users\Kai\AppData\Local\Canon_INC
2018-03-31 16:13 - 2018-01-21 14:04 - 000000000 ____D C:\Program Files (x86)\Canon
2018-03-26 20:50 - 2017-07-30 16:31 - 000000000 ____D C:\Users\Kai\AppData\Local\Nox
2018-03-25 13:14 - 2016-04-23 21:34 - 000000000 ____D C:\Users\Kai\AppData\Roaming\NexonLauncher
2018-03-23 23:44 - 2015-10-11 09:10 - 000000000 ____D C:\Users\Kai\AppData\Local\NVIDIA
2018-03-23 14:28 - 2016-09-21 15:00 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-03-23 14:20 - 2017-12-03 05:15 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 14:20 - 2017-12-03 05:15 - 000004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 14:20 - 2017-12-03 05:15 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 14:20 - 2017-12-03 05:15 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 14:20 - 2017-12-03 05:15 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 14:20 - 2017-12-03 05:15 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 14:20 - 2017-12-03 05:15 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 14:20 - 2016-09-21 15:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-03-22 00:48 - 2015-10-12 16:42 - 000007603 _____ C:\Users\Kai\AppData\Local\Resmon.ResmonCfg
2018-03-21 20:30 - 2016-09-30 00:21 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2018-03-21 20:30 - 2016-09-30 00:20 - 000000000 ____D C:\Program Files\Rockstar Games
2018-03-20 08:54 - 2016-09-21 18:48 - 000000000 ___RD C:\Users\Kai\OneDrive
2018-03-18 00:59 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\rescache
2018-03-16 10:01 - 2017-11-30 09:44 - 016496072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-03-16 10:01 - 2017-11-30 09:44 - 000902096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-03-16 10:00 - 2017-11-30 09:44 - 011000296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-03-16 10:00 - 2017-11-30 09:44 - 004629824 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2018-03-16 10:00 - 2017-11-30 09:44 - 003937000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-03-15 16:57 - 2017-11-30 09:44 - 000058816 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvhci.sys
2018-03-15 16:57 - 2017-11-30 09:44 - 000048407 _____ C:\Windows\System32\nvinfo.pb
2018-03-15 15:14 - 2017-09-02 03:30 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-03-15 14:40 - 2016-09-21 15:01 - 005952640 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2018-03-15 14:40 - 2016-09-21 15:01 - 002589576 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2018-03-15 14:40 - 2016-09-21 15:01 - 001767816 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2018-03-15 14:40 - 2016-09-21 15:01 - 000634256 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2018-03-15 14:40 - 2016-09-21 15:01 - 000451040 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2018-03-15 14:40 - 2016-09-21 15:01 - 000123840 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2018-03-15 14:40 - 2016-09-21 15:01 - 000083072 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2018-03-15 14:39 - 2016-09-21 15:01 - 008099202 _____ C:\Windows\System32\nvcoproc.bin
2018-03-14 15:43 - 2017-12-03 05:24 - 000000000 ___RD C:\Users\Kai\3D Objects
2018-03-14 15:43 - 2015-09-09 21:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-14 15:42 - 2017-12-03 05:09 - 000291368 _____ C:\Windows\System32\FNTCACHE.DAT
2018-03-14 06:36 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\appraiser
2018-03-14 06:36 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\ShellExperiences
2018-03-14 06:36 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-03-14 05:05 - 2017-09-02 03:30 - 002480064 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll
2018-03-14 05:05 - 2017-09-02 03:30 - 002137024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2018-03-14 05:05 - 2017-09-02 03:30 - 001310144 _____ (NVIDIA Corporation) C:\Windows\System32\NvRtmpStreamer64.dll
2018-03-14 04:44 - 2017-04-06 15:02 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-03-13 21:36 - 2017-12-03 05:15 - 000004386 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-03-13 21:36 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-13 21:36 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\Macromed
2018-03-13 20:57 - 2017-09-29 05:37 - 000000000 ____D C:\Windows\CbsTemp
2018-03-13 20:56 - 2015-10-04 15:20 - 000000000 ____D C:\Windows\System32\MRT
2018-03-13 20:55 - 2017-10-10 19:57 - 130364688 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-03-13 20:55 - 2015-10-04 15:20 - 130364688 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-03-13 20:53 - 2017-09-29 05:41 - 000140800 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2018-03-13 20:53 - 2017-09-29 05:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2018-03-04 22:18 - 2017-09-02 03:30 - 000189784 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll
2018-03-04 22:18 - 2017-09-02 03:30 - 000152408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Association (Whitelisted) =============

==================== Restore Points =========================
Restore point date: 2018-04-02 19:07
Restore point date: 2018-04-03 05:53
==================== Memory info ===========================
Percentage of memory in use: 6%
Total physical RAM: 16335.1 MB
Available physical RAM: 15310.09 MB
Total Virtual: 16335.1 MB
Available Virtual: 15353.77 MB
==================== Drives ================================
Drive c: (Main SSD) (Fixed) (Total:930.97 GB) (Free:311.43 GB) NTFS
Drive d: (Main HDD) (Fixed) (Total:931.39 GB) (Free:50.75 GB) NTFS
Drive e: (RECOVERY) (Removable) (Total:7.45 GB) (Free:7.06 GB) FAT32
Drive f: (USB) (Removable) (Total:7.25 GB) (Free:7.25 GB) FAT32
Drive h: () (Fixed) (Total:0.44 GB) (Free:0.04 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FCDAF39D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)
========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 7.5 GB) (Disk ID: 35B99682)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)
========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 7.3 GB) (Disk ID: F133DCD6)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)
LastRegBack: 2018-03-27 02:49
==================== End of FRST.txt ============================
 

Attachments

  • FRST.txt
    65.2 KB · Views: 1

Riccrocc789

New Member
Thread author
Apr 2, 2018
10
Here is the first file it generated when I scanned my pc

