avast free antivirus and what we don’t know about it. how did he get into the system?!

E

EvgenKamensky

Well-known member
Joined
Mar 25, 2016
Posts
45
Location
Moscow
Hello

have some weird situation with avast free antivirus. i`am sure i did not even download it. not to mention that did not let it to be installed and disable windows defender:rolleyes: i have only only avast online security installed as firefox addon.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-10-2019 01
Ran by homeuser (10-10-2019 21:28:59)
Running from C:\Users\homeuser\Desktop\FRST
Windows 10 Pro Version 1903 18362.418 (X64) (2019-10-10 06:28:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3024691867-316160702-395545048-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3024691867-316160702-395545048-503 - Limited - Disabled)
Guest (S-1-5-21-3024691867-316160702-395545048-501 - Limited - Disabled)
homeuser (S-1-5-21-3024691867-316160702-395545048-1001 - Administrator - Enabled) => C:\Users\homeuser
WDAGUtilityAccount (S-1-5-21-3024691867-316160702-395545048-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\uTorrent) (Version: 3.5.5.45365 - BitTorrent Inc.)
µTorrent 3.5.5 (HKLM-x32\...\µTorrent 3.5.5 Build 45365) (Version: - )
7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Acronis True Image (HKLM-x32\...\{862C72C1-E306-424D-A030-B8DB22A1AC8A}) (Version: 24.4.21400 - Acronis)
Acronis Universal Restore Bootable Media Builder (HKLM-x32\...\{D8DCEF7C-9698-46FF-A1CB-89FAB7712E9E}) (Version: 11.7.40250 - Acronis)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.270 - Adobe)
AOMEI Backupper Professional Trial (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Bigfoot Networks Killer Network Manager (HKLM\...\{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.603 - Bigfoot Networks) Hidden
Bigfoot Networks Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.603 - Bigfoot Networks)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.140.2.1004 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boson NetSim 11 (HKLM-x32\...\{FFC473CA-A239-47D5-8B57-40055095196F}) (Version: 11.7.0000 - Boson Software, LLC) Hidden
Boson NetSim 11 (HKLM-x32\...\InstallShield_{FFC473CA-A239-47D5-8B57-40055095196F}) (Version: 11.7.0000 - Boson Software, LLC)
Clipdiary 5.3 (HKLM-x32\...\Clipdiary) (Version: 5.3 - Tiushkov Nikolay)
Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU)
Discord (HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
FxSound Enhancer (HKLM-x32\...\FxSound Enhancer) (Version: 13.027 - FxSound)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Hard Disk Sentinel Pro (HKLM-x32\...\Hard Disk Sentinel Pro) (Version: 5.50.10482 - )
HyperSnap 8.16.16 (HKLM\...\HyperSnap_is1) (Version: 8.16.16 - Hyperionics Technology, LLC)
Jeppesen CDA Service (HKLM-x32\...\{B9C9E547-9F27-4C4B-8E9C-58400B35CFE1}) (Version: 4.0.0.123 - Jeppesen)
Jeppesen Format Print Driver (HKLM-x32\...\{986090B3-C3B8-4DD4-8BB1-6561F74915FF}) (Version: 1.1.0.8 - Jeppesen)
Jeppesen Program and Data Installation (HKLM-x32\...\{4173F0BF-2363-4DC3-92A9-446B69DBB134}) (Version: 1.0.0.0 - Jeppesen)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 69.0.2 (x64 ru) (HKLM\...\Mozilla Firefox 69.0.2 (x64 ru)) (Version: 69.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.2 - Mozilla)
novaPDF for SDK v7 (novaPDF 7.7 printer) (HKLM\...\novaPDF for SDK v7_is1) (Version: 7.7.3987 - Softland)
NVIDIA Graphics Driver 436.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
ParkControl (HKLM-x32\...\ParkControl) (Version: 1.3.1.8 - Bitsum)
Process Lasso Pro (HKLM-x32\...\Process Lasso Pro) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Reg Organizer 8.30 (HKLM-x32\...\Reg Organizer_is1) (Version: 8.30 - lrepacks.ru)
Telegram Desktop version 1.8.15 (HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.15 - Telegram FZ-LLC)
Viber (HKLM-x32\...\{1ACD6C5F-7CFF-49C9-B1EE-3DF0C20B179E}) (Version: 11.6.0.51 - Viber Media S.a.r.l) Hidden
Viber (HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\{6b955245-7912-40bc-915d-8c6e3fe859e4}) (Version: 11.6.0.51 - Viber Media S.a.r.l)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WhatsApp (HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\WhatsApp) (Version: 0.3.4941 - WhatsApp)
WinTools.net Premium (HKLM-x32\...\WinTools.net Premium) (Version: - WinTools Software Engineering, Ltd.)
Wise Disk Cleaner 10.2.5 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 10.2.5 - WiseCleaner.com, Inc.)

Packages:
=========
Avira Phantom VPN -> C:\Program Files\WindowsApps\Avira.AviraPhantomVPN_1.15.89.0_x64__h4a2wkdf3s2xr [2019-10-10] (Avira)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.22.7.0_x86__kgqvnymyfvs32 [2019-10-10] (king.com)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.25.5.0_x86__kgqvnymyfvs32 [2019-10-10] (king.com)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe [2019-10-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-10-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.11280.0_x86__8wekyb3d8bbwe [2019-10-10] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2019-10-10] (Microsoft Corporation) [MS Ad]
Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.10.0.0_neutral__v68kp9n051hdp [2019-10-10] (Symantec Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0 [2019-10-10] (Spotify AB)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> no filepath
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_4_21400.dll [2019-09-23] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_4_21400.dll [2019-09-23] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_4_21400.dll [2019-09-23] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_4_21400.dll [2019-09-23] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [475672 2007-10-12] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [416280 2007-10-12] (Logitech Inc -> Logitech Inc.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\homeuser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2019-10-10 16:06 - 2016-04-01 08:30 - 000079360 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\CDAClient.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000154112 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\cdacommon.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000075776 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\CDAConfig.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000544256 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\CDACrypt.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000079872 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\CDAMsg.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000144896 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\DataMgr.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000238080 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\DownloadMgr.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000117248 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\jcommon.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000272896 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\tcutil.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000124416 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\UpdateMgr.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000217600 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\BFCommon.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000404992 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modApplications.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000036864 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modFeatures.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000025088 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modFraps.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000241152 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modGraph.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000062464 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modlcd.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000289280 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modNetwork.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000184832 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modNpu.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000210944 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modOptions.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000055808 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modOverview.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000329216 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modSystemInfo.dll
2011-05-09 20:46 - 2011-05-09 20:46 - 002760192 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\QtCore4.dll
2011-05-09 20:56 - 2011-05-09 20:56 - 009856000 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\QtGui4.dll
2011-05-09 20:48 - 2011-05-09 20:48 - 000990720 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\QtNetwork4.dll
2011-05-09 20:47 - 2011-05-09 20:47 - 000416256 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\QtXml4.dll
2011-05-10 12:32 - 2011-05-10 12:32 - 000731648 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\qwt5.dll
2019-10-10 10:13 - 2019-07-17 13:09 - 000097280 _____ () [File not signed] C:\TCPU71\Plugins\wdx\autorun\autorun.wdx
2019-10-10 10:13 - 2019-01-11 11:14 - 000009216 _____ () [File not signed] C:\TCPU71\Plugins\wdx\autorun\Plugins\Autorun_Sysinfo.dll
2019-10-10 10:13 - 2016-02-01 01:03 - 000009216 _____ () [File not signed] C:\TCPU71\Plugins\wdx\autorun\Plugins\TCFS2Tools.dll
2019-10-10 10:13 - 2013-10-17 01:06 - 000047616 _____ () [File not signed] C:\TCPU71\Plugins\wdx\EncInfo\EncInfo.wdx
2019-09-24 17:23 - 2019-09-24 17:23 - 024393024 _____ (Acronis International GmbH -> ) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2019-10-10 03:09 - 2015-05-21 14:32 - 000068784 _____ (Aomei Technology Co., Limited -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\AOMEI Backupper\vcomp.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000189952 _____ (Bigfoot Networks, Inc.) [File not signed] C:\Windows\system32\BfLLR.dll
2019-10-10 11:17 - 2019-02-21 19:00 - 000050688 _____ (Igor Pavlov) [File not signed] C:\Program Files (x86)\7-Zip\7-zip.dll
2017-09-03 10:38 - 2017-09-03 10:38 - 000019456 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Hard Disk Sentinel Pro\winspool.drv
2019-10-10 16:06 - 2016-04-01 08:30 - 001115648 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files (x86)\Jeppesen\CDA\libcurl.dll
2019-09-23 08:44 - 2019-09-23 08:44 - 025338368 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icudt54.dll
2019-09-23 08:44 - 2019-09-23 08:44 - 002056704 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuin54.dll
2019-09-23 08:44 - 2019-09-23 08:44 - 001425408 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuuc54.dll
2017-09-14 09:37 - 2017-09-14 09:37 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qgif.dll
2017-09-14 09:42 - 2017-09-14 09:42 - 000033280 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qicns.dll
2017-09-14 09:37 - 2017-09-14 09:37 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qico.dll
2017-09-14 09:37 - 2017-09-14 09:37 - 000245760 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qjpeg.dll
2017-09-14 09:42 - 2017-09-14 09:42 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qsvg.dll
2017-09-14 09:42 - 2017-09-14 09:42 - 000020992 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qtga.dll
2017-09-14 09:42 - 2017-09-14 09:42 - 000316416 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qtiff.dll
2017-09-14 09:42 - 2017-09-14 09:42 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qwbmp.dll
2017-09-14 09:42 - 2017-09-14 09:42 - 000322560 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qwebp.dll
2017-09-14 09:37 - 2017-09-14 09:37 - 001010688 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\platforms\qwindows.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 07:49 - 2019-10-10 21:26 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3024691867-316160702-395545048-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{629C5A6C-2A5B-4A52-BB1F-199B70DF0C9A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E2B68495-0037-40E3-B2AF-9484AFDE6130}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{23FBD9CE-AF7B-46E9-A69E-76BD3D5ACC2F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DA2AFA91-AE67-4D27-8ED8-79E742BAEBC4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1280639B-879D-4BC9-8FB7-61B5891485E7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7210E0A6-C3A3-471B-8EAC-354A916A474C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F30CCF39-8882-480F-922F-5D3ACE80A7C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C8A68741-FC74-4F9A-810E-570C90872C67}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{39E2673F-D4AE-4831-BD21-1D0E8F058668}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B7419F76-D5A7-444C-B718-7A03E6143BCF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4F44E9D8-08C3-462A-BC5B-6EB3DAC2CCF7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{BDAAF491-AE55-4EDA-B015-A51715897772}E:\utorrent pro 3.5.5 (build 45271) portable by sanlex+оптим.файл.кеш\utorrent pro 3.5.5 (build 45271) portable by sanlex\utorrent 3.5.5 build 45271.exe] => (Allow) E:\utorrent pro 3.5.5 (build 45271) portable by sanlex+оптим.файл.кеш\utorrent pro 3.5.5 (build 45271) portable by sanlex\utorrent 3.5.5 build 45271.exe No File
FirewallRules: [UDP Query User{E2B5FEFB-1745-4B24-8312-9BC669979F83}E:\utorrent pro 3.5.5 (build 45271) portable by sanlex+оптим.файл.кеш\utorrent pro 3.5.5 (build 45271) portable by sanlex\utorrent 3.5.5 build 45271.exe] => (Allow) E:\utorrent pro 3.5.5 (build 45271) portable by sanlex+оптим.файл.кеш\utorrent pro 3.5.5 (build 45271) portable by sanlex\utorrent 3.5.5 build 45271.exe No File
FirewallRules: [{9FDECF34-9E49-4073-99FF-FCF05B1E0069}] => (Allow) C:\Users\homeuser\AppData\Local\Temp\69358107-F3E5-4E26-A675-A251EF4201DB\ga_service.exe No File
FirewallRules: [{84CCF5A6-5344-4F04-8BDD-A95C0EBDC0BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3E3A569-5EEE-4D4E-B0AD-129216A16AFC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{293C89BE-E43A-4753-BCE7-3C3114155802}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5B38AB3E-2CBE-4751-BA94-BA2CFEAC8F55}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0E954386-070C-4D2A-9EB1-6D47C3097C3F}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI TECHNOLOGY CO., LTD. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{4A2BC2ED-365C-4731-A4E7-9F978C61F249}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI TECHNOLOGY CO., LTD. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{2FF96B22-DF96-488A-8231-B75A12899BB6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [{3C79DBD5-9034-4876-9211-0889AC0DB166}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{149A8DCA-AC7F-43AA-80C5-9E79B91EAE35}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{2201CD25-6760-46B1-8640-A3C2A59740D0}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{E12AB4C0-1AB8-4315-8B03-11CE56B805E9}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> ) [File not signed]
FirewallRules: [{F9FCC330-3EB0-4C60-9ED7-797C536FED0C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> ) [File not signed]
FirewallRules: [{71B22CF3-3984-4361-A50A-347F9307CA9A}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
FirewallRules: [{09FD86FA-610E-4AA5-8EE0-8EF6C1870A98}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
FirewallRules: [{57477F2F-F84C-4716-A3B1-0E2B987F25CA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )
FirewallRules: [{A826BF27-199A-43D4-9565-F78B87B0511C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{6C16D8E8-D25E-449C-A13C-1D24727A35CE}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
FirewallRules: [{F87CBDC5-6E38-45D6-AB85-EF9411E30323}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> )
FirewallRules: [{2EF41B4F-C268-400E-9F06-7F32AFFF1FD5}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\LicenseActivator.exe (Acronis International GmbH -> )
FirewallRules: [{B9504A0D-DF5F-4B3D-A329-283C2734C00E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Home\report_sender.exe (Acronis International GmbH -> )
FirewallRules: [{EC94B174-E665-4E7E-8E4D-191C599E4DB5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> )
FirewallRules: [{C6B2DB6F-0383-44D1-AF28-0717908869AD}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{F18FEFE6-1335-4069-9000-502793F6B59B}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageHomeService.exe No File
FirewallRules: [{6E72D62D-18E7-4D4F-AEA5-C4B7ADC3E1D5}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe (Acronis International GmbH -> )
FirewallRules: [{9EBC34F3-F874-4C97-AC3A-D8246FBAD63D}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{BCDC2602-AB2E-4DD8-A80F-86CA81BCCA18}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> ) [File not signed]
FirewallRules: [{E1D9767C-F51F-4D74-A522-B9F655D2E681}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\PxeUi.exe (CHENGDU AOMEI TECHNOLOGY CO., LTD. -> AOMEI Tech Co., Ltd.)
FirewallRules: [TCP Query User{7EDECD1A-AF4D-4721-A283-6DDC4A8225DC}C:\program files (x86)\jeppesen\jeppview for windows\jeppview.exe] => (Allow) C:\program files (x86)\jeppesen\jeppview for windows\jeppview.exe (Jeppesen Sanderson, Inc -> Jeppesen-Sanderson)
FirewallRules: [UDP Query User{83D5C78E-08A5-4EFB-851E-A0FBA007691E}C:\program files (x86)\jeppesen\jeppview for windows\jeppview.exe] => (Allow) C:\program files (x86)\jeppesen\jeppview for windows\jeppview.exe (Jeppesen Sanderson, Inc -> Jeppesen-Sanderson)
FirewallRules: [{6301C9A4-C4AD-435D-9C5B-9CE8279845A6}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [TCP Query User{515B0F46-C534-4777-BA19-3C5A6F792290}C:\users\homeuser\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\homeuser\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [UDP Query User{9CC834BB-51F5-4F11-848E-42D10CC26041}C:\users\homeuser\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\homeuser\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [{C20A5254-DFD2-4D25-8C07-DFE8EF4B7B3C}] => (Allow) C:\Users\homeuser\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [{7D01DF43-FA07-49C4-A881-BE7C89D03BD3}] => (Allow) C:\Users\homeuser\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) [File not signed]