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Kai (administrator) on RICCYM (05-04-2018 17:29:35)
Running from C:\Users\Kai\Desktop
Loaded Profiles: Kai (Available Profiles: Kai)
Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\dxconfig.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Copyright (c) 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\runSW.exe
(Realtek) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
() C:\Windows\SysWOW64\dxconfig.exe
(Simply Super Software) C:\Program Files (x86)\Trojan Remover\Trjscan.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Users\Kai\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Fight Stick Alpha] => C:\Program Files\Mad Catz\Fight Stick Alpha\Fight_Stick_Alpha_Profiler.exe [671232 2016-03-04] (Mad Catz Inc)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16073336 2016-08-10] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16776192 2016-12-02] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11328464 2015-09-11] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [GammingApp] => C:\Program Files (x86)\MSI\MSI Gaming APP\SGamingApp.exe [1147048 2015-09-03] (Micro-Star Int'l Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-12-12] (Copyright (c) 2017 Plays.tv, LLC)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3198752 2018-03-26] (Valve Corporation)
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\Run: [Discord] => C:\Users\Kai\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\RunOnce: [Application Restart #5] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MSI)
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\RunOnce: [Application Restart #1] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MSI)
Startup: C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2018-01-21]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.)
Startup: C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2018-01-22]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2017-10-18]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software)
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{266b0da8-e220-4638-98fd-e30e65a943a1}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5ddc4a91-64b3-4cb7-937d-f49479f39612}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{a2ea7635-dca5-4f18-8d92-297de47ccbff}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a803ead8-e8f8-4d0d-94ab-c3408c3ab1e6}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{c3aaafcc-5e06-42d3-8d3f-bf2ec76b2c4c}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{c8468840-5b78-4d4f-b0cf-226e3decc18e}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{f5fbf41c-7243-408c-aafe-c96a5dfa2af0}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKU\S-1-5-21-1044547340-730167660-1221922556-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-1044547340-730167660-1221922556-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-06] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-06] (Oracle Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-04-02]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1044547340-730167660-1221922556-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kai\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default [2018-04-05]
CHR Extension: (Slides) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-02]
CHR Extension: (Docs) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-02]
CHR Extension: (Google Drive) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-02]
CHR Extension: (YouTube) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-02]
CHR Extension: (Sheets) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-02]
CHR Extension: (Google Docs Offline) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-02]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S4 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2016-05-27] () [File not signed]
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-03-08] ()
S4 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [34984 2015-09-03] (Micro-Star Int'l Co., Ltd.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe [426416 2018-04-02] (AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-28] (IObit)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-08-10] (Logitech Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 Microsoft DirectX Configuration Service; C:\Windows\SysWOW64\dxconfig.exe [64512 2016-02-16] () [File not signed]
S4 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1768912 2015-09-11] (Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-12-12] (Copyright (c) 2017 Plays.tv, LLC)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RealtekWlanU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S2 RTLDHCPService; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [261848 2013-11-12] (Realtek)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-02] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-02] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-02] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2016-04-23] (ASRock Incorporation)
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-30] (Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d64x64.sys [457496 2014-02-03] (Intel Corporation)
S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-10-17] (ELECOM)
S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-10-17] (ELECOM)
R1 epp; C:\EEK\bin64\epp.sys [142448 2018-03-27] (Emsisoft Ltd)
S3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2016-01-01] (Echobit, LLC)
S3 hcwE5bda; C:\WINDOWS\system32\drivers\hcwE5bda.sys [985096 2016-02-08] (Hauppauge Computer Work, Inc.)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
S3 Kinonih; C:\WINDOWS\System32\drivers\kinonih.sys [32256 2016-06-22] (Kinoni)
S3 KINONI_Wave; C:\WINDOWS\system32\drivers\kinonivad.sys [32360 2016-04-17] (Windows (R) Win 7 DDK provider)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-25] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [120008 2018-04-02] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207576 2018-04-02] (AO Kaspersky Lab)
R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [594144 2018-04-02] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1055944 2018-04-02] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-04-02] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-12-25] (AO Kaspersky Lab)
R3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [44768 2017-01-20] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [231312 2018-04-02] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2018-04-02] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [252600 2018-04-02] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [107656 2018-04-02] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [174664 2018-04-02] (AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93888 2018-04-02] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [135904 2017-12-25] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-12-25] (AO Kaspersky Lab)
R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-08-09] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-06-24] (Logitech Inc.)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-04-02] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R2 mi2c; C:\WINDOWS\system32\drivers\mi2c.sys [20784 2017-01-04] (Nicomsoft Ltd.)
S4 most; C:\WINDOWS\System32\drivers\mefrkund.sys [79064 2018-03-31] (Malwarebytes)
R1 MpKsl815f2580; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB163E4E-F414-4A5D-8F09-00B6A948C291}\MpKsl815f2580.sys [58120 2018-04-04] (Microsoft Corporation)
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [107488 2017-02-08] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211376 2016-07-05] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [121312 2017-02-08] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [125872 2016-07-05] (Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [80152 2016-07-06] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [116656 2016-07-05] (Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [91104 2017-02-08] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [135088 2016-07-05] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [335792 2016-07-05] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [197600 2017-02-08] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [123312 2016-07-05] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [278960 2016-07-05] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [125360 2016-07-05] (Panda Security, S.L.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation)
S3 NVVADARM; C:\WINDOWS\system32\drivers\nvvadarm.sys [39056 2014-11-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-15] (NVIDIA Corporation)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [177424 2017-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [129296 2017-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [205584 2017-02-20] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [131344 2017-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [144656 2017-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [114960 2017-02-12] (Panda Security, S.L.)
S3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [8213328 2018-01-31] (Realtek Semiconductor Corporation )
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [47312 2015-09-03] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 SaiX8180; C:\WINDOWS\System32\drivers\SaiX8180.sys [65784 2016-03-08] (Saitek, Madcatz, Ltd.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 sparkocam; C:\WINDOWS\system32\DRIVERS\sparkocam.sys [37200 2016-09-01] (Sparkosoft)
R3 sparkocammic; C:\WINDOWS\system32\drivers\sparkocammic.sys [34640 2018-01-10] (Sparkosoft)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-10-17] (Windows (R) Win 7 DDK provider)
S4 vysj; C:\WINDOWS\System32\drivers\fljm.sys [79064 2018-03-31] (Malwarebytes)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-02] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-02] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-02] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36832 2017-03-22] (Wellbia.com Co., Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-04-01] (Zemana Ltd.)
U3 aswbdisk; no ImagePath
S0 PsBoot; system32\Drivers\PsBoot.sys [X]
S4 sxmgr; System32\drivers\nvhgkixc.sys [X]
S1 texuxkqt; \??\C:\WINDOWS\system32\drivers\texuxkqt.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-04 21:30 - 2018-04-04 21:30 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-04 21:30 - 2018-03-23 16:05 - 000138120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-04-04 21:30 - 2017-12-08 15:25 - 000798520 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-04-04 21:30 - 2017-12-08 15:25 - 000490808 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-04-04 21:30 - 2017-12-08 15:24 - 000928568 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-04-04 21:30 - 2017-12-08 15:24 - 000591672 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-04-04 21:29 - 2018-04-04 21:29 - 000000000 ____D C:\WINDOWS\LastGood
2018-04-04 21:28 - 2018-03-25 09:15 - 000998424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-04-04 21:28 - 2018-03-25 09:15 - 000950016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-04-04 21:28 - 2018-03-25 09:15 - 000625504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-04-04 21:28 - 2018-03-25 09:15 - 000516024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-04-04 21:28 - 2018-03-25 09:14 - 004318112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-04-04 21:28 - 2018-03-25 09:14 - 003719096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-04-04 21:28 - 2018-03-25 09:14 - 001985112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439135.dll
2018-04-04 21:28 - 2018-03-25 09:14 - 001683712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439135.dll