==================== Restore Points =========================

10-10-2019 03:26:34 Installed Acronis True Image
10-10-2019 04:08:33 Installed Acronis Universal Restore Bootable Media Builder
10-10-2019 12:28:25 Installed Acronis True Image
10-10-2019 18:51:50 Windows Modules Installer
10-10-2019 18:52:13 Windows Modules Installer
10-10-2019 18:52:33 Windows Modules Installer

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2019 08:56:05 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (10/10/2019 08:47:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdge.exe version 11.0.18362.418 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: d04

Start Time: 01d57f92a7039179

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

Report Id: b1bedffb-405e-4b1c-94aa-613b6fcbca23

Faulting package full name: Microsoft.MicrosoftEdge_44.18362.387.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Hang type: Unknown

Error: (10/10/2019 08:46:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.18362.1, time stamp: 0xceb8cbe1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x000000000000049d
Faulting process id: 0x42f0
Faulting application start time: 0x01d57f92ae39c5db
Faulting application path: C:\Windows\System32\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: e7cdab40-f029-4173-926b-f476647ee1c3
Faulting package full name: Microsoft.MicrosoftEdge_44.18362.387.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (10/10/2019 08:20:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.1.0.1840, time stamp: 0x5d5c13ae
Faulting module name: Qt5Core.dll, version: 5.11.1.0, time stamp: 0x5cba0161
Exception code: 0xc0000005
Fault offset: 0x0018dc19
Faulting process id: 0x2838
Faulting application start time: 0x01d57f83435c4946
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 44d5370a-a991-478f-b49e-3dddc3b4db85
Faulting package full name:
Faulting package-relative application ID:

Error: (10/10/2019 06:54:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (10/10/2019 06:54:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (10/10/2019 06:53:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HD-DisableHyperV.exe, version: 4.100.0.1001, time stamp: 0xf18b16a0
Faulting module name: KERNELBASE.dll, version: 10.0.18362.418, time stamp: 0xfba22159
Exception code: 0xe0434352
Fault offset: 0x000000000003a839
Faulting process id: 0x2014
Faulting application start time: 0x01d57f829ecf4bfa
Faulting application path: C:\Users\homeuser\AppData\Local\Temp\7zS40C61A66\HD-DisableHyperV.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 9d9e7bac-942f-4381-b888-f25a930fb9e3
Faulting package full name:
Faulting package-relative application ID:

Error: (10/10/2019 06:53:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HD-DisableHyperV.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
at System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)
at System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo)
at DisableHyperV.MainWindow+<>c__DisplayClass4_0.<MainWindow_Loaded>b__1()
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at DisableHyperV.App.Main()


System errors:
=============
Error: (10/10/2019 09:05:19 PM) (Source: DCOM) (EventID: 10010) (User: SIMPC)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (10/10/2019 09:05:19 PM) (Source: DCOM) (EventID: 10010) (User: SIMPC)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (10/10/2019 09:05:19 PM) (Source: DCOM) (EventID: 10010) (User: SIMPC)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (10/10/2019 09:05:19 PM) (Source: DCOM) (EventID: 10010) (User: SIMPC)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (10/10/2019 09:05:19 PM) (Source: DCOM) (EventID: 10010) (User: SIMPC)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (10/10/2019 09:05:19 PM) (Source: DCOM) (EventID: 10010) (User: SIMPC)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (10/10/2019 09:05:19 PM) (Source: DCOM) (EventID: 10010) (User: SIMPC)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (10/10/2019 09:05:19 PM) (Source: DCOM) (EventID: 10010) (User: SIMPC)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2019-10-10 21:29:06.845
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...n32/Uwamson.A!ml&threatid=250070&enterprise=0
Name: Program:Win32/Uwamson.A!ml
ID: 250070
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_D:\ORBXtools\orbx_loader\orbx_loader\ORBX_Tools.exe; file:_D:\ORBXtools\orbx_loader\ORBX_Tools.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\TCPU71\TOTALCMD.EXE
Security intelligence Version: AV: 1.303.1350.0, AS: 1.303.1350.0, NIS: 1.303.1350.0
Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-10-10 21:29:04.886
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...n32/Uwamson.A!ml&threatid=250070&enterprise=0
Name: Program:Win32/Uwamson.A!ml
ID: 250070
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_D:\ORBXtools\orbx_loader\ORBX_Tools.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.303.1350.0, AS: 1.303.1350.0, NIS: 1.303.1350.0
Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-10-10 19:45:55.497
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...n32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Users\homeuser\AppData\Roaming\uTorrent\uTorrent.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: E:\uTorrent Pro 3.5.5 Build 45365 Stable RePack (& Portable) by D!akov\without\Torrent-3.5.5.45365.exe
Security intelligence Version: AV: 1.303.1350.0, AS: 1.303.1350.0, NIS: 1.303.1350.0
Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-10-10 19:45:04.223
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...n32/Vigorf.A&threatid=2147714384&enterprise=0
Name: Trojan:Win32/Vigorf.A
ID: 2147714384
Severity: Severe
Category: Trojan
Path: file:_E:\uTorrent Pro 3.5.5 Build 45365 Stable RePack (& Portable) by D!akov\without\Torrent-3.5.5.45365.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\TCPU71\TOTALCMD.EXE
Security intelligence Version: AV: 1.303.1350.0, AS: 1.303.1350.0, NIS: 1.303.1350.0
Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-10-10 19:37:37.645
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...2/Fuery.C!cl&threatid=2147718736&enterprise=0
Name: Trojan:Win32/Fuery.C!cl
ID: 2147718736
Severity: Severe
Category: Trojan
Path: file:_E:\uTorrent Pro 3.5.5 Build 45365 Stable RePack (& Portable) by D!akov\without\Torrent-3.5.5.45365.exe; file:_E:\uTorrent Pro 3.5.5 Build 45365 Stable RePack (& Portable) by D!akov\with\TorrentPro-3.5.5.45365.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: E:\uTorrent Pro 3.5.5 (build 45271) Portable by SanLex+?????.????.???\uTorrent Pro 3.5.5 (build 45271) Portable by SanLex\uTorrent 3.5.5 build 45271.exe
Security intelligence Version: AV: 1.303.1350.0, AS: 1.303.1350.0, NIS: 1.303.1350.0
Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-10-10 11:49:26.387
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.1322.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-10-10 11:32:30.105
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2019-10-10 11:25:05.793
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2019-10-10 21:29:31.107
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-10 21:29:31.106
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-10 21:29:30.856
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-10 21:29:30.855
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-10 21:28:59.136
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-10 21:28:59.134
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-10 21:28:58.446
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-10 21:28:58.445
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Award Software International, Inc. F4d 12/12/2011
Motherboard: Gigabyte Technology Co., Ltd. G1.Guerrilla
Processor: Intel(R) Core(TM) i7 CPU 980 @ 3.33GHz
Percentage of memory in use: 50%
Total physical RAM: 12286.42 MB
Available physical RAM: 6057.25 MB
Total Virtual: 24574.42 MB
Available Virtual: 16719.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.88 GB) (Free:49.66 GB) NTFS
Drive d: (simdisk) (Fixed) (Total:119.24 GB) (Free:36.67 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (FILMS) (Fixed) (Total:931.51 GB) (Free:57.04 GB) NTFS
Drive f: (backup) (Fixed) (Total:931.51 GB) (Free:31.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (storage2) (Fixed) (Total:465.75 GB) (Free:0.59 GB) NTFS
Drive h: (Acronis Media) (CDROM) (Total:0.7 GB) (Free:0 GB) CDFS

\\?\Volume{465fb6dd-0000-0000-0000-100000000000}\ () (Fixed) (Total:55.89 GB) (Free:0.68 GB) NTFS
\\?\Volume{c2d32257-0000-0000-0000-80b81b000000}\ () (Fixed) (Total:0.46 GB) (Free:0.06 GB) NTFS
\\?\Volume{c2d32257-0000-0000-0000-50d61b000000}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: FB81C632)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F477C05A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 55.9 GB) (Disk ID: 465FB6DD)
Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: C2D32257)
Partition 1: (Not Active) - (Size=110.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=476 MB) - (Type=27)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 5 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: FB81C633)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-10-2019 01
Ran by homeuser (administrator) on SIMPC (Gigabyte Technology Co., Ltd. G1.Guerrilla) (10-10-2019 21:27:14)
Running from C:\Users\homeuser\Desktop\FRST
Loaded Profiles: homeuser (Available Profiles: homeuser)
Platform: Windows 10 Pro Version 1903 18362.418 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Clipdiary\Clipdiary.exe
() [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
() [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
() [File not signed] C:\TCPU71\Programm\ClockTC\ClockTC.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
(ALCPU -> ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitsum LLC -> Bitsum LLC) [File not signed] C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum LLC -> Bitsum LLC) [File not signed] C:\Program Files\Process Lasso\ProcessLasso.exe
(Bitsum LLC -> Bitsum LLC) C:\Program Files\ParkControl\ParkControl.exe
(CHENGDU AOMEI TECHNOLOGY CO., LTD. -> AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Discord Inc. -> Discord Inc.) C:\Users\homeuser\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\homeuser\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\homeuser\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\homeuser\AppData\Local\Discord\app-0.0.305\Discord.exe
(FxSound, LLC -> ) [File not signed] C:\Program Files (x86)\DFX\DFX.exe
(FxSound, LLC -> ) C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
(FxSound, LLC -> ) C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(Ghisler Software GmbH) [File not signed] C:\TCPU71\TOTALCMD.EXE
(Janos Mathe -> H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel Pro\HDSentinel.exe
(Jeppesen Sanderson, Inc -> ) C:\Program Files (x86)\Jeppesen\CDA\cda.exe
(Jeppesen Sanderson, Inc -> ) C:\Program Files (x86)\Jeppesen\CDA\CDAMonitor.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mega Limited -> Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.152.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.152.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Viber Media S.à r.l. -> Viber Media S.Ã r.l.) C:\Users\homeuser\AppData\Local\Viber\Viber.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [824240 2019-09-23] (Acronis International GmbH -> Acronis International GmbH)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5035416 2019-09-23] (Acronis International GmbH -> )
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [441448 2019-09-23] (Acronis International GmbH -> Acronis International GmbH)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [61370712 2019-10-10] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [FxSound Enhancer] => C:\Program Files (x86)\DFX\dfx.exe [1780728 2019-07-26] (FxSound, LLC -> ) [File not signed]
HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1592440 2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\Run: [Discord] => C:\Users\homeuser\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\Run: [Clipdiary] => C:\Program Files (x86)\Clipdiary\clipdiary.exe [6735360 2019-05-06] () [File not signed]
HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\Run: [Viber] => C:\Users\homeuser\AppData\Local\Viber\Viber.exe [41029704 2019-09-25] (Viber Media S.à r.l. -> Viber Media S.Ã r.l.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-10-10] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bigfoot Killer Network Manager.lnk [2019-10-10]
ShortcutTarget: Bigfoot Killer Network Manager.lnk -> C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CDA Monitor.lnk [2019-10-10]
ShortcutTarget: CDA Monitor.lnk -> C:\Program Files (x86)\Jeppesen\CDA\CDAMonitor.exe (Jeppesen Sanderson, Inc -> )
Startup: C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-10-10]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E25192C-9BE3-4FB1-BE68-D59CC76ECADF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1269051C-87EB-48C7-8E34-EE0356A144FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-10] (Google Inc -> Google LLC)
Task: {1FDF2843-2647-404C-B0E2-9153C685F929} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {270D6A16-FBD6-4C5A-A423-10423B4C444F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-10] (Google Inc -> Google LLC)
Task: {3E33B2C9-4B77-42D5-9B3C-7A4158EDDA41} - System32\Tasks\Core Temp Autostart homeuser => C:\Program Files\Core Temp\Core Temp.exe [1011592 2019-08-30] (ALCPU -> ALCPU)
Task: {4A8AEADC-3406-4AD2-AD38-98E8D10B2AE2} - System32\Tasks\ParkControl => C:\Program Files\ParkControl\parkcontrol.exe [709512 2019-08-15] (Bitsum LLC -> Bitsum LLC) <==== ATTENTION
Task: {4B8FFC2A-0F8A-4D8B-9C43-E3196AB515F7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4CAC860A-F0F5-4EBC-849B-BD0659C8A775} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {4F0750B2-34A1-4E37-B9D0-FF077F401CA7} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3024691867-316160702-395545048-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [615160 2019-09-06] (Mega Limited -> Mega Limited)
Task: {76DFCE02-CA7D-471B-87E9-B42C8997390A} - System32\Tasks\BlueStacksHelper => E:\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {881AAC14-1DD6-4347-8953-2FBB65A325A1} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [415744 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {889EFEA1-29FA-493C-9790-4939CA8C37B1} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2696520 2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {912AD4A3-C202-4C25-A670-DF6E007876E7} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [1541520 2019-09-18] (Bitsum LLC -> Bitsum LLC) [File not signed]
Task: {A94960AA-AA95-4193-B93A-97491B8239DD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-10-10] () [File not signed]
Task: {AA932CE1-F8D2-4578-B244-789D687F25E0} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_homeuser => C:\Program Files (x86)\Hard Disk Sentinel Pro\HDSentinel.exe [5658384 2019-07-10] (Janos Mathe -> H.D.S. Hungary)
Task: {BF240BCC-00E8-4226-9055-13BC13076D75} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D64CD868-2345-47BD-87C7-CE8B96B28987} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [1029512 2019-09-18] (Bitsum LLC -> Bitsum LLC) [File not signed]
Task: {D79C8EFF-FF41-4878-8761-CB67B8A959B3} - System32\Tasks\WiseCleaner\WDCSkipUAC => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [6982216 2019-09-26] (Lespeed Technology Ltd. -> WiseCleaner.com)
Task: {EA7B3E22-B462-4093-AF64-51433F922EE9} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_270_Plugin.exe [1457720 2019-10-10] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [174592 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [174592 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [174592 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [174592 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9 19 C:\Windows\SysWOW64\BfLLR.dll [174592 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [189952 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [189952 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [189952 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [189952 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9-x64 19 C:\Windows\system32\BfLLR.dll [189952 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{15071d1f-12aa-4cf3-98d9-4f4c345bd3bc}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Edge:
======
DownloadDir:
Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.10.0.0_neutral__v68kp9n051hdp [2019-10-10]