2018-04-04 21:28 - 2018-03-25 09:14 - 001138720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-04-04 21:28 - 2018-03-25 09:14 - 001065888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-04-04 21:28 - 2018-03-25 09:14 - 000749312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-04-04 21:28 - 2018-03-25 09:14 - 000608344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-04-04 21:28 - 2018-03-25 09:13 - 040278608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-04-04 21:28 - 2018-03-25 09:13 - 035188992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-04-04 21:28 - 2018-03-25 09:10 - 013571520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-04-04 21:28 - 2018-03-25 09:10 - 011132384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-04-04 21:28 - 2018-03-25 09:09 - 019855144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-04-04 21:28 - 2018-03-25 09:09 - 016496776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-04-04 21:28 - 2018-03-25 09:09 - 001355216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-04-04 21:28 - 2018-03-25 09:09 - 001346128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-04-04 21:28 - 2018-03-25 09:09 - 001153744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-04-04 21:28 - 2018-03-25 09:09 - 001067560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-04-04 21:28 - 2018-03-25 09:09 - 001061352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-04-04 21:28 - 2018-03-25 09:09 - 000902096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-04-04 21:28 - 2018-03-25 09:09 - 000811808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-04-04 21:28 - 2018-03-25 09:09 - 000650232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-04-04 21:28 - 2018-03-25 09:09 - 000633040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-04-04 21:28 - 2018-03-25 09:08 - 012967056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-04-04 21:28 - 2018-03-25 09:08 - 011001504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-04-04 21:28 - 2018-03-25 09:08 - 003939624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-04-03 16:05 - 2018-04-03 16:05 - 000000000 ____D C:\Users\Kai\AppData\Local\aubroml
2018-04-03 16:01 - 2018-04-03 16:01 - 002403328 _____ (Farbar) C:\Users\Kai\Downloads\FRST64.exe
2018-04-03 15:50 - 2018-04-03 15:50 - 000000000 ____D C:\Users\Kai\AppData\Local\pcsxndu
2018-04-02 21:38 - 2018-04-02 21:38 - 000000000 ____D C:\Users\Kai\AppData\Local\pcbvxeg
2018-04-02 20:38 - 2018-04-02 20:38 - 000000000 ____D C:\Users\Kai\AppData\Local\conabxz
2018-04-02 20:30 - 2018-04-02 20:30 - 000000000 ____D C:\Users\Kai\AppData\Local\raaebdc
2018-04-02 20:25 - 2018-04-02 20:25 - 000000000 ____D C:\ProgramData\Emsisoft
2018-04-02 20:24 - 2018-04-02 20:27 - 000000000 ____D C:\EEK
2018-04-02 20:20 - 2018-04-02 20:23 - 323431136 _____ C:\Users\Kai\Desktop\EmsisoftEmergencyKit.exe
2018-04-02 20:14 - 2018-04-05 17:29 - 000027349 _____ C:\Users\Kai\Desktop\FRST.txt
2018-04-02 20:14 - 2018-04-02 20:14 - 000069971 _____ C:\Users\Kai\Desktop\Addition.txt
2018-04-02 20:14 - 2018-04-02 20:14 - 000000000 ____D C:\Users\Kai\AppData\Roaming\ProductData
2018-04-02 20:14 - 2018-04-02 20:14 - 000000000 ____D C:\Users\Kai\AppData\Local\wdnxvlo
2018-04-02 20:06 - 2018-04-02 20:06 - 000000000 ____D C:\Users\Kai\AppData\Local\exbulwp
2018-04-02 20:04 - 2018-04-02 20:04 - 000000000 ____D C:\Users\Kai\AppData\Local\exivsth
2018-04-02 19:57 - 2018-04-02 19:57 - 000000000 ____D C:\Users\Kai\AppData\Local\lsnvepb
2018-04-02 19:48 - 2018-04-02 19:48 - 002403328 _____ (Farbar) C:\Users\Kai\Desktop\FRST64.exe
2018-04-02 19:47 - 2018-04-02 19:51 - 195689920 _____ (Sophos Limited) C:\Users\Kai\Desktop\Sophos Virus Removal Tool.exe
2018-04-02 19:28 - 2018-04-02 19:28 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\725297C9.sys
2018-04-02 19:27 - 2018-04-02 19:37 - 000000000 ____D C:\Users\Kai\Desktop\mbar
2018-04-02 19:27 - 2018-04-02 19:37 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-02 19:27 - 2018-04-02 19:27 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Kai\Desktop\mbar-1.10.3.1001.exe
2018-04-02 19:07 - 2018-04-02 19:07 - 000000000 ____D C:\Users\Kai\AppData\Local\nvirulz
2018-04-02 18:47 - 2018-04-02 18:47 - 000000000 ____D C:\Users\Kai\AppData\Local\wdsicmx
2018-04-02 17:24 - 2018-04-02 17:24 - 000000000 ___HD C:\$Windows.~WS
2018-04-02 17:18 - 2018-04-02 17:18 - 000252600 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2018-04-02 17:17 - 2018-04-02 17:17 - 000087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2018-04-02 17:12 - 2018-04-02 17:12 - 000231312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2018-04-02 17:12 - 2018-04-02 17:12 - 000174664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2018-04-02 17:12 - 2018-04-02 17:12 - 000107656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2018-04-02 17:11 - 2018-04-05 07:16 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-04-02 17:11 - 2018-04-02 17:17 - 001055944 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2018-04-02 17:11 - 2018-04-02 17:11 - 000594144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2018-04-02 17:11 - 2018-04-02 17:11 - 000207576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2018-04-02 17:11 - 2018-04-02 17:11 - 000149304 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2018-04-02 17:11 - 2018-04-02 17:11 - 000002122 _____ C:\Users\Public\Desktop\Kaspersky Free.lnk
2018-04-02 17:11 - 2018-04-02 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free
2018-04-02 17:11 - 2018-04-02 17:11 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-04-02 17:11 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2018-04-02 17:10 - 2018-04-02 17:10 - 000000000 ____D C:\Users\Kai\AppData\Local\psduoga
2018-04-02 17:08 - 2018-04-02 17:08 - 002438712 _____ (Kaspersky Lab) C:\Users\Kai\Downloads\kfa18.0.0.405abcden_es_fr_13382.exe
2018-04-02 17:00 - 2018-04-02 17:00 - 000000000 ____D C:\Users\Kai\AppData\Local\niegzlw
2018-04-02 16:51 - 2018-04-02 16:51 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-02 16:51 - 2018-04-02 16:51 - 000002340 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-02 16:49 - 2018-04-02 16:49 - 000000000 ____D C:\Program Files (x86)\GUMCBFD.tmp
2018-04-02 16:03 - 2018-04-02 16:03 - 000000000 ____D C:\Users\Kai\AppData\Local\Simply Super Software
2018-04-02 16:02 - 2018-04-02 16:02 - 002928184 _____ (Kaspersky Lab) C:\Users\Kai\Downloads\ksk1.0.3.326en_13497.exe
2018-04-02 15:59 - 2018-04-02 15:59 - 000388608 _____ (Trend Micro Inc.) C:\Users\Kai\Desktop\HijackThis.exe
2018-04-02 15:42 - 2018-04-02 15:42 - 000000000 ____D C:\Users\Kai\AppData\Local\sneabkl
2018-04-02 15:37 - 2018-04-02 20:09 - 000000626 _____ C:\Users\Kai\Desktop\JRT.txt
2018-04-02 15:36 - 2018-04-02 15:36 - 000000000 ____D C:\Users\Kai\AppData\Local\sbczodh
2018-04-02 15:30 - 2018-04-02 15:30 - 000000000 ____D C:\Users\Kai\AppData\Local\scbidmz
2018-04-02 15:28 - 2018-04-02 15:28 - 018617536 _____ (Microsoft Corporation) C:\Users\Kai\Downloads\MediaCreationTool.exe
2018-04-02 15:26 - 2018-04-02 15:26 - 000000000 ____D C:\Users\Kai\AppData\Local\sidnmkg
2018-04-02 06:35 - 2018-04-02 06:35 - 000000000 ____D C:\Users\Kai\AppData\Local\scrbkun
2018-04-02 04:29 - 2017-07-25 13:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Kai\Desktop\rkill.exe
2018-04-01 20:03 - 2018-04-01 20:03 - 000000000 ____D C:\ProgramData\SystemAcCrux
2018-04-01 18:11 - 2018-04-05 17:29 - 000000000 ____D C:\FRST
2018-04-01 17:56 - 2018-04-01 17:56 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-04-01 15:16 - 2018-04-01 15:16 - 001129816 _____ (Google Inc.) C:\Users\Kai\Downloads\ChromeSetup.exe
2018-04-01 15:01 - 2018-04-05 17:29 - 000330704 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-04-01 15:01 - 2018-04-01 20:20 - 000085693 _____ C:\WINDOWS\ZAM.krnl.trace
2018-04-01 15:01 - 2018-04-01 15:01 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-04-01 15:01 - 2018-04-01 15:01 - 000000000 ____D C:\Users\Kai\AppData\Local\Zemana
2018-04-01 14:44 - 2018-04-02 15:34 - 000000422 _____ C:\WINDOWS\system32\.crusader
2018-04-01 14:40 - 2018-04-02 20:38 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-04-01 14:39 - 2018-04-01 14:44 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-01 14:39 - 2018-04-01 14:39 - 011605440 _____ (SurfRight B.V.) C:\Users\Kai\Desktop\HitmanPro_x64.exe
2018-04-01 13:37 - 2018-04-02 20:12 - 000000000 ____D C:\AdwCleaner
2018-04-01 13:37 - 2018-04-01 13:37 - 001790024 _____ (Malwarebytes) C:\Users\Kai\Desktop\JRT.exe
2018-04-01 13:36 - 2018-04-01 13:37 - 008222496 _____ (Malwarebytes) C:\Users\Kai\Desktop\AdwCleaner.exe
2018-04-01 05:45 - 2018-04-01 05:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-04-01 05:07 - 2018-04-01 05:07 - 000004274 _____ C:\WINDOWS\System32\Tasks\TR_Updater
2018-04-01 05:07 - 2018-04-01 05:07 - 000004054 _____ C:\WINDOWS\System32\Tasks\TR_FastScan_Daily_Kai
2018-04-01 05:07 - 2018-04-01 05:07 - 000003880 _____ C:\WINDOWS\System32\Tasks\TR_FastScan_AtLogon
2018-04-01 05:07 - 2018-04-01 05:07 - 000000000 ____D C:\Users\Kai\Documents\Simply Super Software
2018-04-01 05:07 - 2018-04-01 05:07 - 000000000 ____D C:\ProgramData\Simply Super Software
2018-04-01 05:07 - 2018-04-01 05:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2018-04-01 05:07 - 2018-04-01 05:07 - 000000000 ____D C:\Program Files (x86)\Trojan Remover
2018-04-01 05:04 - 2018-04-01 05:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-31 21:53 - 2018-04-02 19:58 - 000002101 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-31 21:53 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-31 19:26 - 2018-04-03 15:44 - 000000000 ____D C:\Program Files\Common Files\AV
2018-03-31 19:19 - 2018-04-02 17:10 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-03-31 19:12 - 2018-04-02 20:03 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-31 19:12 - 2018-04-02 04:30 - 000000000 ____D C:\WINDOWS\pss
2018-03-31 18:51 - 2018-04-01 13:06 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-31 18:42 - 2018-04-02 20:05 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-31 18:42 - 2018-03-31 18:42 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-31 18:31 - 2018-03-31 18:31 - 000079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\fljm.sys
2018-03-31 18:13 - 2018-03-31 18:13 - 000079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mefrkund.sys
2018-03-31 18:00 - 2018-04-03 17:13 - 000000000 ____D C:\Users\Kai\AppData\Local\wmcagent
2018-03-31 18:00 - 2018-04-01 06:30 - 000000000 ____D C:\Users\Kai\AppData\Local\wmmvtpn
2018-03-31 17:57 - 2018-04-03 17:13 - 000000000 ____D C:\Users\Kai\AppData\Local\tihawem
2018-03-31 17:56 - 2018-04-03 16:08 - 002888704 _____ C:\WINDOWS\system32\dsoclegsvc.exe
2018-03-31 17:56 - 2018-03-31 17:56 - 000000000 ____D C:\WINDOWS\SysWOW64\widmkhl
2018-03-31 17:56 - 2018-03-31 17:56 - 000000000 ____D C:\WINDOWS\system32\widmkhl
2018-03-31 17:55 - 2018-03-31 17:55 - 000003758 _____ C:\WINDOWS\System32\Tasks\{5C03E5CF-1BA7-9901-9FA4-7E0E72E817E9}
2018-03-31 17:55 - 2018-03-31 17:55 - 000003544 _____ C:\WINDOWS\System32\Tasks\{B3FDCEDF-0075-C5AB-3BDA-5A116786AAE3}
2018-03-31 17:55 - 2018-03-31 17:55 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-03-31 17:55 - 2018-03-31 17:55 - 000000000 ____D C:\Users\Kai\AppData\Roaming\et
2018-03-31 17:12 - 2017-12-22 10:53 - 108846128 _____ (CANON INC.) C:\Users\Kai\Desktop\euw3.8.20-installer.exe
2018-03-31 17:01 - 2018-03-31 17:01 - 000000000 ____D C:\Users\Kai\AppData\Roaming\Canon_Inc_IC
2018-03-31 01:52 - 2018-03-31 01:52 - 000052429 _____ C:\WINDOWS\uninstaller.dat
2018-03-31 01:52 - 2018-03-31 01:52 - 000014040 _____ C:\WINDOWS\system32\Drivers\6a6cff5e551f4623b5a589ceaf395356.sys
2018-03-29 22:46 - 2018-03-29 23:30 - 418386912 _____ C:\Users\Kai\Desktop\Brothers First BlowJob - Mandy Flores [720p].wmv
2018-03-29 21:07 - 2018-03-29 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASYSTARONLINE2
2018-03-29 20:21 - 2018-03-31 15:18 - 000000000 ____D C:\PSO2 Tweaker
2018-03-29 20:21 - 2018-03-29 21:12 - 000000000 ____D C:\Users\Kai\AppData\Roaming\PSO2 Tweaker
2018-03-29 20:21 - 2018-03-29 20:21 - 000000000 ____D C:\Users\Kai\Documents\SEGA
2018-03-29 20:21 - 2018-03-29 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arks-Layer
2018-03-29 20:21 - 2018-03-29 20:21 - 000000000 ____D C:\PHANTASYSTARONLINE2
2018-03-25 14:57 - 2018-03-29 21:07 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-03-23 15:27 - 2018-03-23 15:27 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-03-23 15:26 - 2018-03-16 11:11 - 001985280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439124.dll
2018-03-23 15:26 - 2018-03-16 11:11 - 001684000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439124.dll
2018-03-23 15:20 - 2018-03-23 15:20 - 000004088 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-19 17:18 - 2018-03-26 20:23 - 000000000 ____D C:\Users\Kai\vmlogs
2018-03-19 17:18 - 2018-03-26 20:23 - 000000000 ____D C:\Users\Kai\.android
2018-03-13 22:36 - 2018-03-13 22:36 - 000004556 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-13 21:52 - 2018-03-01 20:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-13 21:52 - 2018-03-01 20:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-13 21:52 - 2018-03-01 20:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-13 21:52 - 2018-03-01 20:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-13 21:52 - 2018-03-01 20:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-13 21:52 - 2018-03-01 20:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-13 21:52 - 2018-03-01 19:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-13 21:52 - 2018-03-01 13:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-13 21:52 - 2018-03-01 00:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-13 21:52 - 2018-03-01 00:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-13 21:52 - 2018-03-01 00:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-13 21:52 - 2018-03-01 00:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-13 21:52 - 2018-03-01 00:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-13 21:52 - 2018-03-01 00:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-13 21:52 - 2018-03-01 00:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-13 21:52 - 2018-03-01 00:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-13 21:52 - 2018-03-01 00:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-13 21:52 - 2018-03-01 00:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-13 21:52 - 2018-03-01 00:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-13 21:52 - 2018-03-01 00:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-13 21:52 - 2018-03-01 00:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-13 21:52 - 2018-03-01 00:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-13 21:52 - 2018-03-01 00:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-13 21:52 - 2018-03-01 00:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-13 21:52 - 2018-03-01 00:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-13 21:52 - 2018-03-01 00:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-13 21:52 - 2018-03-01 00:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-13 21:52 - 2018-03-01 00:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-13 21:52 - 2018-03-01 00:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-13 21:52 - 2018-03-01 00:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-13 21:52 - 2018-03-01 00:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-13 21:52 - 2018-03-01 00:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-13 21:52 - 2018-03-01 00:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-13 21:52 - 2018-03-01 00:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-13 21:52 - 2018-03-01 00:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-13 21:52 - 2018-03-01 00:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-13 21:52 - 2018-03-01 00:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-13 21:52 - 2018-03-01 00:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-13 21:52 - 2018-03-01 00:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-13 21:52 - 2018-03-01 00:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-13 21:52 - 2018-03-01 00:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-13 21:52 - 2018-03-01 00:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-13 21:52 - 2018-03-01 00:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-13 21:52 - 2018-03-01 00:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-13 21:52 - 2018-03-01 00:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-13 21:52 - 2018-03-01 00:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-13 21:52 - 2018-03-01 00:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-13 21:52 - 2018-03-01 00:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-13 21:52 - 2018-03-01 00:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-13 21:52 - 2018-03-01 00:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-13 21:52 - 2018-02-28 23:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-13 21:52 - 2018-02-28 23:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-13 21:52 - 2018-02-28 23:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-13 21:52 - 2018-02-28 23:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-13 21:52 - 2018-02-28 23:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-13 21:52 - 2018-02-28 23:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-13 21:52 - 2018-02-28 23:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 21:52 - 2018-02-28 23:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-13 21:52 - 2018-02-28 23:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-13 21:52 - 2018-02-28 23:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-13 21:52 - 2018-02-28 23:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-13 21:52 - 2018-02-28 23:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-13 21:52 - 2018-02-28 23:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-13 21:52 - 2018-02-28 23:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-13 21:52 - 2018-02-28 23:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-13 21:52 - 2018-02-28 23:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-13 21:52 - 2018-02-28 23:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-13 21:52 - 2018-02-28 23:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-13 21:52 - 2018-02-28 23:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-13 21:52 - 2018-02-28 23:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-13 21:52 - 2018-02-28 23:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-13 21:52 - 2018-02-28 23:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-13 21:52 - 2018-02-28 23:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 21:52 - 2018-02-28 23:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-13 21:52 - 2018-02-28 23:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-13 21:52 - 2018-02-28 23:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-13 21:52 - 2018-02-28 22:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 21:52 - 2018-02-28 22:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-13 21:52 - 2018-02-28 22:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-13 21:52 - 2018-02-28 22:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-13 21:52 - 2018-02-28 22:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-13 21:52 - 2018-02-28 22:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-13 21:52 - 2018-02-28 22:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-13 21:52 - 2018-02-28 22:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-13 21:52 - 2018-02-28 22:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-13 21:52 - 2018-02-28 22:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-13 21:52 - 2018-02-28 22:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-13 21:52 - 2018-02-28 22:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-13 21:52 - 2018-02-28 22:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-13 21:52 - 2018-02-28 22:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-13 21:52 - 2018-02-28 22:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-13 21:52 - 2018-02-28 22:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-13 21:52 - 2018-02-28 22:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-13 21:52 - 2018-02-28 22:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-13 21:52 - 2018-02-28 22:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-13 21:52 - 2018-02-28 22:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-13 21:52 - 2018-02-28 22:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-13 21:52 - 2018-02-28 22:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-13 21:52 - 2018-02-28 22:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-13 21:52 - 2018-02-28 22:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-13 21:52 - 2018-02-28 22:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-13 21:52 - 2018-02-28 22:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-13 21:52 - 2018-02-28 22:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-13 21:52 - 2018-02-28 22:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-13 21:52 - 2018-02-28 22:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-13 21:52 - 2018-02-28 22:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-13 21:52 - 2018-02-28 22:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-13 21:52 - 2018-02-28 22:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-13 21:52 - 2018-02-28 22:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-13 21:52 - 2018-02-28 22:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-13 21:52 - 2018-02-28 22:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-13 21:52 - 2018-02-28 22:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-13 21:52 - 2018-02-28 22:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-13 21:52 - 2018-02-28 22:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-13 21:52 - 2018-02-28 22:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-13 21:52 - 2018-02-28 22:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-13 21:52 - 2018-02-28 22:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-13 21:52 - 2018-02-28 22:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-13 21:52 - 2018-02-28 22:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-13 21:52 - 2018-02-28 22:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-13 21:52 - 2018-02-28 22:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-13 21:52 - 2018-02-28 22:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-13 21:52 - 2018-02-28 22:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-13 21:52 - 2018-02-28 22:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-13 21:52 - 2018-02-28 22:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-13 21:52 - 2018-02-28 22:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-13 21:52 - 2018-02-28 22:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-13 21:52 - 2018-02-28 22:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-13 21:52 - 2018-02-28 22:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-13 21:52 - 2018-02-28 22:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-13 21:52 - 2018-02-28 22:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-13 21:52 - 2018-02-28 22:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-13 21:52 - 2018-02-28 22:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-13 21:52 - 2018-02-28 22:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-13 21:52 - 2018-02-28 22:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-13 21:52 - 2018-02-28 22:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-13 21:52 - 2018-02-28 22:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-13 21:52 - 2018-02-28 22:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-13 21:52 - 2018-02-28 22:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-13 21:52 - 2018-02-28 22:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-13 21:52 - 2018-02-28 22:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-13 21:52 - 2018-02-28 22:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-13 