FireFox:
========
FF DefaultProfile: cpldss12.default
FF ProfilePath: C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\cpldss12.default [2019-10-10]
FF ProfilePath: C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release [2019-10-10]
FF Homepage: Mozilla\Firefox\Profiles\s2ccsxum.default-release -> hxxps://yandex.ru/?clid=2224022
FF NetworkProxy: Mozilla\Firefox\Profiles\s2ccsxum.default-release -> type", 0
FF HomepageOverride: Mozilla\Firefox\Profiles\s2ccsxum.default-release -> Enabled: homeutil@yandex.ru
FF NewTabOverride: Mozilla\Firefox\Profiles\s2ccsxum.default-release -> Enabled: vb@yandex.ru
FF NewTabOverride: Mozilla\Firefox\Profiles\s2ccsxum.default-release -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF Extension: (Hoxx VPN Proxy) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\@hoxx-vpn.xpi [2019-10-09]
FF Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\@setupvpncom.xpi [2019-10-09]
FF Extension: (WebRTC Leak Shield) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\@webrtc-leak-shield.xpi [2018-02-24]
FF Extension: (anonymoX) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\client@anonymox.net.xpi [2018-12-14]
FF Extension: (FireX Proxy) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\divanproger@gmail.com.xpi [2019-08-19]
FF Extension: (Free Download Manager) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\fdm_ffext2@freedownloadmanager.org.xpi [2019-09-25]
FF Extension: (Ghostery – Конфиденциальный Блокировщик Рекламы) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\firefox@ghostery.com.xpi [2019-08-29]
FF Extension: (MEGA) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\firefox@mega.co.nz.xpi [2019-10-03] [UpdateUrl:hxxps://mega.nz/firefox-web-extension-updates.json]
FF Extension: (Tampermonkey) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\firefox@tampermonkey.net.xpi [2019-05-30]
FF Extension: (Стартовая — Яндекс) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\homeutil@yandex.ru.xpi [2019-09-09]
FF Extension: (Кнопка «Сохранить» в Pinterest) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2019-09-25]
FF Extension: (Доступ к Рутрекеру) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\public.proartex@gmail.com.xpi [2018-05-08]
FF Extension: (S3.Переводчик) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\s3google@translator.xpi [2018-10-10]
FF Extension: (uBlock Origin) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\uBlock0@raymondhill.net.xpi [2019-09-27]
FF Extension: (Avast Online Security) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\wrc@avast.com.xpi [2019-10-10]
FF Extension: (minerBlock) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\xd4rker@gmail.com.xpi [2019-02-04]
FF Extension: (Zoom Page WE) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\zoompage-we@DW-dev.xpi [2019-10-09]
FF Extension: (First Mountain Snow by M♥Donna) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\{58ed0b89-8436-4436-be1c-0f56273f1adf}.xpi [2019-05-14]
FF Extension: (Web of Trust) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2019-09-02]
FF Extension: (Video DownloadHelper) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-07-08]
FF Extension: (Adblock Plus - бесплатный блокировщик рекламы) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-08-22]
FF Extension: (Greasemonkey) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2019-06-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_270.dll [2019-10-10] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_270.dll [2019-10-10] (Adobe Inc. -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-10] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-10] (Google Inc -> Google LLC)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.mail.ru/cnt/9516
CHR StartupUrls: Default -> "hxxp://www.mail.ru/cnt/9516","hxxp://mail.ru/cnt/10445?gp=812208"
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B792CA924-60DD-4AE5-BF89-099626812133%7D&gp=812209
CHR DefaultSearchKeyword: Default -> go.mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default [2019-10-10]
CHR Extension: (Slides) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-10]
CHR Extension: (Docs) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-10]
CHR Extension: (Google Drive) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-10]
CHR Extension: (YouTube) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-10]
CHR Extension: (Sheets) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-10]
CHR Extension: (Google Docs Offline) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-10-10]
CHR Extension: (Direct.Fastix ) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lknnjfgcgglncamgpbbdfkianokjohlh [2019-10-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-10]
CHR Extension: (Gmail) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-10]
CHR Extension: (Chrome Media Router) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [10316304 2019-09-23] (Acronis International GmbH -> )
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [844888 2019-09-27] (CHENGDU AOMEI TECHNOLOGY CO., LTD. -> AOMEI Tech Co., Ltd.)
R2 Bigfoot Networks Killer Service; C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [494080 2013-10-09] () [File not signed]
R2 CDA; C:\Program Files (x86)\Jeppesen\CDA\CDA.exe [134088 2016-04-01] (Jeppesen Sanderson, Inc -> )
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\FileSyncHelper.exe [2124104 2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2019-09-23] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2019-09-23] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1912488 2019-09-23] (Acronis International GmbH -> )
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\OneDriveUpdaterService.exe [2489984 2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [7095824 2019-09-23] (Acronis International GmbH -> Acronis International GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALSysIO; C:\Users\homeuser\AppData\Local\Temp\ALSysIO64.sys [47240 2019-10-10] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [51120 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [171952 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [38320 2017-09-01] (CHENGDU AOMEI Tech Co., Ltd. -> )
R3 BfEdge7x64; C:\Windows\System32\drivers\Edge7x64.sys [31336 2013-10-09] (Bigfoot Networks, Inc. -> Bigfoot Networks, Inc.)
R3 BFN7x64; C:\Windows\System32\drivers\Xeno7x64.sys [157288 2013-10-09] (Bigfoot Networks, Inc. -> Bigfoot Networks, Inc.)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-10-07] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R3 DFX12; C:\Windows\system32\drivers\dfx12x64.sys [39048 2018-03-08] (Power Technology -> Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2019-10-10] (Malwarebytes Corporation -> Malwarebytes)
R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [687768 2019-10-10] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [390592 2019-10-10] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-10-10] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-10-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-10-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-10-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116832 2019-10-10] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_830a0263f2ee97ce\nvlddmkm.sys [22370696 2019-09-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 tib; C:\Windows\system32\DRIVERS\tib.sys [883256 2019-10-10] (Acronis International GmbH -> Acronis International GmbH)
R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [171968 2019-10-10] (Acronis International GmbH -> Acronis International GmbH)
S3 tnd; C:\Windows\system32\DRIVERS\tnd.sys [693768 2019-10-10] (Acronis International GmbH -> Acronis International GmbH)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [330176 2019-10-10] (Acronis International GmbH -> Acronis International GmbH)
R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [243472 2019-10-10] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46688 2019-10-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [350136 2019-10-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-11 05:08 - 2019-10-11 05:08 - 004745808 _____ (Acronis) C:\Windows\system32\auto_reactivate.exe
2019-10-11 05:08 - 2019-10-11 05:08 - 000286736 _____ (Acronis International GmbH) C:\Windows\system32\snapapiar64.dll
2019-10-10 21:10 - 2019-10-10 21:10 - 000000655 _____ C:\Windows\system32\Drivers\etc\hosts.zip
2019-10-10 21:08 - 2019-10-10 21:27 - 000000000 ____D C:\Users\homeuser\Desktop\FRST
2019-10-10 21:08 - 2019-10-10 21:27 - 000000000 ____D C:\FRST
2019-10-10 21:06 - 2019-10-10 21:06 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-10-10 21:06 - 2019-10-10 21:06 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-10-10 21:06 - 2019-10-10 21:06 - 000116832 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-10-10 21:06 - 2019-10-10 21:06 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-10-10 20:57 - 2019-10-10 20:58 - 000000000 ____D C:\Program Files\HyperSnap
2019-10-10 20:57 - 2019-10-10 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperSnap
2019-10-10 20:46 - 2019-10-10 20:46 - 000000000 ____D C:\Users\homeuser\AppData\Local\CrashDumps
2019-10-10 20:44 - 2019-10-10 20:44 - 000000000 ____D C:\Users\homeuser\AppData\Local\Viber Media S.à r.l
2019-10-10 20:39 - 2019-10-10 20:39 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2019-10-10 20:38 - 2019-10-10 20:38 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-10-10 20:36 - 2019-10-10 21:00 - 000000000 ____D C:\ProgramData\AVAST Software
2019-10-10 20:35 - 2019-10-10 20:36 - 000000000 ____D C:\Users\homeuser\Documents\ViberDownloads
2019-10-10 20:34 - 2019-10-10 20:44 - 000000000 ____D C:\Users\homeuser\AppData\Local\Viber
2019-10-10 20:34 - 2019-10-10 20:35 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\ViberPC
2019-10-10 20:34 - 2019-10-10 20:34 - 000001032 _____ C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2019-10-10 20:34 - 2019-10-10 20:34 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2019-10-10 20:34 - 2019-10-10 20:34 - 000000000 ____D C:\Users\homeuser\AppData\Local\Package Cache
2019-10-10 20:22 - 2019-10-10 20:22 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinTools.net Premium
2019-10-10 20:22 - 2019-10-10 20:22 - 000000000 ____D C:\Program Files (x86)\WinTools Software
2019-10-10 20:15 - 2019-10-10 20:15 - 000000121 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2019-10-10 20:15 - 2019-10-10 20:15 - 000000000 ____D C:\Users\homeuser\Documents\Boson NetSim Labs
2019-10-10 20:15 - 2019-10-10 20:15 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Boson Software, LLC
2019-10-10 20:15 - 2019-10-10 20:15 - 000000000 ____D C:\Users\homeuser\AppData\Local\Boson_Software,_LLC
2019-10-10 20:14 - 2019-10-10 20:14 - 000002118 _____ C:\Users\Public\Desktop\Boson NetSim 11.lnk
2019-10-10 20:14 - 2019-10-10 20:14 - 000002118 _____ C:\ProgramData\Desktop\Boson NetSim 11.lnk
2019-10-10 20:14 - 2019-10-10 20:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boson Software
2019-10-10 20:14 - 2019-10-10 20:14 - 000000000 ____D C:\ProgramData\Boson Software
2019-10-10 20:14 - 2019-10-10 20:14 - 000000000 ____D C:\Program Files (x86)\Boson Software
2019-10-10 20:02 - 2019-10-10 21:19 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Clipdiary
2019-10-10 20:02 - 2019-10-10 20:02 - 000001114 _____ C:\Users\homeuser\Desktop\Clipdiary.lnk
2019-10-10 20:02 - 2019-10-10 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clipdiary
2019-10-10 20:02 - 2019-10-10 20:02 - 000000000 ____D C:\Program Files (x86)\Clipdiary
2019-10-10 19:48 - 2019-10-10 19:48 - 006932282 _____ C:\Users\homeuser\AppData\Roaming\uTorrent.7z
2019-10-10 19:45 - 2019-10-10 20:56 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\uTorrent
2019-10-10 19:45 - 2019-10-10 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\µTorrent
2019-10-10 19:25 - 2019-10-10 20:34 - 000001030 _____ C:\Users\homeuser\Desktop\Viber.lnk
2019-10-10 19:22 - 2019-10-10 19:22 - 000001411 _____ C:\Users\homeuser\Desktop\Mamba.lnk
2019-10-10 19:22 - 2019-10-10 19:22 - 000001407 _____ C:\Users\homeuser\Desktop\VK.lnk
2019-10-10 19:15 - 2007-10-12 02:00 - 000490008 _____ (Logitech Inc.) C:\Windows\SysWOW64\LVUI2.dll
2019-10-10 19:15 - 2007-10-12 02:00 - 000486936 _____ (Logitech Inc.) C:\Windows\system32\LVUIRC64.dll
2019-10-10 19:15 - 2007-10-12 02:00 - 000465432 _____ (Logitech Inc.) C:\Windows\SysWOW64\LVUI2RC.dll
2019-10-10 19:15 - 2007-10-12 02:00 - 000050072 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LVUSBS64.sys
2019-10-10 19:15 - 2007-10-12 01:59 - 000685080 _____ (Logitech Inc.) C:\Windows\system32\LVUI64.dll
2019-10-10 19:15 - 2007-10-12 01:57 - 000416280 _____ (Logitech Inc.) C:\Windows\SysWOW64\lvcodec2.dll
2019-10-10 19:15 - 2007-10-12 01:57 - 000257560 _____ (Logitech Inc.) C:\Windows\system32\lvco1150.dll
2019-10-10 19:15 - 2007-10-12 01:56 - 001214488 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LV302V64.SYS
2019-10-10 19:15 - 2007-10-12 01:56 - 000475672 _____ (Logitech Inc.) C:\Windows\system32\lvcod64.dll
2019-10-10 19:15 - 2007-10-12 01:18 - 000021138 _____ C:\Windows\system32\Repository.reg
2019-10-10 19:15 - 2007-10-12 01:11 - 000059500 _____ C:\Windows\system32\lvcoin64.ini
2019-10-10 19:00 - 2019-10-10 19:00 - 000003908 _____ C:\Windows\system32\Tasks\BlueStacksHelper
2019-10-10 18:57 - 2019-10-10 18:57 - 000000000 ____D C:\Users\homeuser\AppData\Local\CEF
2019-10-10 18:43 - 2019-10-10 18:43 - 000000000 ____D C:\Users\homeuser\Downloads\Telegram Desktop
2019-10-10 18:15 - 2019-10-10 18:15 - 000001571 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2019-10-10 18:15 - 2019-10-10 18:15 - 000001571 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk
2019-10-10 18:15 - 2019-10-10 18:15 - 000001571 _____ C:\ProgramData\Desktop\BlueStacks.lnk
2019-10-10 18:15 - 2019-10-10 18:15 - 000001261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2019-10-10 18:15 - 2019-10-10 18:15 - 000001249 _____ C:\Users\Public\Desktop\BlueStacks Multi-Instance Manager.lnk
2019-10-10 18:15 - 2019-10-10 18:15 - 000001249 _____ C:\ProgramData\Desktop\BlueStacks Multi-Instance Manager.lnk
2019-10-10 18:12 - 2019-10-10 18:12 - 000000000 ____D C:\Program Files\BlueStacks
2019-10-10 16:54 - 2019-10-10 16:54 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\ChemTable Software
2019-10-10 16:54 - 2019-10-10 16:54 - 000000000 ____D C:\Users\homeuser\AppData\Local\ChemTable Software
2019-10-10 16:53 - 2019-10-10 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Organizer
2019-10-10 16:53 - 2019-10-10 16:53 - 000000000 ____D C:\Program Files (x86)\Reg Organizer
2019-10-10 16:44 - 2019-10-10 19:13 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Telegram Desktop
2019-10-10 16:44 - 2019-10-10 16:44 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2019-10-10 16:35 - 2019-10-10 16:35 - 000004522 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-10-10 16:35 - 2019-10-10 16:35 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Macromedia
2019-10-10 16:34 - 2019-10-10 16:37 - 000000000 ____D C:\Users\homeuser\AppData\Local\Adobe
2019-10-10 16:27 - 2019-10-10 18:12 - 000000000 ____D C:\Users\Public\BlueStacks
2019-10-10 16:27 - 2019-10-10 18:12 - 000000000 ____D C:\Users\homeuser\AppData\Local\BlueStacksSetup
2019-10-10 16:27 - 2019-10-10 18:12 - 000000000 ____D C:\Users\homeuser\AppData\Local\BlueStacks
2019-10-10 16:20 - 2019-10-10 16:20 - 000000000 ____D C:\Users\homeuser\Jeppesen
2019-10-10 16:17 - 2019-10-10 16:17 - 000000000 ____D C:\Users\homeuser\AppData\Local\Jeppesen
2019-10-10 16:06 - 2019-10-10 16:06 - 000002070 _____ C:\Users\Public\Desktop\CDA Monitor.lnk
2019-10-10 16:06 - 2019-10-10 16:06 - 000002070 _____ C:\ProgramData\Desktop\CDA Monitor.lnk
2019-10-10 16:05 - 2015-12-10 00:47 - 000124928 _____ (Jeppesen Sanderson, Inc.) C:\Windows\system32\JFPDView.dll
2019-10-10 16:04 - 2019-10-10 16:04 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Softland
2019-10-10 16:04 - 2019-10-10 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\novaPDF 7
2019-10-10 16:04 - 2019-10-10 16:04 - 000000000 ____D C:\Program Files\Softland
2019-10-10 16:04 - 2014-03-19 15:10 - 000029472 _____ (Softland) C:\Windows\system32\novamnk7.dll
2019-10-10 16:04 - 2014-03-19 15:10 - 000022304 _____ (Softland) C:\Windows\system32\novamik7.dll
2019-10-10 16:04 - 2014-01-10 15:43 - 000007549 _____ C:\Windows\system32\novak7.ctm
2019-10-10 16:03 - 2019-10-10 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jeppesen
2019-10-10 16:03 - 2019-10-10 16:03 - 000000000 ____D C:\ProgramData\Package Cache
2019-10-10 16:02 - 2019-10-10 16:06 - 000000000 ____D C:\Program Files (x86)\Jeppesen
2019-10-10 15:57 - 2019-10-10 21:06 - 000000000 ____D C:\ProgramData\Jeppesen
2019-10-10 15:57 - 2019-10-10 16:02 - 000000000 ____D C:\Users\Public\Documents\Jeppesen
2019-10-10 15:57 - 2019-10-10 16:02 - 000000000 ____D C:\ProgramData\Documents\Jeppesen
2019-10-10 15:23 - 2019-10-10 15:23 - 000000000 ____D C:\Windows\system32\Tasks\MEGA
2019-10-10 15:23 - 2019-10-10 15:23 - 000000000 ____D C:\Users\homeuser\AppData\Local\Mega Limited
2019-10-10 15:22 - 2019-10-10 15:22 - 000003642 _____ C:\Windows\system32\Tasks\CreateExplorerShellUnelevatedTask
2019-10-10 15:22 - 2019-10-10 15:22 - 000000799 _____ C:\Users\Public\Desktop\MEGAsync.lnk
2019-10-10 15:22 - 2019-10-10 15:22 - 000000799 _____ C:\ProgramData\Desktop\MEGAsync.lnk
2019-10-10 15:22 - 2019-10-10 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync
2019-10-10 15:22 - 2019-10-10 15:22 - 000000000 ____D C:\ProgramData\MEGAsync
2019-10-10 15:20 - 2019-10-10 19:21 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\WhatsApp
2019-10-10 15:20 - 2019-10-10 15:20 - 000002212 _____ C:\Users\homeuser\Desktop\WhatsApp.lnk
2019-10-10 15:20 - 2019-10-10 15:20 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2019-10-10 15:20 - 2019-10-10 15:20 - 000000000 ____D C:\Users\homeuser\AppData\Local\WhatsApp
2019-10-10 12:49 - 2019-10-10 12:49 - 000000000 ____D C:\ProgramData\Apple
2019-10-10 12:49 - 2019-10-10 12:49 - 000000000 ____D C:\Program Files\Bonjour
2019-10-10 12:49 - 2019-10-10 12:49 - 000000000 ____D C:\Program Files (x86)\Bonjour
2019-10-10 12:29 - 2019-10-10 12:29 - 000000000 ____D C:\Users\homeuser\AppData\Local\NVIDIA
2019-10-10 12:27 - 2019-10-10 06:10 - 000000000 ____D C:\Users\homeuser\AppData\Local\D3DSCache
2019-10-10 12:26 - 2019-10-10 12:26 - 000000000 ____D C:\Users\homeuser\AppData\Local\PeerDistRepub
2019-10-10 12:13 - 2019-10-10 12:14 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\ProcessLasso
2019-10-10 12:13 - 2019-10-10 12:13 - 000003106 _____ C:\Windows\system32\Tasks\Process Lasso Management Console (GUI)
2019-10-10 12:13 - 2019-10-10 12:13 - 000003096 _____ C:\Windows\system32\Tasks\Process Lasso Core Engine Only
2019-10-10 12:13 - 2019-10-10 12:13 - 000000000 ____D C:\ProgramData\ProcessLasso
2019-10-10 12:13 - 2019-10-10 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso Pro
2019-10-10 12:13 - 2019-10-10 12:13 - 000000000 ____D C:\Program Files\Process Lasso
2019-10-10 11:55 - 2019-10-10 11:56 - 000000000 ____D C:\Windows\system32\MRT
2019-10-10 11:55 - 2019-10-10 11:55 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-10-10 11:53 - 2019-10-10 11:58 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel Pro
2019-10-10 11:53 - 2019-10-10 11:53 - 025443840 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 019811840 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 018019840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 007015936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 006232064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 005915648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 004481536 _____ (Microsoft Corporation) C:\Windows\system32\DHolographicDisplay.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 004129616 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 003525592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-10-10 11:53 - 2019-10-10 11:53 - 002494440 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 002422592 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2019-10-10 11:53 - 2019-10-10 11:53 - 002314648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 002236144 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 002190864 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 002138472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2019-10-10 11:53 - 2019-10-10 11:53 - 001716752 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001611792 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001610752 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001510752 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001505320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001501712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001386000 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001297936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001273392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001244944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001152016 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001098712 _____ (Microsoft Corporation) C:\Windows\system32\DolbyDecMFT.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001043984 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001012792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000960512 _____ (Microsoft Corporation) C:\Windows\system32\assignedaccessmanagersvc.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000957240 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000952416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DolbyDecMFT.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000939008 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000904704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\opengl32.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000843776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000827408 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000816648 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000742912 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000741392 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000722944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapi.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000666128 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000659456 _____ (Microsoft Corporation) C:\Windows\system32\AssignedAccessManager.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000649016 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2019-10-10 11:53 - 2019-10-10 11:53 - 000537600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000524800 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000516544 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000502784 _____ C:\Windows\system32\AssignedAccessCsp.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000495120 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000417280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000394256 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000387832 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000376832 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapibase.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000258064 _____ (Microsoft Corporation) C:\Windows\system32\AppVFileSystemMetadata.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glu32.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000231440 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000228880 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamMap.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000202768 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamingUX.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000181776 _____ (Microsoft Corporation) C:\Windows\system32\AppVDllSurrogate.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000173072 _____ (Microsoft Corporation) C:\Windows\system32\AppVNice.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000145208 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000133632 _____ (Microsoft Corporation) C:\Windows\system32\appvetwclientres.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakrathunk.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvvmtransport.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iemigplugin.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\BdeUISrv.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000037904 _____ (Microsoft Corporation) C:\Windows\system32\SyncAppvPublishingServer.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000021816 _____ (Microsoft Corporation) C:\Windows\system32\ScriptRunner.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\appvetwstreamingux.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\TSErrRedir.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000001184 _____ C:\Users\homeuser\Desktop\Hard Disk Sentinel Pro.lnk
2019-10-10 11:53 - 2019-10-10 11:53 - 000000000 ____D C:\Windows\system32\Tasks\HardDiskSentinel
2019-10-10 11:53 - 2019-10-10 11:53 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel Pro
2019-10-10 11:53 - 2019-10-10 11:53 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Hard Disk Sentinel
2019-10-10 11:52 - 2019-10-10 11:53 - 019849216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 025900544 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 022628352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 017787392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 014816256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 009928504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 008010752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 007905000 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 007848192 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 007754240 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 007600664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 007263992 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 007195648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 006517640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 006425600 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 006227624 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 006164480 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 006084048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 005865272 _____ (Microsoft Corporation) C:\Windows\system32\spwizimg.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 005764872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 005105152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 005041664 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 004612520 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 004562688 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 004538880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 004046336 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 004012544 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003964056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 003947008 _____ (Microsoft Corporation) C:\Windows\system32\tellib.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003771392 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003742032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003727360 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 003701760 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003590968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 003553280 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003386880 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003184128 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003105280 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002861568 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002821120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002799616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 002772032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002762504 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-10-10 11:52 - 2019-10-10 11:52 - 002723328 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 002703360 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002590208 _____ C:\Windows\system32\dwmscene.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002552120 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002466304 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002456064 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002448712 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002284032 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002258856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002160640 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002132280 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002120704 _____ (Microsoft Corporation) C:\Windows\system32\WpcDesktopMonSvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002120272 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002114048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002095104 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002081976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002069504 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002000168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001957008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001952360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001942528 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001940952 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001913296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001857024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001847808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001845408 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001835008 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001830200 _____ (Microsoft Corporation) C:\Windows\system32\rdpserverbase.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001819136 _____ (Microsoft Corporation) C:\Windows\system32\CoreShell.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001788728 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001757096 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-10-10 11:52 - 2019-10-10 11:52 - 001748480 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001743672 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001730560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001721144 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001692160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001687040 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001664928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001664376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001657856 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001656392 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001616784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001616608 _____ (Microsoft Corporation) C:\Windows\system32\ttdrecordcpu.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001607680 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001563648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001562424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001543168 _____ (Microsoft Corporation) C:\Windows\system32\WindowManagement.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001512320 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 001482040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 001473488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001439744 _____ (Microsoft Corporation) C:\Windows\system32\usocoreworker.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 001413704 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001412096 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001394488 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 001383856 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001372160 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001366128 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-10-10 11:52 - 2019-10-10 11:52 - 001334064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ttdrecordcpu.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001319936 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001283072 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001263616 _____ (Microsoft Corporation) C:\Windows\system32\opengl32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001261800 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001217904 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 001214976 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001182240 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 001178816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001154656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001150240 _____ (Microsoft Corporation) C:\Windows\system32\InputHost.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001149712 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 001091584 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001084432 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001072952 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 001066496 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001054872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001047968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001036800 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001029432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ClipSp.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 001023128 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001009152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000984376 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000975872 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000950784 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000944664 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000931840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000923136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000923136 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000904208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000893952 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000890472 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000882688 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000880088 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000875008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000874296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000858112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000856576 _____ C:\Windows\system32\MBR2GPT.EXE