21:52 - 2018-02-28 22:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-13 21:52 - 2018-02-28 22:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-13 21:52 - 2018-02-28 22:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-13 21:52 - 2018-02-28 22:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-13 21:52 - 2018-02-28 22:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-13 21:52 - 2018-02-28 22:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-13 21:52 - 2018-02-28 22:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-13 21:52 - 2018-02-21 19:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-13 21:52 - 2018-02-21 19:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-13 21:52 - 2018-02-21 19:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-13 21:52 - 2018-02-21 19:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-13 21:52 - 2018-02-21 19:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-13 21:52 - 2018-02-21 19:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-13 21:52 - 2018-02-21 19:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-13 21:52 - 2018-02-21 19:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-13 21:52 - 2018-02-21 19:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-13 21:52 - 2018-02-21 19:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-13 21:52 - 2018-02-21 19:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-13 21:52 - 2018-02-21 19:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-13 21:52 - 2018-02-21 19:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-13 21:52 - 2018-02-21 19:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-13 21:52 - 2018-02-21 19:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-13 21:52 - 2018-02-21 19:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-13 21:52 - 2018-02-21 18:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-13 21:52 - 2018-02-21 18:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-13 21:52 - 2018-02-21 18:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-13 21:52 - 2018-02-21 18:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-13 21:52 - 2018-02-21 18:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-13 21:52 - 2018-02-21 18:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-13 21:52 - 2018-02-21 18:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-13 21:52 - 2018-02-21 18:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-13 21:52 - 2018-02-21 17:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-13 21:52 - 2018-02-21 17:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-13 21:52 - 2018-02-21 17:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-13 21:52 - 2018-02-21 17:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-13 21:52 - 2018-02-21 17:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-13 21:52 - 2018-02-21 17:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-13 21:52 - 2018-02-21 17:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-13 21:52 - 2018-02-21 17:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-13 21:52 - 2018-02-21 17:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-13 20:44 - 2018-03-13 20:46 - 110092367 _____ C:\Users\Kai\Downloads\SpankBang_carolina+sweets+stepfatherdaughterperversions7_480p.mp4
2018-03-13 01:04 - 2018-02-25 20:44 - 001985384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439101.dll
2018-03-13 01:04 - 2018-02-25 20:44 - 001684000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439101.dll
2018-03-06 00:42 - 2018-03-06 00:42 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-03-06 00:39 - 2018-04-01 20:37 - 000000000 ____D C:\ProgramData\AVAST Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-05 17:29 - 2016-09-21 16:01 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-05 07:16 - 2017-12-03 06:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-05 07:16 - 2017-10-18 06:54 - 000004553 _____ C:\Users\Kai\AppData\Roaming\VoiceMeeterDefault.xml
2018-04-04 22:33 - 2015-10-04 11:56 - 000000000 ____D C:\Users\Kai\AppData\Roaming\vlc
2018-04-04 21:33 - 2017-12-03 06:19 - 002058880 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-04 21:31 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-04 21:31 - 2017-09-02 04:18 - 000000000 ____D C:\Temp
2018-04-04 21:31 - 2016-09-21 16:00 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-04-04 21:31 - 2015-10-11 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-04-04 20:27 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-04 11:54 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-04 11:54 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-03 16:19 - 2017-12-03 06:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-03 16:09 - 2017-09-29 01:45 - 022544384 _____ C:\WINDOWS\system32\config\HARDWARE
2018-04-03 16:09 - 2017-09-29 01:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-04-03 15:35 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-04-03 15:30 - 2017-12-03 06:15 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-04-02 19:28 - 2015-11-04 22:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-02 18:21 - 2015-10-03 23:08 - 000000000 __RHD C:\ESD
2018-04-02 18:19 - 2017-12-02 11:19 - 000000000 ___DC C:\WINDOWS\Panther
2018-04-02 17:47 - 2015-11-04 22:31 - 000000000 ____D C:\Users\Kai\AppData\Local\Google
2018-04-02 17:16 - 2016-12-20 17:51 - 000093888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwfp.sys
2018-04-02 17:16 - 2016-10-12 12:29 - 000057032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2018-04-02 17:13 - 2017-12-25 08:31 - 000120008 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupflt.sys
2018-04-02 17:11 - 2017-09-29 06:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-04-02 16:51 - 2016-03-12 23:49 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-02 16:00 - 2015-10-17 10:22 - 000000000 ____D C:\ProgramData\TEMP
2018-04-02 15:45 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-04-02 15:45 - 2017-05-07 16:19 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-02 15:45 - 2015-12-22 17:09 - 000000000 ____D C:\Users\Kai\AppData\Local\CrashDumps
2018-04-02 15:30 - 2016-01-18 21:30 - 000000000 ____D C:\Users\Kai\AppData\Local\ElevatedDiagnostics
2018-04-01 20:19 - 2017-12-03 06:11 - 000000000 ____D C:\Users\Kai
2018-04-01 15:17 - 2017-02-18 15:31 - 000000000 ____D C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2018-04-01 14:44 - 2016-03-02 18:20 - 000000000 ____D C:\ProgramData\Baidu
2018-04-01 13:41 - 2016-08-25 17:27 - 000000000 ____D C:\Users\Kai\AppData\Roaming\IObit
2018-04-01 05:41 - 2015-10-29 23:28 - 000000000 ____D C:\Users\Default.migrated
2018-04-01 05:33 - 2015-10-13 21:05 - 000000000 ____D C:\Program Files (x86)\Panda Security
2018-04-01 05:11 - 2017-09-29 01:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-04-01 02:39 - 2017-01-28 02:27 - 000000000 ____D C:\Users\Kai\AppData\Roaming\PlaysTV
2018-03-31 21:28 - 2017-01-25 20:44 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-03-31 21:09 - 2016-03-21 20:00 - 000000000 ____D C:\Users\Kai\AppData\Roaming\discord
2018-03-31 20:12 - 2017-04-27 01:30 - 000000000 ____D C:\Users\Kai\Documents\Wooxy
2018-03-31 18:42 - 2015-11-04 22:53 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-03-31 18:34 - 2016-09-21 16:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-31 18:31 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-31 18:12 - 2015-10-04 21:59 - 000000000 ____D C:\Users\Kai\AppData\Roaming\qBittorrent
2018-03-31 17:55 - 2015-10-11 11:02 - 000000000 ____D C:\ProgramData\Intel
2018-03-31 17:36 - 2016-11-10 18:10 - 000000000 ____D C:\Users\Kai\AppData\Roaming\obs-studio
2018-03-31 17:17 - 2018-01-21 19:53 - 000000000 ____D C:\Users\Kai\AppData\Local\Canon_INC
2018-03-31 17:13 - 2018-01-21 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2018-03-31 17:13 - 2018-01-21 15:04 - 000000000 ____D C:\Program Files (x86)\Canon
2018-03-26 21:50 - 2017-07-30 17:31 - 000000000 ____D C:\Users\Kai\AppData\Local\Nox
2018-03-25 14:14 - 2016-04-23 22:34 - 000000000 ____D C:\Users\Kai\AppData\Roaming\NexonLauncher
2018-03-25 09:08 - 2017-11-30 10:44 - 004633920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-03-24 00:44 - 2015-10-11 10:10 - 000000000 ____D C:\Users\Kai\AppData\Local\NVIDIA
2018-03-23 18:19 - 2017-11-30 10:44 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb
2018-03-23 16:50 - 2017-09-02 04:30 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-03-23 16:02 - 2016-09-21 16:01 - 005952392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-03-23 16:02 - 2016-09-21 16:01 - 002596320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-03-23 16:02 - 2016-09-21 16:01 - 001767824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-03-23 16:02 - 2016-09-21 16:01 - 000633224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-03-23 16:02 - 2016-09-21 16:01 - 000451040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-03-23 16:02 - 2016-09-21 16:01 - 000123840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-03-23 16:02 - 2016-09-21 16:01 - 000083072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-03-23 15:20 - 2017-12-03 06:15 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 15:20 - 2017-12-03 06:15 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 15:20 - 2017-12-03 06:15 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 15:20 - 2017-12-03 06:15 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 15:20 - 2017-12-03 06:15 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 15:20 - 2017-12-03 06:15 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 15:20 - 2017-12-03 06:15 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-23 15:20 - 2016-09-21 16:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-03-22 01:48 - 2015-10-12 17:42 - 000007603 _____ C:\Users\Kai\AppData\Local\Resmon.ResmonCfg
2018-03-21 21:30 - 2016-09-30 01:21 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2018-03-21 21:30 - 2016-09-30 01:20 - 000000000 ____D C:\Program Files\Rockstar Games
2018-03-21 04:22 - 2016-09-21 16:01 - 008114212 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-03-20 09:54 - 2016-09-21 19:48 - 000000000 ___RD C:\Users\Kai\OneDrive
2018-03-20 09:54 - 2015-10-04 11:05 - 000002401 _____ C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-18 01:59 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-16 11:00 - 2017-11-30 10:44 - 004629824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\SET4D4C.tmp
2018-03-15 17:57 - 2017-11-30 10:44 - 000058816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-03-14 16:43 - 2017-12-03 06:24 - 000000000 ___RD C:\Users\Kai\3D Objects
2018-03-14 16:43 - 2015-09-09 22:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-14 16:42 - 2017-12-03 06:09 - 000291368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-14 07:36 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-14 07:36 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-14 07:36 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-14 06:05 - 2017-09-02 04:30 - 002480064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-03-14 06:05 - 2017-09-02 04:30 - 002137024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-03-14 06:05 - 2017-09-02 04:30 - 001310144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-03-14 05:44 - 2017-04-06 16:02 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-03-13 22:36 - 2017-12-03 06:15 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-03-13 22:36 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-13 22:36 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-13 21:57 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-13 21:56 - 2015-10-04 16:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-13 21:55 - 2017-10-10 20:57 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-13 21:55 - 2015-10-04 16:20 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-13 21:53 - 2017-09-29 06:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-13 21:53 - 2017-09-29 06:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