2019-10-10 11:52 - 2019-10-10 11:52 - 000844800 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000841216 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000839680 _____ (Microsoft Corporation) C:\Windows\system32\d3d9on12.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000833312 _____ (Microsoft Corporation) C:\Windows\system32\pkeyhelper.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000829536 _____ (Microsoft Corporation) C:\Windows\system32\BioIso.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000818688 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000792296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputHost.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000784384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000783480 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000775768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000774672 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000772656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000765440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000759488 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000758584 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000750080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.Search.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000735232 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000732176 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_StorageSense.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000717312 _____ (Microsoft Corporation) C:\Windows\system32\mousocoreworker.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000702464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.FileExplorer.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000691712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000679880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000674072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000673080 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000669496 _____ (Microsoft Corporation) C:\Windows\system32\computecore.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000656960 _____ (Microsoft Corporation) C:\Windows\system32\d3d11on12.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000652800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000647168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000639400 _____ (Microsoft Corporation) C:\Windows\system32\msvcp_win.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.Search.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000623104 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000617784 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000612864 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000606208 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000599040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000598024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000598016 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000596992 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000595456 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000589384 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000587776 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_PCDisplay.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000568336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000563200 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000558592 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Notifications.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000551952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Vid.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000551936 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000551424 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000546816 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000541696 _____ (Microsoft Corporation) C:\Windows\system32\ResourceMapper.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000541480 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000539648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9on12.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000533504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000531968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000530432 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000520192 _____ (Microsoft Corporation) C:\Windows\system32\usosvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000518656 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000516408 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000515896 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000513536 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000507704 _____ (Microsoft Corporation) C:\Windows\system32\spwizeng.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000507152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000501232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp_win.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000500736 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-10-10 11:52 - 2019-10-10 11:52 - 000496640 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000487576 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_enclave.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.FileExplorer.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000483328 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000476672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000476672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000466416 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000463272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000462136 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000457216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cldflt.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000456504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000452408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000450360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11on12.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000449888 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000448000 _____ (Microsoft Corporation) C:\Windows\system32\SettingsEnvironment.Desktop.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000442704 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000441144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000436536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000429568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000422008 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-10-10 11:52 - 2019-10-10 11:52 - 000415808 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000412152 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000404392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000398728 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\NotificationControllerPS.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000383984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000382976 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000380216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000379840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000375720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000363624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000359424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MbbCx.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000355840 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicSvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000355000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000342896 _____ (Microsoft Corporation) C:\Windows\system32\ttdwriter.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000334936 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\ComposableShellProxyStub.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000324408 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\dmenterprisediagnostics.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000315392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000300184 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000293344 _____ (Microsoft Corporation) C:\Windows\system32\cfgmgr32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\directxdatabaseupdater.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000285256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000284160 _____ (Microsoft Corporation) C:\Windows\system32\container.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000283688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ttdwriter.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000282112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.AppDefaults.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000278080 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000275968 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000275456 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_CapabilityAccess.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000268800 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000268288 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicCapsule.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\UpdateDeploymentProvider.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000252416 _____ (Microsoft Corporation) C:\Windows\system32\wpnservice.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\ManageCI.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000247856 _____ (Microsoft Corporation) C:\Windows\system32\weretw.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Gpu.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000236520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000235008 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000231936 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000227840 _____ (Microsoft Corporation) C:\Windows\system32\IndexedDbLegacy.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000225080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wof.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000224768 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2019-10-10 11:52 - 2019-10-10 11:52 - 000224256 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000223032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000221696 _____ (Microsoft Corporation) C:\Windows\system32\dxgiadaptercache.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000220472 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000210744 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000208184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000206336 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000202040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000201728 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000201016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000199480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000199480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\Win32CompatibilityAppraiserCSP.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\container.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000193592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\weretw.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-10-10 11:52 - 2019-10-10 11:52 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000179512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000178176 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000176440 _____ (Microsoft Corporation) C:\Windows\system32\uxlib.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000176152 _____ (Microsoft Corporation) C:\Windows\system32\imm32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000173568 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\SpatialAudioLicenseSrv.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000165832 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000163328 _____ (Microsoft Corporation) C:\Windows\system32\glu32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000162304 _____ (Microsoft Corporation) C:\Windows\system32\fwbase.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000159112 _____ (Microsoft Corporation) C:\Windows\system32\devobj.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ComposableShellProxyStub.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000155648 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_AppExecutionAlias.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000152408 _____ (Microsoft Corporation) C:\Windows\system32\KerbClientShared.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000151568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_BackgroundApps.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000150328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SpatialAudioLicenseSrv.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000140496 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\Chakrathunk.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prntvpt.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000137864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000137728 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_ForceSync.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000132408 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000132096 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinAUG.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000127064 _____ (Microsoft Corporation) C:\Windows\system32\win32u.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000125232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KerbClientShared.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\ApplicationControlCSP.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000122880 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000121856 _____ (Microsoft Corporation) C:\Windows\system32\updatecsp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000119840 _____ (Microsoft Corporation) C:\Windows\system32\OpenWith.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000117048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000116904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\EaseOfAccessDialog.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000110080 _____ C:\Windows\system32\ResBParser.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\CoreShellExtFramework.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000105832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpenWith.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000105272 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000100664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmcl.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000093712 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000093184 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000092624 _____ (Microsoft Corporation) C:\Windows\system32\taskhostw.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EaseOfAccessDialog.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000089544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32u.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicAgent.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000088352 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000084496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\rdvvmtransport.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000079376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\uaspstor.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\CustomInstallExec.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\tetheringclient.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000073024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\dwm.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000066832 _____ (Microsoft Corporation) C:\Windows\system32\iumcrypt.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollCtrl.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidspi.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\AssignedAccessRuntime.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\devrtl.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\audioresourceregistrar.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\pnppolicy.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000053248 _____ C:\Windows\system32\Drivers\UsbPmApi.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000052752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\tetheringconfigsp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollCtrl.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000047616 _____ C:\Windows\system32\UsbPmApi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AssignedAccessRuntime.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000047000 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cellulardatacapabilityhandler.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000043536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\WiredNetworkCSP.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000039304 _____ (Microsoft Corporation) C:\Windows\system32\NtlmShared.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000037176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\IcsEntitlementHost.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\enrollmentapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000033048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NtlmShared.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000028936 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspipe.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicPS.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000027648 _____ (Microsoft Corporation) C:\Windows\system32\Win32_DeviceGuard.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\CSystemEventsBrokerClient.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000021544 _____ (Microsoft Corporation) C:\Windows\system32\kdhvcom.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000020944 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\wmsgapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\bindflt.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000016696 _____ (Microsoft Corporation) C:\Windows\system32\spwizres.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\d3d8thk.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDJPN.DLL
2019-10-10 11:52 - 2019-10-10 11:52 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\pacjsworker.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000011576 _____ (Microsoft Corporation) C:\Windows\system32\uxlibres.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbd106.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCertResources.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000003584 _____ (Microsoft Corporation) C:\Windows\system32\TpmCertResources.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tier2punctuations.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2019-10-10 11:48 - 2019-09-20 07:36 - 000492544 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-10-10 11:48 - 2019-09-20 07:14 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-10-10 11:47 - 2019-10-10 11:47 - 000741432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-10-10 11:44 - 2019-10-10 21:06 - 000000000 ____D C:\ProgramData\NVIDIA
2019-10-10 11:44 - 2019-10-10 11:45 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-10-10 11:44 - 2019-10-10 11:44 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-10-10 11:44 - 2019-10-10 11:44 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-10-10 11:44 - 2019-09-05 22:49 - 005468144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-10-10 11:44 - 2019-09-05 22:49 - 002634608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-10-10 11:44 - 2019-09-05 22:49 - 001767920 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-10-10 11:44 - 2019-09-05 22:49 - 000654320 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-10-10 11:44 - 2019-09-05 22:49 - 000450600 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-10-10 11:44 - 2019-09-05 22:49 - 000125240 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-10-10 11:44 - 2019-09-05 22:49 - 000082800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-10-10 11:44 - 2019-09-05 04:04 - 008709382 _____ C:\Windows\system32\nvcoproc.bin
2019-10-10 11:44 - 2019-08-01 16:07 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-10-10 11:43 - 2019-09-06 21:29 - 001012432 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-10-10 11:43 - 2019-09-06 21:29 - 001012432 _____ C:\Windows\system32\vulkan-1.dll
2019-10-10 11:43 - 2019-09-06 21:29 - 000876240 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-10-10 11:43 - 2019-09-06 21:29 - 000876240 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-10-10 11:43 - 2019-09-06 21:29 - 000447368 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-10-10 11:43 - 2019-09-06 21:29 - 000351944 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-10-10 11:43 - 2019-09-06 21:29 - 000301264 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-10-10 11:43 - 2019-09-06 21:29 - 000301264 _____ C:\Windows\system32\vulkaninfo.exe
2019-10-10 11:43 - 2019-09-06 21:29 - 000273104 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-10-10 11:43 - 2019-09-06 21:29 - 000273104 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-10-10 11:43 - 2019-09-06 21:28 - 011562376 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-10-10 11:43 - 2019-09-06 21:28 - 009937104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 002051008 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 001550080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 001477512 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 001247432 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 001140616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 000959424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 000812800 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 000676096 _____ C:\Windows\system32\nvofapi64.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 000658880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 000632768 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 000544648 _____ C:\Windows\SysWOW64\nvofapi.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 000524168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 040444856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 035334536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 017300360 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 014921096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 005358472 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 004696968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 001726400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6443630.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 001491336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6443630.dll
2019-10-10 11:43 - 2019-09-06 18:24 - 005002192 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-10-10 11:43 - 2019-09-06 18:24 - 004263840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-10-10 11:43 - 2019-09-06 00:19 - 000054700 _____ C:\Windows\system32\nvinfo.pb
2019-10-10 11:42 - 2019-10-10 11:42 - 000003206 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2019-10-10 11:42 - 2019-10-10 11:42 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-10-10 11:42 - 2019-10-10 11:42 - 000000000 ___RD C:\Users\Default\OneDrive
2019-10-10 11:42 - 2019-10-10 11:42 - 000000000 ___RD C:\Users\Default User\OneDrive
2019-10-10 11:42 - 2019-10-10 11:42 - 000000000 ___HD C:\OneDriveTemp
2019-10-10 11:41 - 2019-10-10 14:32 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2019-10-10 11:41 - 2019-10-10 11:44 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-10-10 11:28 - 2019-10-10 11:28 - 000000000 ____D C:\Users\homeuser\AppData\Local\OneDrive
2019-10-10 11:20 - 2019-10-10 11:33 - 000000000 ____D C:\ProgramData\DisplayDriverUninstaller
2019-10-10 11:17 - 2019-10-10 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-10-10 11:17 - 2019-10-10 11:17 - 000000000 ____D C:\Program Files (x86)\7-Zip
2019-10-10 10:50 - 2019-10-10 20:54 - 000000000 ____D C:\Users\homeuser\AppData\Local\BitTorrentHelper
2019-10-10 10:50 - 2019-10-10 11:51 - 000000000 ____D C:\Temp torrents
2019-10-10 10:27 - 2019-03-18 15:20 - 008628736 _____ (Microsoft Corporation) C:\Windows\system32\prm0019.dll
2019-10-10 10:26 - 2019-10-09 21:18 - 000002317 _____ C:\Users\homeuser\Documents\indexfile.txt
2019-10-10 10:23 - 2019-10-10 21:13 - 000000000 ____D C:\Users\homeuser\AppData\LocalLow\Mozilla
2019-10-10 10:23 - 2019-10-10 10:23 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-10-10 10:23 - 2019-10-10 10:23 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-10-10 10:23 - 2019-10-10 10:23 - 000000993 _____ C:\ProgramData\Desktop\Firefox.lnk
2019-10-10 10:23 - 2019-10-10 10:23 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Mozilla
2019-10-10 10:23 - 2019-10-10 10:23 - 000000000 ____D C:\Users\homeuser\AppData\Local\Mozilla
2019-10-10 10:23 - 2019-10-10 10:23 - 000000000 ____D C:\ProgramData\Mozilla
2019-10-10 10:23 - 2019-10-10 10:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-10 10:23 - 2019-10-10 10:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-10-10 10:19 - 2019-10-10 10:19 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Google
2019-10-10 10:16 - 2019-10-10 10:16 - 000001635 _____ C:\Users\Public\Desktop\Total Commander HomeUser v71.lnk
2019-10-10 10:16 - 2019-10-10 10:16 - 000001635 _____ C:\ProgramData\Desktop\Total Commander HomeUser v71.lnk
2019-10-10 10:16 - 2019-10-10 10:16 - 000000777 _____ C:\Users\Public\Desktop\Total Commander PowerUser v71.lnk
2019-10-10 10:16 - 2019-10-10 10:16 - 000000777 _____ C:\ProgramData\Desktop\Total Commander PowerUser v71.lnk
2019-10-10 10:16 - 2019-10-10 10:16 - 000000000 ____D C:\Users\Public\Desktop\TC PU Programs
2019-10-10 10:16 - 2019-10-10 10:16 - 000000000 ____D C:\ProgramData\Desktop\TC PU Programs
2019-10-10 10:16 - 2019-08-29 15:36 - 000286208 _____ C:\Windows\SysWOW64\lame_enc.dll
2019-10-10 10:16 - 2014-01-13 04:46 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2019-10-10 10:16 - 2009-12-29 23:27 - 000503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2019-10-10 10:16 - 2009-12-29 23:27 - 000487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCP70.DLL
2019-10-10 10:16 - 2009-12-29 23:27 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2019-10-10 10:15 - 2019-10-10 10:22 - 000000000 ____D C:\Users\homeuser\AppData\Local\Google
2019-10-10 10:15 - 2019-10-10 10:15 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-10 10:15 - 2019-10-10 10:15 - 000002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-10-10 10:15 - 2019-10-10 10:15 - 000002332 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-10-10 10:14 - 2019-10-10 10:14 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-10 10:14 - 2019-10-10 10:14 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-10 10:14 - 2019-10-10 10:14 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-10 10:13 - 2019-10-10 10:13 - 000000000 ___HD C:\Users\homeuser\MicrosoftEdgeBackups
2019-10-10 10:12 - 2019-10-10 10:23 - 000000000 ____D C:\TCPU71
2019-10-10 10:09 - 2019-10-10 05:54 - 000000000 ____D C:\Windows\Panther
2019-10-10 09:58 - 2019-10-10 07:19 - 000000000 ____D C:\Users\homeuser\AppData\Local\PlaceholderTileLogoFolder
2019-10-10 09:55 - 2019-10-10 21:06 - 000000000 ____D C:\ProgramData\Bigfoot Networks
2019-10-10 09:55 - 2019-10-10 20:14 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-10-10 09:55 - 2019-10-10 09:55 - 000002311 _____ C:\Users\Public\Desktop\Bigfoot Networks Killer Network Manager.lnk
2019-10-10 09:55 - 2019-10-10 09:55 - 000002311 _____ C:\ProgramData\Desktop\Bigfoot Networks Killer Network Manager.lnk
2019-10-10 09:55 - 2019-10-10 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bigfoot Networks
2019-10-10 09:55 - 2019-10-10 09:55 - 000000000 ____D C:\Program Files\Bigfoot Networks
2019-10-10 09:53 - 2019-10-10 09:53 - 000000000 ____D C:\Program Files (x86)\Intel
2019-10-10 09:53 - 2010-03-02 11:04 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2019-10-10 09:52 - 2019-10-10 09:52 - 000000000 ____D C:\Intel
2019-10-10 09:48 - 2019-10-10 18:09 - 000001134 _____ C:\Windows\system32\config\VSMIDK
2019-10-10 09:45 - 2019-10-10 10:17 - 000000000 ____D C:\ProgramData\Packages
2019-10-10 09:41 - 2019-10-10 11:08 - 000000000 ____D C:\Users\homeuser\AppData\Local\Comms
2019-10-10 09:37 - 2019-10-10 21:26 - 000000000 ___RD C:\Users\homeuser\OneDrive
2019-10-10 09:36 - 2019-10-10 14:32 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-10-10 09:36 - 2019-10-10 10:13 - 000000000 ____D C:\Users\homeuser\AppData\Local\MicrosoftEdge
2019-10-10 09:36 - 2019-10-10 09:36 - 000001450 _____ C:\Users\homeuser\Desktop\Microsoft Edge.lnk
2019-10-10 09:35 - 2019-10-10 16:37 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Adobe
2019-10-10 09:35 - 2019-10-10 16:21 - 000000000 ____D C:\Users\homeuser\AppData\Local\Packages
2019-10-10 09:35 - 2019-10-10 12:01 - 000000000 ___RD C:\Users\homeuser\3D Objects
2019-10-10 09:35 - 2019-10-10 11:27 - 000000000 ____D C:\Users\homeuser\AppData\Local\ConnectedDevicesPlatform
2019-10-10 09:35 - 2019-10-10 10:17 - 000000000 ____D C:\Users\homeuser\AppData\Local\Publishers
2019-10-10 09:35 - 2019-10-10 09:35 - 000000000 ____D C:\Users\homeuser\AppData\Local\VirtualStore
2019-10-10 09:35 - 2019-10-10 07:21 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-10-10 09:34 - 2019-10-10 20:58 - 000000000 ____D C:\Users\homeuser
2019-10-10 09:34 - 2019-10-10 09:34 - 000000020 ___SH C:\Users\homeuser\ntuser.ini
2019-10-10 09:33 - 2019-10-10 21:12 - 000795988 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-10 09:30 - 2019-10-10 09:30 - 000000000 ____D C:\Windows\CSC
2019-10-10 09:30 - 2019-10-10 09:30 - 000000000 ____D C:\ProgramData\USOShared
2019-10-10 09:30 - 2019-09-09 20:47 - 002874368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2019-10-10 09:28 - 2019-10-10 20:50 - 000000000 ____D C:\Windows\minidump
2019-10-10 09:28 - 2019-10-10 09:28 - 000000000 _SHDL C:\Documents and Settings
2019-10-10 09:11 - 2019-10-10 21:06 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-10-10 09:11 - 2019-10-10 12:10 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-10-10 09:11 - 2019-10-10 09:11 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-10-10 09:10 - 2019-10-10 20:43 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-10-10 09:10 - 2019-10-10 09:10 - 000000000 ____D C:\Windows\ServiceProfiles
2019-10-10 08:21 - 2019-10-10 08:21 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FxSound Enhancer
2019-10-10 08:21 - 2019-10-10 08:21 - 000000000 ____D C:\Users\homeuser\AppData\Local\DFX
2019-10-10 08:21 - 2019-10-10 08:21 - 000000000 ____D C:\Program Files (x86)\DFX
2019-10-10 08:14 - 2019-10-10 08:14 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2019-10-10 08:14 - 2019-10-10 08:14 - 000000000 ____D C:\Program Files\Realtek
2019-10-10 08:14 - 2019-10-10 08:14 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-10-10 08:14 - 2017-06-29 18:55 - 003509256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 003507688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 001347136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000914016 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000768808 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000691680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000642920 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000577832 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000410032 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000221960 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000209528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000110976 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2019-10-10 08:14 - 2017-06-29 18:54 - 004059960 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2019-10-10 08:14 - 2017-06-29 18:54 - 000330552 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2019-10-10 08:14 - 2017-06-29 18:52 - 005826560 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2019-10-10 08:14 - 2017-06-29 18:52 - 003677160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2019-10-10 08:14 - 2017-06-29 18:52 - 003205120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2019-10-10 08:14 - 2017-06-29 18:52 - 000574752 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2019-10-10 08:14 - 2017-06-29 18:52 - 000118592 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2019-10-10 08:14 - 2017-06-29 18:51 - 002210304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2019-10-10 08:14 - 2017-06-29 18:51 - 002050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2019-10-10 08:14 - 2017-06-29 18:51 - 000041088 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt64.sys
2019-10-10 08:14 - 2017-06-29 18:51 - 000023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2019-10-10 08:14 - 2017-06-29 18:50 - 000122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2019-10-10 08:14 - 2017-06-29 03:05 - 012334923 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2019-10-10 08:14 - 2017-06-29 03:05 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2019-10-10 08:14 - 2016-09-22 14:55 - 002839520 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2019-10-10 07:35 - 2019-10-10 08:15 - 000000000 ___HD C:\Program Files (x86)\Temp
2019-10-10 07:28 - 2019-10-10 17:10 - 000000000 ____D C:\Users\homeuser\AppData\Local\ElevatedDiagnostics
2019-10-10 07:23 - 2019-10-10 07:23 - 000000000 ____D C:\Windows\pss
2019-10-10 06:56 - 2019-10-10 19:15 - 000000000 ____D C:\Program Files\Common Files\logishrd
2019-10-10 06:44 - 2019-10-10 06:44 - 000036408 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2019-10-10 06:43 - 2019-10-10 06:43 - 000000000 ____D C:\SysinternalsSuite
2019-10-10 06:38 - 2019-10-10 08:23 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\vlc
2019-10-10 06:38 - 2019-10-10 06:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-10-10 06:37 - 2019-10-10 06:37 - 000000000 ____D C:\Program Files\VideoLAN
2019-10-10 06:33 - 2019-10-10 21:06 - 000000000 ____D C:\Program Files\Core Temp
2019-10-10 06:33 - 2019-10-10 06:33 - 000002914 _____ C:\Windows\system32\Tasks\Core Temp Autostart homeuser
2019-10-10 06:33 - 2019-10-10 06:33 - 000000989 _____ C:\Users\homeuser\Desktop\Core Temp.lnk
2019-10-10 06:33 - 2019-10-10 06:33 - 000000067 _____ C:\Users\homeuser\Desktop\Core Temp Gadget & Addons.url
2019-10-10 06:33 - 2019-10-10 06:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2019-10-10 06:30 - 2019-10-10 06:30 - 000000000 ____D C:\Users\homeuser\AppData\Local\Apps\2.0
2019-10-10 06:23 - 2019-10-10 06:23 - 000003122 _____ C:\Windows\system32\Tasks\ParkControl
2019-10-10 06:23 - 2019-10-10 06:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParkControl
2019-10-10 06:23 - 2019-10-10 06:23 - 000000000 ____D C:\Program Files\ParkControl
2019-10-10 05:56 - 2019-10-10 05:56 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
2019-10-10 05:50 - 2019-10-10 05:54 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Wise Disk Cleaner
2019-10-10 05:50 - 2019-10-10 05:50 - 000001277 _____ C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2019-10-10 05:50 - 2019-10-10 05:50 - 000001277 _____ C:\ProgramData\Desktop\Wise Disk Cleaner.lnk
2019-10-10 05:50 - 2019-10-10 05:50 - 000000000 ____D C:\Windows\system32\Tasks\WiseCleaner
2019-10-10 05:50 - 2019-10-10 05:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner
2019-10-10 05:50 - 2019-10-10 05:50 - 000000000 ____D C:\Program Files (x86)\Wise
2019-10-10 05:46 - 2019-10-10 05:46 - 000000000 ____D C:\AdwCleaner
2019-10-10 05:44 - 2019-10-10 05:44 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-10-10 05:39 - 2019-10-10 05:44 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-10-10 05:39 - 2019-10-10 05:39 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-10-10 05:39 - 2019-10-10 05:39 - 000001912 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-10-10 05:39 - 2019-10-10 05:39 - 000000000 ____D C:\Users\homeuser\AppData\Local\mbamtray
2019-10-10 05:39 - 2019-10-10 05:39 - 000000000 ____D C:\Users\homeuser\AppData\Local\mbam
2019-10-10 05:39 - 2019-10-10 05:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-10-10 05:39 - 2019-10-10 05:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-10-10 05:39 - 2019-10-10 05:39 - 000000000 ____D C:\Program Files\Malwarebytes
2019-10-10 05:39 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-10-10 04:18 - 2019-10-10 15:20 - 000000000 ____D C:\Users\homeuser\AppData\Local\SquirrelTemp
2019-10-10 04:18 - 2019-10-10 04:33 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Discord
2019-10-10 04:18 - 2019-10-10 04:18 - 000002248 _____ C:\Users\homeuser\Desktop\Discord.lnk
2019-10-10 04:18 - 2019-10-10 04:18 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-10-10 04:18 - 2019-10-10 04:18 - 000000000 ____D C:\Users\homeuser\AppData\Local\Discord
2019-10-10 04:18 - 2019-10-10 04:18 - 000000000 ____D C:\ProgramData\SquirrelMachineInstalls
2019-10-10 03:28 - 2019-10-10 03:59 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Acronis
2019-10-10 03:27 - 2019-10-10 14:50 - 000000000 ____D C:\ProgramData\Acronis
2019-10-10 03:27 - 2019-10-10 04:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2019-10-10 03:27 - 2019-10-10 04:10 - 000000000 ____D C:\Program Files (x86)\Acronis
2019-10-10 03:27 - 2019-10-10 03:27 - 000883256 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000693768 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tnd.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000687768 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_protector.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000390592 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_tracker.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000371144 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000330176 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\virtual_file.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000243472 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\volume_tracker.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000182832 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000171968 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000001286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image.lnk
2019-10-10 03:27 - 2019-10-10 03:27 - 000001274 _____ C:\Users\Public\Desktop\Acronis True Image.lnk
2019-10-10 03:27 - 2019-10-10 03:27 - 000001274 _____ C:\ProgramData\Desktop\Acronis True Image.lnk
2019-10-10 03:27 - 2019-10-10 03:27 - 000000000 ____D C:\ProgramData\Acronis Mobile Backup Data
2019-10-10 03:10 - 2019-10-10 18:10 - 000000208 _____ C:\Windows\SysWOW64\AbBakConfig.dat
2019-10-10 03:10 - 2019-10-10 18:10 - 000000150 _____ C:\Windows\SysWOW64\winsevr.dat
2019-10-10 03:10 - 2019-10-10 14:58 - 000001024 ____H C:\SYSTAG.BIN
2019-10-10 03:10 - 2019-10-10 03:10 - 000000000 ____D C:\ProgramData\Aomei
2019-10-10 03:09 - 2019-10-10 21:06 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2019-10-10 03:09 - 2019-10-10 03:10 - 000001130 _____ C:\Users\Public\Desktop\AOMEI Backupper.lnk
2019-10-10 03:09 - 2019-10-10 03:10 - 000001130 _____ C:\ProgramData\Desktop\AOMEI Backupper.lnk
2019-10-10 03:09 - 2019-10-10 03:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2019-10-10 03:09 - 2017-09-01 18:12 - 000038320 _____ C:\Windows\system32\amwrtdrv.sys
2019-10-10 03:09 - 2016-12-21 22:54 - 000051120 _____ C:\Windows\system32\ambakdrv.sys
2019-10-10 03:09 - 2016-12-21 22:52 - 000171952 _____ C:\Windows\system32\ammntdrv.sys
2019-10-10 03:08 - 2019-10-10 14:55 - 000000000 ____D C:\ProgramData\AomeiBR

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-10 21:12 - 2019-03-19 07:50 - 000000000 ____D C:\Windows\INF
2019-10-10 21:06 - 2019-03-19 07:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-10 21:05 - 2019-03-19 07:37 - 000524288 _____ C:\Windows\system32\config\BBI
2019-10-10 20:52 - 2019-03-19 07:37 - 000000000 ____D C:\Windows\CbsTemp
2019-10-10 20:39 - 2019-03-19 07:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-10-10 16:35 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-10-10 16:35 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\Macromed
2019-10-10 16:21 - 2019-03-19 07:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-10 16:21 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\AppReadiness
2019-10-10 12:10 - 2019-03-19 07:52 - 000000000 ____D C:\Program Files\Windows Defender
2019-10-10 11:59 - 2019-03-19 09:23 - 000000000 ___SD C:\Windows\system32\AppV
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ___RD C:\Windows\PrintDialog
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\SysWOW64\oobe
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\SystemResources
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\WinMetadata
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\oobe
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\migwiz
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\Dism
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\bcastdvr
2019-10-10 11:55 - 2019-03-19 07:37 - 000000000 ____D C:\Windows\servicing
2019-10-10 11:44 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\Help
2019-10-10 10:27 - 2019-03-19 09:22 - 000000000 ____D C:\Windows\OCR
2019-10-10 10:08 - 2019-03-19 07:49 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-10-10 09:46 - 2019-03-19 07:52 - 000000000 ____D C:\ProgramData\USOPrivate
2019-10-10 09:45 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\ServiceState
2019-10-10 09:34 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2019-10-10 09:30 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\spool
2019-10-10 09:30 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-10-10 09:11 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\appcompat
2019-10-10 09:11 - 2019-03-19 07:37 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-10-10 09:10 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\LiveKernelReports
2019-10-10 05:54 - 2019-03-19 07:52 - 000000000 ___SD C:\Windows\Downloaded Program Files