==================== Files in the root of some directories =======

1624-02-24 06:22 - 1624-02-24 06:22 - 000059904 _____ (Microsoft Corporation) C:\Users\Kai\AppData\Roaming\heyJqmUjiA.exe
2017-10-18 06:54 - 2018-04-05 07:16 - 000004553 _____ () C:\Users\Kai\AppData\Roaming\VoiceMeeterDefault.xml
2016-02-23 15:40 - 2016-02-23 15:44 - 000001456 _____ () C:\Users\Kai\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-10-12 17:42 - 2018-03-22 01:48 - 000007603 _____ () C:\Users\Kai\AppData\Local\Resmon.ResmonCfg
2017-03-30 19:48 - 2017-03-30 19:48 - 000000552 _____ () C:\Users\Kai\AppData\Local\TroubleshooterConfig.json

Some files in TEMP:
====================
2018-04-04 21:28 - 2018-03-15 15:42 - 000373696 _____ (NVIDIA Corporation) C:\Users\Kai\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-27 03:49

==================== End of FRST.txt ============================
 

Riccrocc789

New Member
Thread author
Apr 2, 2018
10
Here is the Addition txt File

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Kai (05-04-2018 17:30:19)
Running from C:\Users\Kai\Desktop
Windows 10 Pro Version 1709 16299.309 (X64) (2017-12-03 13:16:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1044547340-730167660-1221922556-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1044547340-730167660-1221922556-503 - Limited - Disabled)
Guest (S-1-5-21-1044547340-730167660-1221922556-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1044547340-730167660-1221922556-1003 - Limited - Enabled)
Kai (S-1-5-21-1044547340-730167660-1221922556-1001 - Administrator - Enabled) => C:\Users\Kai
WDAGUtilityAccount (S-1-5-21-1044547340-730167660-1221922556-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Free (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Free (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.31.5 - Mirillis)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.2.8.2 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.2.8.2 - ASUSTek COMPUTER INC.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Belkin USB Wireless Adapter (HKLM-x32\...\{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) Hidden
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.8.20.0 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.8.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.8.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Dxtory version 2.0.141 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.141 - ExKode Co. Ltd.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fight Stick Alpha (HKLM\...\{42B4B51C-A473-42BF-94CF-EFE46F277ED1}) (Version: 7.0.54.5 - Mad Catz Inc)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
GameRanger (HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\GameRanger) (Version: - GameRanger Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
InputMapper (HKLM-x32\...\{1A44056A-C7D8-4561-BC43-A0AA7D7AAA64}) (Version: 1.5.31.0 - DSDCS)
Intel(R) Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{185A77DF-D606-4AD2-B85D-A647A9DAA045}) (Version: 5.0.10.2808 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Kaspersky Free (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version: - )
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 8.85 (HKLM\...\Logitech Gaming Software) (Version: 8.85.215 - Logitech Inc.)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 5.0.0.20 - MSI)
MSI Kombustor 2.5.9 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.008 - MSI)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.75 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.5 - OBS Project)
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Protection (HKLM\...\{52F9D0C3-E6CF-4553-9013-8F2E834BD0B1}) (Version: 8.91.00 - Panda Security) Hidden
Phantasy Star Online 2: EPISODE 5 (HKLM-x32\...\{38CA1868-3A03-4B5D-93A1-FD6F61D6723A}_is1) (Version: - SEGA)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.27.5-r125535-release - Plays.tv, LLC)
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{35DB2630-846E-47C5-AF84-9D6AC3629F55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
PSO2 Tweaker (HKLM-x32\...\PSO2 Tweaker) (Version: 4.0.6.5 - Arks-Layer)
qBittorrent 4.0.4 (HKLM-x32\...\qBittorrent) (Version: 4.0.4 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0239 - REALTEK Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.8 - Rockstar Games)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.0 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Swiff Player 1.7.2 (HKLM-x32\...\Swiff Player_is1) (Version: 1.7.2 - GlobFX Technologies)
System Requirements Lab Detection (HKLM-x32\...\{AE0DE863-AF58-4D85-89B2-0921ECB5E1F6}) (Version: 6.1.6.0 - Husdawg, LLC)
Trojan Remover (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.5.0 - Simply Super Software)
Unity Web Player (HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\UnityWebPlayer) (Version: 5.3.2f1 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{61702639-6539-473A-8FE5-618E194C0069}) (Version: 2.7.0.0 - Microsoft Corporation)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wondershare Filmora(Build 7.2.0) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wooxy version 1.5.0.6 (HKLM-x32\...\{C183CD14-47D8-4F98-AF06-4744CB834C8E}_is1) (Version: 1.5.0.6 - Chewy)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1044547340-730167660-1221922556-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1044547340-730167660-1221922556-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1044547340-730167660-1221922556-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1044547340-730167660-1221922556-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1044547340-730167660-1221922556-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1044547340-730167660-1221922556-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-11-27] ()
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-04-02] (AO Kaspersky Lab)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [_Movavivc11] -> {1C604495-4D32-476e-8D7E-FBF50F6C80BF} => -> No File
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-04-02] (AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-04-02] (AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-04-02] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [_Movavivc11] -> {1C604495-4D32-476e-8D7E-FBF50F6C80BF} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00D49725-7D5B-47D8-8618-365EE984DD1C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {0FAE1984-CC16-4144-9E5B-C5B56D6C8E38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-12] (Google Inc.)
Task: {156131C4-0113-4DA7-BD7F-0099C9267546} - System32\Tasks\TR_FastScan_AtLogon => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [2018-03-04] (Simply Super Software)
Task: {1B82A522-7E1D-40A9-BF22-5981287108E5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-14] (NVIDIA Corporation)
Task: {1D48DBF2-5813-4FB7-ADB5-0D1D3CF0BFB5} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {22980AE4-8DA6-4555-8BCF-89D11D695982} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {258BEFF0-C2D3-44DF-A865-94A66B8E853E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {29489502-DCD5-4FFA-AABC-18043B29347C} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {36A6B609-8FF3-4A01-AFE3-3E618A0BE296} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {37B0E54E-0677-463A-82A1-CADC84276FC0} - no filepath
Task: {3A160B75-630C-4BE9-B9D8-8DD2F1FB6FCE} - System32\Tasks\TR_Updater => C:\Program Files (x86)\Trojan Remover\Trupd.exe [2018-02-18] (Simply Super Software)
Task: {3FDD8DDE-6405-45A6-ADD5-FAEB90F4BFFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {42CC63F8-D71F-48A5-BD3C-D0387A5F5415} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {472FF203-D829-4265-A253-B1EFC4CBF535} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-14] (NVIDIA Corporation)
Task: {4A9B5938-F9F2-48C6-9E7C-036E49C5D3DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {50209639-4B97-4C9C-879D-2DAC3D5A3280} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {536DF59F-3B19-4677-B0BC-539217930738} - System32\Tasks\TR_FastScan_Daily_Kai => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [2018-03-04] (Simply Super Software)
Task: {53C2E421-1E80-48FF-9374-0F9120A81929} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {55306E05-B6AA-4074-A3ED-7859E78E3936} - no filepath
Task: {578A18C7-3EA4-4E9E-9DE2-3141044815D8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {763772D5-D8FE-4C62-A303-F3383E25B962} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-14] (NVIDIA Corporation)
Task: {76630A0F-0099-43E2-A3F6-51EA2CE4105A} - no filepath
Task: {7EADE847-75B3-4B1D-B94A-44E600E4D53D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2018-03-13] (Microsoft Corporation)
Task: {862FFDD6-E28A-4428-A006-4F1675E349D2} - no filepath
Task: {8ECAFAEB-0426-49D6-A658-3665082B2550} - no filepath
Task: {91622EC9-63A5-4E57-924F-581AF5CAA50E} - no filepath
Task: {964173DE-98F8-4256-AFFF-CA6BB11CDD75} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {98EDC759-9A07-4F60-973E-D6406186CB88} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {A1465E58-5CC7-4103-A8D4-9DCA6D86F38C} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {A355F6EB-9CD6-4CBF-89B5-AFD87F4DE0E0} - no filepath
Task: {A7AE4C3C-72AE-4F2D-B061-3B9EE0806882} - no filepath
Task: {AA5CEB8E-1508-41DC-8ABE-2CD15C84906C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {AE698406-4FEB-414F-A78F-80D29E33CCCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-12] (Google Inc.)
Task: {B452E575-5676-4D43-A0E8-7F94B5343D42} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {B4C4562F-E68D-46D5-BBB2-0A5CF89994E2} - no filepath
Task: {B8AB7058-8BCC-4E44-9597-62F597ECA959} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {C45A65F8-5C4F-43F1-A8E3-DAF0341F2C75} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {C85734D8-315C-40CE-BBDE-B4DF00439F36} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {C93028C7-0802-46EF-882D-0B65B820CE13} - System32\Tasks\MSISW_Host => C:\WINDOWS\SysWOW64\muachost.exe [2015-08-18] (MSI)
Task: {D01D0BBB-A163-4D67-A7F2-422622682B86} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-14] (NVIDIA Corporation)
Task: {D021EE3B-8E5A-41E5-B59E-C1F8CEDD8D31} - no filepath
Task: {D96D764E-D139-4374-81EC-E88EDF98185E} - no filepath
Task: {E8205C3F-3351-4337-A99E-056B1DB9E361} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWoW64\muachost.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-01-13 14:56 - 2017-01-13 14:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-16 00:56 - 2016-02-16 00:56 - 000064512 _____ () C:\Windows\SysWOW64\dxconfig.exe
2017-09-02 04:30 - 2018-03-14 06:05 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 16:20 - 2016-09-24 16:21 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-09-16 15:56 - 2013-10-18 16:42 - 000048856 _____ () C:\Windows\runSW.exe
2018-01-21 15:39 - 2018-03-23 18:19 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-13 21:52 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 21:52 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-02 16:51 - 2018-03-19 23:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-04-02 16:51 - 2018-03-19 23:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-04-02 17:11 - 2018-04-02 17:11 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\kpcengine.2.3.dll
2016-08-25 17:27 - 2015-12-29 11:30 - 000625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2017-12-12 13:22 - 2017-12-12 13:22 - 000033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2017-12-12 13:22 - 2017-12-12 13:22 - 000103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2017-12-12 13:22 - 2017-12-12 13:22 - 000111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll
2017-12-12 13:22 - 2017-12-12 13:22 - 000041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2017-12-12 13:22 - 2017-12-12 13:22 - 000405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll
2017-12-12 13:22 - 2017-12-12 13:22 - 000173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2017-12-12 13:22 - 2017-12-12 13:22 - 001934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2017-12-12 13:22 - 2017-12-12 13:22 - 000077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2017-12-12 13:22 - 2017-12-12 13:22 - 001780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2017-12-12 13:22 - 2017-12-12 13:22 - 000505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2017-12-12 13:22 - 2017-12-12 13:22 - 003812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2017-09-02 04:30 - 2018-03-14 06:05 - 001041344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-01-24 17:27 - 2014-09-28 18:59 - 000019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE [138]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [138]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\aeriagames.com -> hxxp://aeriagames.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-30 15:42 - 2015-10-09 23:09 - 000001068 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 skioooopppp.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1044547340-730167660-1221922556-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: ASGT => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: GamingApp_Service => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: Intel(R) PROSet Monitoring Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ISCTAgent => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MSI_LiveUpdate_Service => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RunSwUSB => 2