==================== Files in the root of some directories ================

2019-10-10 19:48 - 2019-10-10 19:48 - 006932282 _____ () C:\Users\homeuser\AppData\Roaming\uTorrent.7z

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
 
and for sure UTORRENT.7Z that detected is not malware!

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/10/19
Scan Time: 9:46 PM
Log File: 488f8d1c-eb8e-11e9-be78-00190304eb4b.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.629
Update Package Version: 1.0.12845
License: Trial

-System Information-
OS: Windows 10 (Build 18362.418)
CPU: x64
File System: NTFS
User: SIMPC\homeuser

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 272924
Threats Detected: 19
Threats Quarantined: 0
Time Elapsed: 1 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.MailRu, C:\USERS\HOMEUSER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, [254], [716220],1.0.12845
PUP.Optional.MailRu, C:\USERS\HOMEUSER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, [254], [454830],1.0.12845

File: 17
PUP.Optional.MailRu, C:\USERS\HOMEUSER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S2CCSXUM.DEFAULT-RELEASE\PREFS.JS, No Action By User, [254], [382918],1.0.12845
Generic.Malware/Suspicious, C:\USERS\HOMEUSER\APPDATA\ROAMING\UTORRENT.7Z, No Action By User, [0], [392686],1.0.12845
PUP.Optional.MailRu, C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, No Action By User, [254], [716220],1.0.12845
PUP.Optional.MailRu, C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000037.ldb, No Action By User, [254], [716220],1.0.12845
PUP.Optional.MailRu, C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000038.log, No Action By User, [254], [716220],1.0.12845
PUP.Optional.MailRu, C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000039.ldb, No Action By User, [254], [716220],1.0.12845
PUP.Optional.MailRu, C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, [254], [716220],1.0.12845
PUP.Optional.MailRu, C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, [254], [716220],1.0.12845
PUP.Optional.MailRu, C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, [254], [716220],1.0.12845
PUP.Optional.MailRu, C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, [254], [716220],1.0.12845
PUP.Optional.MailRu, C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, No Action By User, [254], [716220],1.0.12845
PUP.Optional.MailRu, C:\USERS\HOMEUSER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [254], [716220],1.0.12845
PUP.Optional.MailRu, C:\USERS\HOMEUSER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [254], [454830],1.0.12845
Generic.Malware/Suspicious, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\TC PU Programs\uTorrent.lnk, No Action By User, [0], [392686],1.0.12845
Generic.Malware/Suspicious, C:\USERS\PUBLIC\DESKTOP\TC PU Programs\uTorrent.lnk, No Action By User, [0], [392686],1.0.12845
Generic.Malware/Suspicious, C:\TCPU71\PROGRAMM\UTORRENT\UTORRENT.EXE, No Action By User, [0], [392686],1.0.12845
PUP.Optional.MailRu, C:\USERS\HOMEUSER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [254], [454830],1.0.12845

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-05-2019
# Database: 2019-10-03.2 (Cloud)
# Support: Customer Support & Help Center
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-10-2019
# Duration: 00:00:36
# OS: Windows 10 Pro
# Scanned: 35164
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

PUP.Optional.Legacy oursurfing.com
PUP.Optional.Legacy oursurfing.com

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner_Debug.log - [5603 octets] - [10/10/2019 05:46:49]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########



(end)
 
Last edited:
1. Regarding Avast, the only program I'm aware of that installs it as a "pre-checked option" is CCleaner and that isn't shown as having been installed here as it was in your previous thread.