MSCONFIG\Services: Stereo Service => 2
HKLM\...\StartupApproved\StartupFolder: => "OnePCOptimizer.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Hauppauge Device Properties.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RocketDock.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Steam.exe.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Service Manager.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "ISCT Tray"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "itype"
HKLM\...\StartupApproved\Run: => "Fight Stick Alpha"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "PSUAMain"
HKLM\...\StartupApproved\Run32: => "mpck_us_017010111"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "GammingApp"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "EaseUS TB Tray Agent"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKLM\...\StartupApproved\Run32: => "boinctray"
HKLM\...\StartupApproved\Run32: => "boincmgr"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\StartupFolder: => "crossbrowse.lnk"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\StartupFolder: => "RapidMediaConverterApp.lnk"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\StartupFolder: => "Steam.exe - Shortcut.lnk"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Deskjet 1510 series.lnk"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\StartupFolder: => "Voicemeeter (VB-Audio).LNK"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\StartupFolder: => "Service Manager.lnk"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0EDACD6EED7C70E31385F87CCD6447DE"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_199919BAB614DD41C40B7E10221AB358"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "DV"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "EvolveClient"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "MyComGames"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "Free Download Manager"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "ultracopier"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "Dxtory Update Checker 2.0"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "Iconoid"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-1044547340-730167660-1221922556-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{5C0443E6-7920-4645-84A3-D83B167FCCD6}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{6AE50665-D20E-4574-BEC1-33A0F44CF4B0}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{1DF2B781-2352-4123-B7EB-B2ED465CBE31}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{2DDFE7D5-63DD-4872-8F4A-6BFB0620AB23}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{2E2B9AD9-1C59-4488-8ABF-380076FBEFCD}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{A7D475A9-ACE6-47DC-9A09-9AF5725E10BB}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [UDP Query User{3ED0EC10-6D93-4D1A-80EA-038596F2B1FE}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{9100A6EB-931B-4E62-B39F-44176E30AF21}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{76FB6A2D-97D0-4884-8163-C91FB4D561B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{66E8BF5A-8B99-42D7-9B08-6CE565618D0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [UDP Query User{CE86945F-2A0E-4E67-827A-65751BABC1AA}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{A52BB89A-67A6-4F7E-B37B-85175C5CCF49}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{F312361D-23C3-4062-B10D-955D90D5DCD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe
FirewallRules: [{3AEE82EB-AFC6-4803-9D80-F355662E28FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe
FirewallRules: [{EE279DA5-6193-42F9-BFD1-B146EAC8512F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe
FirewallRules: [{871E6A9B-E445-4E6C-9A20-91AE101B4574}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe
FirewallRules: [{EC863864-8077-4D73-AD27-A2ABEE584AD1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A0E3B7B5-05AC-4EF0-895C-B67B6A08A772}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{06F76BC4-41EF-4A41-B0A9-8CD7740E9B40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\bin\SDKLauncher.exe
FirewallRules: [{01C086BA-0DC7-4A90-B121-72CDDE106F23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\bin\SDKLauncher.exe
FirewallRules: [UDP Query User{FCF4B07C-C598-4C17-991C-CDA6FA608187}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [TCP Query User{AC1FDD58-DE47-45FE-A00D-3D8928314462}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{52BB6430-1E82-481A-BA2A-59DBAED49177}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [{A5F7A1FE-9F39-46E6-AB96-4A369AA30946}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [{558BD65C-D224-4359-9251-6518CAA05B1A}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0A473595-FCB1-4E83-9CD4-5A10001516A4}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{EF501B72-A0CA-40F3-98FC-E6D9123ABF64}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FB659F00-A97D-4F4C-A1B1-142EE0086171}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DA284C33-353C-4B11-B49E-58F80C863AF3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A5DC66F6-6A2F-4222-9402-C8D0FB8DFBE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{86631524-5BEF-48E2-A6AE-301C37DD5FCC}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{AE0054B5-AEDC-4DF5-92EB-175D4A051F85}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [UDP Query User{665C2210-3535-4EAB-AF30-1D53A2E7D8C0}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{D6E688C8-C7CC-4B6A-AB4E-EDB662B36D70}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{B4042CDE-B0B1-4DE6-9134-E82F6459AC49}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{5205A5FC-702B-4A17-AFAC-BE869C72E207}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{DE8A0B34-4E51-4BA1-8CBD-90A3A6852625}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{22BAE8CA-ACB9-4E2A-9ACF-808ED100F477}C:\users\kai\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\kai\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{E2C85AAE-9873-4828-8946-1EB4E1143F47}C:\users\kai\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\kai\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [{C404F9FB-3EA3-4E53-B1EB-754C044359F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7F9C1C88-5FF6-4CEA-9B77-C54C2965A55A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{75FC35A3-385E-40B7-B2D2-039D5E5262C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DDCEFA74-EF4F-4188-8CF2-40D544ECD9EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DD7C6F77-DEB4-4BB6-8C4C-308FF0EE8301}] => (Block) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{5730C3CB-61E3-4BC2-B541-AC75CFCD6D83}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲敲瑳楷潮瑰楦瑬牥⹟硥e
FirewallRules: [{87C6DC28-1321-4064-9559-8224254F42A2}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲楷潮瑰楦瑬牥⹟硥e
FirewallRules: [{FCFE2A21-8A7C-40EE-9A06-F8A8228ABE47}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲敲瑳楷潮瑰楦瑬牥攮數
FirewallRules: [{1791FD50-2888-402E-A558-B95BD5A73885}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲楷潮瑰楦瑬牥攮數
FirewallRules: [{D1682868-91F5-49F7-A928-FB256E785456}] => (Allow) LPort=1900
FirewallRules: [{22B7A55E-E038-49E6-8FF1-3DC80CDF6CE6}] => (Allow) LPort=2869
FirewallRules: [{447D3164-30CC-4A74-863F-E8450F1A7271}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F08BBA56-F6B1-482C-B9BF-609F57CB4027}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{1094FC77-6A7F-47DC-B6F4-B3B9793CFE90}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{4187D68C-E4FB-4F8B-9ADB-016334CFA8FE}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{3388A094-C9C7-4E4B-8119-73673DC195AD}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [TCP Query User{E9FA719B-95F9-42F0-B490-9A5FA4842BDC}E:\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Block) E:\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{105E4C41-96BB-4EAA-B6DF-ABE9F06C74F9}E:\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Block) E:\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{3870F614-E67D-4245-87B8-4FDD3EC63E2A}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{BFB8642C-D608-49EA-B031-F6EB44008423}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{B9A33CD4-812C-4DBA-90F5-1E86523062EF}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{9805B338-BD1D-4470-A997-86C8CDC02C46}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{7820A71A-FE9E-421F-9142-CA8D6EDCC9FE}] => (Allow) E:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4F5A601D-8B0D-49BF-9971-B19E9476E8FF}] => (Allow) E:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{7A764212-389C-4EB9-9766-1433C50F8086}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{22A11042-CC5C-43F4-9E6F-58DC98565A13}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F8994EA1-8342-4656-B53F-6774347D0B5E}] => (Allow) E:\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{A2AFAB5F-98E7-4F5F-B62C-A6DF628CD8F5}] => (Allow) E:\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{FBADB00D-6528-4FC5-9B10-ED07D55B8ABE}] => (Block) %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{4EEC2912-18A5-41D0-8BCE-439DA097C7C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EC5F8A52-2E20-4568-8390-9CE12DF650B9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9FE9A121-603D-4E5E-98DE-5E2373290CE9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{114DB0C4-8F69-4C96-84E1-BDC23B4AA1BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BEE3B549-FBD7-47F9-AC14-FC7598B1C3B0}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{569A18CD-C616-430B-B4BC-0F7B9B2BACA0}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [TCP Query User{04C9B063-A326-457C-A135-ABF76277BF11}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{0F763A73-ABAE-48C7-95C2-4F36BF79D6E9}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{FE1497AB-7D6A-4B98-90DB-3D8EC2BEEF99}] => (Allow) LPort=53
FirewallRules: [{AFD1998C-2A18-46AB-ADDC-FC6C4E487920}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~1\RtWlan.exe
FirewallRules: [{CAC43040-837F-407C-98C3-2362184C873C}] => (Allow) LPort=1542
FirewallRules: [{DD17E176-764A-4A36-A55B-EBADC93CDF5C}] => (Allow) LPort=1542
FirewallRules: [{1EB3E1B3-259E-4FA7-A237-82E5F7CE2D59}] => (Allow) LPort=53
FirewallRules: [{54D42B47-845A-4CC5-80EB-CA91D2E33648}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~1\Rtldhcp.exe
FirewallRules: [{E9D2829A-1A05-42BE-A719-0D2B1685C444}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{EA38E98D-D6DE-4FB1-AF58-1DD84FEED032}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{1141B41B-27B2-4018-993D-650666A6311D}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{165BAB15-802A-4E56-940E-D02A05641D84}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{0479FB2B-28F7-469F-94BF-381CB40FDC42}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{93BBBBA1-7250-4814-A59A-95708A8B08D2}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{E2892540-A4E6-452B-A029-D004506747C1}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{0AEFB89F-3C3E-4639-B5F9-29968F2072CE}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{55263618-37E2-4D0C-856B-CBE26D9D1E5A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{65207CC3-94A3-4A61-A389-07680E76F1CC}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5659A404-DA81-4E3C-B5E7-5F176E7B1ECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DB Xenoverse 2\START.exe
FirewallRules: [{5B7882D1-8705-4129-8CBB-666BBF747B8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DB Xenoverse 2\START.exe
FirewallRules: [{83E06A9A-9301-4B2F-A282-BFB211F240BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{C16E358D-FDCD-48F0-9797-ADB7824F7394}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{CDD24464-D3D0-434E-B3BC-26335B70393C}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{5EFD7050-3AB8-4F50-947C-3E2D8540C567}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{46F11F6B-2476-4193-9093-2046D5B3B8B1}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{D937FD9C-AD1F-47A9-A6F6-60A014E9AC3F}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{796ADCB5-B20D-4FA9-B0D5-7784DC41A253}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{626D8271-EF3B-4A1D-BB22-37AC1CE0EF6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{AB094BD1-2C4C-431A-B0DE-6A65666181DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{82DAD4D6-F788-4133-87F2-345F1ECBB763}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{01E458A5-1A90-4FCC-9499-D75EAF90BD01}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe
FirewallRules: [{1B6A4770-1B4E-4B0C-89EF-64B7BD1C2649}] => (Allow) C:\Users\Kai\AppData\Roaming\heyJqmUjiA.exe
FirewallRules: [{5D3E5AC0-F4F6-4C62-A9A7-B343FB3A4E45}] => (Allow) C:\WINDOWS\SysWOW64\FxausA.exe
FirewallRules: [{A6097A7F-E8C0-4C7D-BB91-31DB2A1C1D66}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{7BA83EB4-7917-4E3C-B8C8-39F6CA2F503B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

02-04-2018 19:22:04 Installed WinThruster.
02-04-2018 20:07:44 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2018 05:30:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/05/2018 05:30:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/04/2018 10:19:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/04/2018 10:09:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/04/2018 10:09:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/04/2018 12:22:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/04/2018 12:22:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/04/2018 11:56:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (04/05/2018 05:30:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (04/05/2018 05:29:46 PM) (Source: DCOM) (EventID: 10010) (User: RICCYM)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (04/05/2018 05:29:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (04/05/2018 05:29:26 PM) (Source: DCOM) (EventID: 10016) (User: RICCYM)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user RICCYM\Kai SID (S-1-5-21-1044547340-730167660-1221922556-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/05/2018 05:29:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (04/05/2018 05:29:08 PM) (Source: DCOM) (EventID: 10016) (User: RICCYM)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user RICCYM\Kai SID (S-1-5-21-1044547340-730167660-1221922556-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/05/2018 07:16:55 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (04/05/2018 07:15:11 AM) (Source: DCOM) (EventID: 10010) (User: RICCYM)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2018-04-01 13:11:09.271
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:Win32/Tiggre!rfn threat description - Windows Defender Security Intelligence
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Kai\AppData\Local\tihawem\tihawem.exe;process:_pid:11688,ProcessStart:131670857731470257
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\Kai\AppData\Local\tihawem\tihawem.exe
Signature Version: AV: 1.263.1897.0, AS: 1.263.1897.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-04-01 13:10:24.921
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:Win32/Tiggre!rfn threat description - Windows Defender Security Intelligence
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Kai\AppData\Local\tihawem\tihawem.exe;process:_pid:11688,ProcessStart:131670857731470257
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\Kai\AppData\Local\tihawem\tihawem.exe
Signature Version: AV: 1.263.1897.0, AS: 1.263.1897.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-03-31 18:29:14.863
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:Win32/Cloxer.D!cl threat description - Windows Defender Security Intelligence
Name: Trojan:Win32/Cloxer.D!cl
ID: 2147726003
Severity: Severe
Category: Trojan
Path: file:_c:\users\kai\appdata\roaming\localdatant\msimg32.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.1856.0, AS: 1.263.1856.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-03-31 18:28:31.385
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:Win32/Cloxer.D!cl threat description - Windows Defender Security Intelligence
Name: Trojan:Win32/Cloxer.D!cl
ID: 2147726003
Severity: Severe
Category: Trojan
Path: file:_c:\users\kai\appdata\roaming\localdatant\msimg32.dll;service:_usbhubsvc4
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.1856.0, AS: 1.263.1856.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-01-06 11:17:02.359
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
TrojanDownloader:Win32/Powsheldow.B threat description - Windows Defender Security Intelligence
Name: TrojanDownloader:Win32/Powsheldow.B
ID: 2147716194
Severity: Severe
Category: Trojan Downloader
Path: amsi:_PowerShell_C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe_10.0.16299.150000000000000001
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Signature Version: AV: 1.259.1235.0, AS: 1.259.1235.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14405.2, NIS: 2.1.14202.0

Date: 2018-04-02 20:03:36.415
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-04-02 19:56:44.476
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-04-02 16:56:29.180
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-04-02 16:55:54.059
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-04-02 16:55:23.248
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2018-04-05 17:29:02.161
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-05 17:29:02.159
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-05 07:05:52.676
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-05 07:05:52.675
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-05 06:36:15.222
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-05 06:36:15.221
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-05 06:35:52.635
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-05 06:35:52.634
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 18%
Total physical RAM: 16335.1 MB
Available physical RAM: 13355.64 MB
Total Virtual: 61391.1 MB
Available Virtual: 53587.2 MB

==================== Drives ================================

Drive c: (Main SSD) (Fixed) (Total:930.97 GB) (Free:308.09 GB) NTFS
Drive d: (Main HDD) (Fixed) (Total:931.39 GB) (Free:50.75 GB) NTFS

\\?\Volume{fcdaf39d-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{fcdaf39d-0000-0000-0000-b0c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FCDAF39D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)

========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 

Riccrocc789

New Member
Thread author
Apr 2, 2018
10
Oh I'm sorry I didn't know here they are.
 

Attachments

  • FRST.txt
    122.3 KB · Views: 1
  • Addition.txt
    66.4 KB · Views: 1

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.



How is the situation now?
 

Attachments

  • fixlist.txt
    6.1 KB · Views: 42

Riccrocc789

New Member
Thread author
Apr 2, 2018
10
Everything seems to be fine now the files are gone now. Thank you so much! Here is the file.
 

Attachments

  • Fixlog.txt
    18.1 KB · Views: 7

Riccrocc789

New Member
Thread author
Apr 2, 2018
10
Sorry I just noticed that when I use AdwCleaner I get the same problem. Here is the log of what it found.
 

Attachments

  • AdwCleaner[S14].txt
    2.5 KB · Views: 2

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top