2. Moving on to µTorrent , Windows Defender has been targeting it since 2017: PUA:Win32/Utorrent threat description - Microsoft Security Intelligence. You should also note that Malwarebytes also listed in the log you posted as malware. Taking it further, NOD32, Sophos, TrendMicro, and others also detect uTorrent has dangerous. As I have posted many times over the years describing P2P:

P2P programs form a direct conduit on to your computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

With P2P file sharing, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files.
Click to expand...

3. For the above reasons, I strongly suggest µTorrent be removed from your computer. If you agree, I will include it in the script. If you do not agree, I'll prepare instructions without including it. Either way, I'd like to take some time to carefully review the logs.

Please let me know..
 
Corrine said:
1. Regarding Avast, the only program I'm aware of that installs it as a "pre-checked option" is CCleaner and that isn't shown as having been installed here as it was in your previous thread.

2. Moving on to µTorrent , Windows Defender has been targeting it since 2017: PUA:Win32/Utorrent threat description - Microsoft Security Intelligence. You should also note that Malwarebytes also listed in the log you posted as malware. Taking it further, NOD32, Sophos, TrendMicro, and others also detect uTorrent has dangerous. As I have posted many times over the years describing P2P:



3. For the above reasons, I strongly suggest µTorrent be removed from your computer. If you agree, I will include it in the script. If you do not agree, I'll prepare instructions without including it. Either way, I'd like to take some time to carefully review the logs.

Please let me know..
Click to expand...
Sandboxie
ok let`s do with µTorrent for now but i`am thinking about to move and run it in Sandboxie
 
If you "insist" ;) on using it, running it in Sandboxie would be a safer option. I've also included the Avast files in the cleanup. Something for you to consider, since you have Wise Disk Cleaner, you may wish to uninstall Reg Organizer. System optimizers more often than not can cause more damage than good.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ".
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> no filepath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [TCP Query User{BDAAF491-AE55-4EDA-B015-A51715897772}E:\utorrent pro 3.5.5 (build 45271) portable by sanlex+оптим.файл.кеш\utorrent pro 3.5.5 (build 45271) portable by sanlex\utorrent 3.5.5 build 45271.exe] => (Allow) E:\utorrent pro 3.5.5 (build 45271) portable by sanlex+оптим.файл.кеш\utorrent pro 3.5.5 (build 45271) portable by sanlex\utorrent 3.5.5 build 45271.exe No File
FirewallRules: [UDP Query User{E2B5FEFB-1745-4B24-8312-9BC669979F83}E:\utorrent pro 3.5.5 (build 45271) portable by sanlex+оптим.файл.кеш\utorrent pro 3.5.5 (build 45271) portable by sanlex\utorrent 3.5.5 build 45271.exe] => (Allow) E:\utorrent pro 3.5.5 (build 45271) portable by sanlex+оптим.файл.кеш\utorrent pro 3.5.5 (build 45271) portable by sanlex\utorrent 3.5.5 build 45271.exe No File
FirewallRules: [{9FDECF34-9E49-4073-99FF-FCF05B1E0069}] => (Allow) C:\Users\homeuser\AppData\Local\Temp\69358107-F3E5-4E26-A675-A251EF4201DB\ga_service.exe No File
FirewallRules: [TCP Query User{515B0F46-C534-4777-BA19-3C5A6F792290}C:\users\homeuser\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\homeuser\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [UDP Query User{9CC834BB-51F5-4F11-848E-42D10CC26041}C:\users\homeuser\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\homeuser\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [{C20A5254-DFD2-4D25-8C07-DFE8EF4B7B3C}] => (Allow) C:\Users\homeuser\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [{7D01DF43-FA07-49C4-A881-BE7C89D03BD3}] => (Allow) C:\Users\homeuser\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {4A8AEADC-3406-4AD2-AD38-98E8D10B2AE2} - System32\Tasks\ParkControl => C:\Program Files\ParkControl\parkcontrol.exe [709512 2019-08-15] (Bitsum LLC -> Bitsum LLC) <==== ATTENTION
C:\Program Files\ParkControl
Task: {A94960AA-AA95-4193-B93A-97491B8239DD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-10-10] () [File not signed]
R3 ALSysIO; C:\Users\homeuser\AppData\Local\Temp\ALSysIO64.sys [47240 2019-10-10] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
C:\Windows\system32\Tasks\Avast Software
C:\Program Files\Common Files\AVAST Software
C:\ProgramData\AVAST Software
C:\Users\homeuser\AppData\Roaming\uTorrent.7z
C:\Users\homeuser\AppData\Roaming\uTorrent
C:\Users\homeuser\AppData\Local\BitTorrentHelper
C:\Windows\system32\Tasks\ParkControl
C:\Program Files\ParkControl
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.
 
Last edited:
to be quite honest there is no critical data on this computer and I'm not Donald Trump or Vladimir Putin to fear hacking or leaks so much 😅

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-10-2019 01
Ran by homeuser (11-10-2019 15:21:39) Run:1
Running from C:\Users\homeuser\Desktop\FRST
Loaded Profiles: homeuser (Available Profiles: homeuser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> no filepath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [TCP Query User{BDAAF491-AE55-4EDA-B015-A51715897772}E:\utorrent pro 3.5.5 (build 45271) portable by sanlex+оптим.файл.кеш\utorrent pro 3.5.5 (build 45271) portable by sanlex\utorrent 3.5.5 build 45271.exe] => (Allow) E:\utorrent pro 3.5.5 (build 45271) portable by sanlex+оптим.файл.кеш\utorrent pro 3.5.5 (build 45271) portable by sanlex\utorrent 3.5.5 build 45271.exe No File
FirewallRules: [UDP Query User{E2B5FEFB-1745-4B24-8312-9BC669979F83}E:\utorrent pro 3.5.5 (build 45271) portable by sanlex+оптим.файл.кеш\utorrent pro 3.5.5 (build 45271) portable by sanlex\utorrent 3.5.5 build 45271.exe] => (Allow) E:\utorrent pro 3.5.5 (build 45271) portable by sanlex+оптим.файл.кеш\utorrent pro 3.5.5 (build 45271) portable by sanlex\utorrent 3.5.5 build 45271.exe No File
FirewallRules: [{9FDECF34-9E49-4073-99FF-FCF05B1E0069}] => (Allow) C:\Users\homeuser\AppData\Local\Temp\69358107-F3E5-4E26-A675-A251EF4201DB\ga_service.exe No File
FirewallRules: [TCP Query User{515B0F46-C534-4777-BA19-3C5A6F792290}C:\users\homeuser\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\homeuser\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [UDP Query User{9CC834BB-51F5-4F11-848E-42D10CC26041}C:\users\homeuser\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\homeuser\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [{C20A5254-DFD2-4D25-8C07-DFE8EF4B7B3C}] => (Allow) C:\Users\homeuser\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [{7D01DF43-FA07-49C4-A881-BE7C89D03BD3}] => (Allow) C:\Users\homeuser\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {4A8AEADC-3406-4AD2-AD38-98E8D10B2AE2} - System32\Tasks\ParkControl => C:\Program Files\ParkControl\parkcontrol.exe [709512 2019-08-15] (Bitsum LLC -> Bitsum LLC) <==== ATTENTION
C:\Program Files\ParkControl
Task: {A94960AA-AA95-4193-B93A-97491B8239DD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-10-10] () [File not signed]
R3 ALSysIO; C:\Users\homeuser\AppData\Local\Temp\ALSysIO64.sys [47240 2019-10-10] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
C:\Windows\system32\Tasks\Avast Software
C:\Program Files\Common Files\AVAST Software
C:\ProgramData\AVAST Software
C:\Users\homeuser\AppData\Roaming\uTorrent.7z
C:\Users\homeuser\AppData\Roaming\uTorrent
C:\Users\homeuser\AppData\Local\BitTorrentHelper
C:\Windows\system32\Tasks\ParkControl
C:\Program Files\ParkControl
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKU\S-1-5-21-3024691867-316160702-395545048-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BDAAF491-AE55-4EDA-B015-A51715897772}E:\utorrent pro 3.5.5 (build 45271) portable by sanlex+оптим.файл.кеш\utorrent pro 3.5.5 (build 45271) portable by sanlex\utorrent 3.5.5 build 45271.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E2B5FEFB-1745-4B24-8312-9BC669979F83}E:\utorrent pro 3.5.5 (build 45271) portable by sanlex+оптим.файл.кеш\utorrent pro 3.5.5 (build 45271) portable by sanlex\utorrent 3.5.5 build 45271.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FDECF34-9E49-4073-99FF-FCF05B1E0069}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{515B0F46-C534-4777-BA19-3C5A6F792290}C:\users\homeuser\appdata\roaming\utorrent\utorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9CC834BB-51F5-4F11-848E-42D10CC26041}C:\users\homeuser\appdata\roaming\utorrent\utorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C20A5254-DFD2-4D25-8C07-DFE8EF4B7B3C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D01DF43-FA07-49C4-A881-BE7C89D03BD3}" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4A8AEADC-3406-4AD2-AD38-98E8D10B2AE2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A8AEADC-3406-4AD2-AD38-98E8D10B2AE2}" => removed successfully
C:\Windows\System32\Tasks\ParkControl => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParkControl" => removed successfully
C:\Program Files\ParkControl => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A94960AA-AA95-4193-B93A-97491B8239DD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A94960AA-AA95-4193-B93A-97491B8239DD}" => removed successfully
C:\Windows\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
ALSysIO => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ALSysIO => removed successfully
ALSysIO => service removed successfully
C:\Windows\system32\Tasks\Avast Software => moved successfully
C:\Program Files\Common Files\AVAST Software => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\Users\homeuser\AppData\Roaming\uTorrent.7z => moved successfully
=> moved successfully
C:\Users\homeuser\AppData\Local\BitTorrentHelper => moved successfully
"C:\Windows\system32\Tasks\ParkControl" => not found
"C:\Program Files\ParkControl" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 6578176 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21419918 B
Java, Flash, Steam htmlcache => 1353 B
Windows/system/drivers => 609607 B
Edge => 124748940 B
Chrome => 99644170 B
Firefox => 216680048 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 12138 B
LocalService => 12138 B
NetworkService => 23208 B
NetworkService => 23208 B
homeuser => 9141307 B

RecycleBin => 0 B
EmptyTemp: => 456.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:22:41 ====
 
EvgenKamensky said:
to be quite honest there is no critical data on this computer and I'm not Donald Trump or Vladimir Putin to fear hacking or leaks so much 😅
Click to expand...
That is good to know. :D However, I would still think you would prefer to have a clean/safe computer.

1. Let's see if you can do a scan with ESET Online Scanner now since you weren't able to before. Please follow the instructions below.

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.

2. Please go to Control Panel\All Control Panel Items\Programs and Features and uninstall ParkControl.

3. Please provide fresh FRST logs.

Thank you.
 
Corrine said:
That is good to know. :D However, I would still think you would prefer to have a clean/safe computer.

1. Let's see if you can do a scan with ESET Online Scanner now since you weren't able to before. Please follow the instructions below.

2. Please go to Control Panel\All Control Panel Items\Programs and Features and uninstall ParkControl.

3. Please provide fresh FRST logs.

Thank you.
Click to expand...


ok scanning now. please tell me what I`d like to know about Bitsum ParkControl. why do you think it is not safe?
 
Last edited:
Corrine said:
Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'ParkControl.exe'

Edit Note: Apologies for the quick response. With the change of seasons, I'm in the midst of preparations for winter and, thus, taking advantage of the sunny 66F/19C afternoon to get some things taken care of had had stopped in quickly to see if you had replied. If you choose not to remove ParkControl, please let me know and I'll change the script.
Click to expand...

still running full scan
 
Duzhe dobre! (I know,that is Ukrainian. It is among the few expressions I learned from my husband who was from Lviv.) Anyway, at least ESET is working this time.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-10-2019
Ran by homeuser (administrator) on SIMPC (Gigabyte Technology Co., Ltd. G1.Guerrilla) (12-10-2019 17:13:23)
Running from C:\Users\homeuser\Desktop\FRST
Loaded Profiles: homeuser (Available Profiles: homeuser)
Platform: Windows 10 Pro Version 1903 18362.418 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Clipdiary\Clipdiary.exe
() [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
() [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
() [File not signed] C:\TCPU71\Programm\ClockTC\ClockTC.exe
(A FOUR TECH CO., LTD. -> ) C:\Program Files (x86)\Bloody7\Bloody7\Bloody7.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe
(ALCPU -> ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(AnchorFree Inc -> AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
(AnchorFree Inc -> AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\x64\hydra.exe
(AnchorFree Inc.) [File not signed] C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitsum LLC -> Bitsum LLC) [File not signed] C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum LLC -> Bitsum LLC) [File not signed] C:\Program Files\Process Lasso\ProcessLasso.exe
(CHENGDU AOMEI TECHNOLOGY CO., LTD. -> AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Discord Inc. -> Discord Inc.) C:\Users\homeuser\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\homeuser\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\homeuser\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\homeuser\AppData\Local\Discord\app-0.0.305\Discord.exe
(FxSound, LLC -> ) [File not signed] C:\Program Files (x86)\DFX\DFX.exe
(FxSound, LLC -> ) C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
(FxSound, LLC -> ) C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(Ghisler Software GmbH) [File not signed] C:\TCPU71\TOTALCMD.EXE
(Janos Mathe -> H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel Pro\HDSentinel.exe
(Jeppesen Sanderson, Inc -> ) C:\Program Files (x86)\Jeppesen\CDA\cda.exe
(Jeppesen Sanderson, Inc -> ) C:\Program Files (x86)\Jeppesen\CDA\CDAMonitor.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mega Limited -> Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19092.399.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.411_none_5f53d2d858cf8961\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.52.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.52.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Viber Media S.à r.l. -> Viber Media S.Ã r.l.) C:\Users\homeuser\AppData\Local\Viber\Viber.exe
(VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [824240 2019-09-23] (Acronis International GmbH -> Acronis International GmbH)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5035416 2019-09-23] (Acronis International GmbH -> )
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [441448 2019-09-23] (Acronis International GmbH -> Acronis International GmbH)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [61370712 2019-10-10] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [FxSound Enhancer] => C:\Program Files (x86)\DFX\dfx.exe [1780728 2019-07-26] (FxSound, LLC -> ) [File not signed]
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [117680 2019-09-16] (VMware, Inc. -> VMware, Inc.)
HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1592440 2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\Run: [Discord] => C:\Users\homeuser\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\Run: [Clipdiary] => C:\Program Files (x86)\Clipdiary\clipdiary.exe [6735360 2019-05-06] () [File not signed]
HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\Run: [Viber] => C:\Users\homeuser\AppData\Local\Viber\Viber.exe [41029704 2019-09-25] (Viber Media S.à r.l. -> Viber Media S.Ã r.l.)
HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody7\Bloody7\Bloody7.exe [15906544 2019-09-27] (A FOUR TECH CO., LTD. -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-10-10] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bigfoot Killer Network Manager.lnk [2019-10-10]
ShortcutTarget: Bigfoot Killer Network Manager.lnk -> C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CDA Monitor.lnk [2019-10-10]
ShortcutTarget: CDA Monitor.lnk -> C:\Program Files (x86)\Jeppesen\CDA\CDAMonitor.exe (Jeppesen Sanderson, Inc -> )
Startup: C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-10-10]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E25192C-9BE3-4FB1-BE68-D59CC76ECADF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1269051C-87EB-48C7-8E34-EE0356A144FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-10] (Google Inc -> Google LLC)
Task: {1FDF2843-2647-404C-B0E2-9153C685F929} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {270D6A16-FBD6-4C5A-A423-10423B4C444F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-10] (Google Inc -> Google LLC)
Task: {3E33B2C9-4B77-42D5-9B3C-7A4158EDDA41} - System32\Tasks\Core Temp Autostart homeuser => C:\Program Files\Core Temp\Core Temp.exe [1011592 2019-08-30] (ALCPU -> ALCPU)
Task: {4B8FFC2A-0F8A-4D8B-9C43-E3196AB515F7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4CAC860A-F0F5-4EBC-849B-BD0659C8A775} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {4F0750B2-34A1-4E37-B9D0-FF077F401CA7} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3024691867-316160702-395545048-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [615160 2019-09-06] (Mega Limited -> Mega Limited)
Task: {76DFCE02-CA7D-471B-87E9-B42C8997390A} - System32\Tasks\BlueStacksHelper => E:\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {881AAC14-1DD6-4347-8953-2FBB65A325A1} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [415744 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {889EFEA1-29FA-493C-9790-4939CA8C37B1} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2696520 2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {912AD4A3-C202-4C25-A670-DF6E007876E7} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [1541520 2019-09-18] (Bitsum LLC -> Bitsum LLC) [File not signed]
Task: {AA932CE1-F8D2-4578-B244-789D687F25E0} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_homeuser => C:\Program Files (x86)\Hard Disk Sentinel Pro\HDSentinel.exe [5658384 2019-07-10] (Janos Mathe -> H.D.S. Hungary)
Task: {BF240BCC-00E8-4226-9055-13BC13076D75} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D64CD868-2345-47BD-87C7-CE8B96B28987} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [1029512 2019-09-18] (Bitsum LLC -> Bitsum LLC) [File not signed]
Task: {D79C8EFF-FF41-4878-8761-CB67B8A959B3} - System32\Tasks\WiseCleaner\WDCSkipUAC => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [6982216 2019-09-26] (Lespeed Technology Ltd. -> WiseCleaner.com)
Task: {EA7B3E22-B462-4093-AF64-51433F922EE9} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_270_Plugin.exe [1457720 2019-10-10] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [174592 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [174592 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [174592 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [174592 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9 19 C:\Windows\SysWOW64\BfLLR.dll [174592 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [189952 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [189952 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [189952 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [189952 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Winsock: Catalog9-x64 19 C:\Windows\system32\BfLLR.dll [189952 2013-10-09] (Bigfoot Networks, Inc.) [File not signed]
Tcpip\..\Interfaces\{15071d1f-12aa-4cf3-98d9-4f4c345bd3bc}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{78f881c0-e8f5-4114-8046-f70414a39f91}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

Edge:
======
DownloadDir:
Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.10.0.0_neutral__v68kp9n051hdp [2019-10-10]

FireFox:
========
FF DefaultProfile: cpldss12.default
FF ProfilePath: C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\cpldss12.default [2019-10-10]
FF ProfilePath: C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release [2019-10-12]
FF Homepage: Mozilla\Firefox\Profiles\s2ccsxum.default-release -> hxxps://yandex.ru/?clid=2224022
FF NetworkProxy: Mozilla\Firefox\Profiles\s2ccsxum.default-release -> type", 0
FF HomepageOverride: Mozilla\Firefox\Profiles\s2ccsxum.default-release -> Enabled: homeutil@yandex.ru
FF NewTabOverride: Mozilla\Firefox\Profiles\s2ccsxum.default-release -> Enabled: vb@yandex.ru
FF NewTabOverride: Mozilla\Firefox\Profiles\s2ccsxum.default-release -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF Extension: (Hoxx VPN Proxy) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\@hoxx-vpn.xpi [2019-10-09]
FF Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\@setupvpncom.xpi [2019-10-09]
FF Extension: (WebRTC Leak Shield) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\@webrtc-leak-shield.xpi [2018-02-24]
FF Extension: (anonymoX) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\client@anonymox.net.xpi [2018-12-14]
FF Extension: (FireX Proxy) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\divanproger@gmail.com.xpi [2019-08-19]
FF Extension: (Free Download Manager) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\fdm_ffext2@freedownloadmanager.org.xpi [2019-09-25]
FF Extension: (Ghostery – Конфиденциальный Блокировщик Рекламы) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\firefox@ghostery.com.xpi [2019-08-29]
FF Extension: (MEGA) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\firefox@mega.co.nz.xpi [2019-10-03] [UpdateUrl:hxxps://mega.nz/firefox-web-extension-updates.json]
FF Extension: (Tampermonkey) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\firefox@tampermonkey.net.xpi [2019-05-30]
FF Extension: (Стартовая — Яндекс) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\homeutil@yandex.ru.xpi [2019-09-09]
FF Extension: (Кнопка «Сохранить» в Pinterest) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2019-09-25]
FF Extension: (Доступ к Рутрекеру) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\public.proartex@gmail.com.xpi [2018-05-08]
FF Extension: (S3.Переводчик) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\s3google@translator.xpi [2018-10-10]
FF Extension: (uBlock Origin) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\uBlock0@raymondhill.net.xpi [2019-09-27]
FF Extension: (Avast Online Security) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\wrc@avast.com.xpi [2019-10-11]
FF Extension: (minerBlock) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\xd4rker@gmail.com.xpi [2019-02-04]
FF Extension: (Zoom Page WE) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\zoompage-we@DW-dev.xpi [2019-10-09]
FF Extension: (First Mountain Snow by M♥Donna) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\{58ed0b89-8436-4436-be1c-0f56273f1adf}.xpi [2019-05-14]
FF Extension: (Web of Trust) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2019-09-02]
FF Extension: (Video DownloadHelper) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-07-08]
FF Extension: (Adblock Plus - бесплатный блокировщик рекламы) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-08-22]
FF Extension: (Greasemonkey) - C:\Users\homeuser\AppData\Roaming\Mozilla\Firefox\Profiles\s2ccsxum.default-release\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2019-06-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_270.dll [2019-10-10] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_270.dll [2019-10-10] (Adobe Inc. -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-10] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-10] (Google Inc -> Google LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.mail.ru/cnt/9516
CHR StartupUrls: Default -> "hxxp://www.mail.ru/cnt/9516","hxxp://mail.ru/cnt/10445?gp=812208"
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B792CA924-60DD-4AE5-BF89-099626812133%7D&gp=812209
CHR DefaultSearchKeyword: Default -> go.mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default [2019-10-12]
CHR Extension: (Slides) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-10]
CHR Extension: (Docs) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-10]
CHR Extension: (Google Drive) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-10]
CHR Extension: (YouTube) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-10]
CHR Extension: (Sheets) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-10]
CHR Extension: (Google Docs Offline) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-10-10]
CHR Extension: (Avast Online Security) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-10-10]
CHR Extension: (Direct.Fastix ) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lknnjfgcgglncamgpbbdfkianokjohlh [2019-10-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-10]
CHR Extension: (Gmail) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-10]
CHR Extension: (Chrome Media Router) - C:\Users\homeuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [10316304 2019-09-23] (Acronis International GmbH -> )
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [844888 2019-09-27] (CHENGDU AOMEI TECHNOLOGY CO., LTD. -> AOMEI Tech Co., Ltd.)
R2 Bigfoot Networks Killer Service; C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [494080 2013-10-09] () [File not signed]
R2 CDA; C:\Program Files (x86)\Jeppesen\CDA\CDA.exe [134088 2016-04-01] (Jeppesen Sanderson, Inc -> )
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\FileSyncHelper.exe [2124104 2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2019-10-10] (SurfRight B.V. -> SurfRight B.V.)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [258560 2019-10-11] (AnchorFree Inc.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2019-09-23] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2019-09-23] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1912488 2019-09-23] (Acronis International GmbH -> )
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\OneDriveUpdaterService.exe [2489984 2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [7095824 2019-09-23] (Acronis International GmbH -> Acronis International GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15476144 2019-09-16] (VMware, Inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALSysIO; C:\Users\homeuser\AppData\Local\Temp\ALSysIO64.sys [47240 2019-10-12] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [51120 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [171952 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [38320 2017-09-01] (CHENGDU AOMEI Tech Co., Ltd. -> )
R3 BfEdge7x64; C:\Windows\System32\drivers\Edge7x64.sys [31336 2013-10-09] (Bigfoot Networks, Inc. -> Bigfoot Networks, Inc.)
R3 BFN7x64; C:\Windows\System32\drivers\Xeno7x64.sys [157288 2013-10-09] (Bigfoot Networks, Inc. -> Bigfoot Networks, Inc.)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-10-07] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R3 DFX12; C:\Windows\system32\drivers\dfx12x64.sys [39048 2018-03-08] (Power Technology -> Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2019-10-10] (Malwarebytes Corporation -> Malwarebytes)
R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [687768 2019-10-10] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [390592 2019-10-10] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R3 ip100Avista; C:\Windows\System32\drivers\ipfnd51.sys [36864 2007-09-28] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-10-12] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-10-12] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-10-12] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-10-12] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116832 2019-10-12] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_830a0263f2ee97ce\nvlddmkm.sys [22370696 2019-09-06] (NVIDIA Corporation -> NVIDIA Corporation)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tib; C:\Windows\system32\DRIVERS\tib.sys [883256 2019-10-10] (Acronis International GmbH -> Acronis International GmbH)
R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [171968 2019-10-10] (Acronis International GmbH -> Acronis International GmbH)
S3 tnd; C:\Windows\system32\DRIVERS\tnd.sys [693768 2019-10-10] (Acronis International GmbH -> Acronis International GmbH)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [330176 2019-10-10] (Acronis International GmbH -> Acronis International GmbH)
R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [52288 2019-09-16] (VMware, Inc. -> VMware, Inc.)
R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [243472 2019-10-10] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [103224 2019-08-14] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [52576 2018-02-28] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46688 2019-10-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [350136 2019-10-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-12 16:57 - 2019-10-12 16:57 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-10-12 16:57 - 2019-10-12 16:57 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-10-12 16:57 - 2019-10-12 16:57 - 000116832 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-10-12 16:57 - 2019-10-12 16:57 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-10-12 15:31 - 2019-10-12 15:32 - 000000000 ____D C:\Users\homeuser\Cisco Packet Tracer 7.2.1
2019-10-12 15:31 - 2019-10-12 15:31 - 000000182 _____ C:\Users\homeuser\.packettracer
2019-10-12 15:31 - 2019-10-12 15:31 - 000000000 ____D C:\Users\homeuser\AppData\Local\PacketTracer7
2019-10-12 15:28 - 2019-10-12 15:28 - 000001093 _____ C:\Users\homeuser\Desktop\Cisco Packet Tracer.lnk
2019-10-12 15:28 - 2019-10-12 15:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer
2019-10-12 15:27 - 2019-10-12 15:28 - 000000000 ____D C:\Program Files\Cisco Packet Tracer 7.2.1
2019-10-12 15:08 - 2019-10-12 15:08 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-10-12 14:50 - 2019-10-12 14:50 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
2019-10-12 14:39 - 2007-09-28 16:11 - 000036864 _____ (ASUSTek Computer Inc) C:\Windows\system32\Drivers\ipfnd51.sys
2019-10-11 21:50 - 2019-10-11 21:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2019-10-11 21:49 - 2019-10-12 17:12 - 000000000 ____D C:\ProgramData\Hotspot Shield
2019-10-11 21:49 - 2019-10-12 14:48 - 000000000 ____D C:\Program Files (x86)\Hotspot Shield
2019-10-11 21:49 - 2019-10-11 21:50 - 000001141 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2019-10-11 21:49 - 2019-10-11 21:50 - 000001141 _____ C:\ProgramData\Desktop\Hotspot Shield.lnk
2019-10-11 21:09 - 2019-10-11 22:58 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\VMware
2019-10-11 21:09 - 2019-10-11 22:58 - 000000000 ____D C:\Users\homeuser\AppData\Local\VMware
2019-10-11 20:01 - 2019-10-11 20:14 - 000000000 ____D C:\Program Files\Recuva
2019-10-11 20:01 - 2019-10-11 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2019-10-11 19:18 - 2019-10-12 16:57 - 000000000 ____D C:\ProgramData\VMware
2019-10-11 19:18 - 2019-10-11 19:18 - 000001024 _____ C:\Windows\SysWOW64\%TMP%
2019-10-11 19:18 - 2019-10-11 19:18 - 000000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2019-10-11 19:18 - 2019-10-11 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2019-10-11 19:18 - 2019-10-11 19:18 - 000000000 ____D C:\ProgramData\Documents\Shared Virtual Machines
2019-10-11 19:18 - 2019-10-11 19:18 - 000000000 ____D C:\Program Files\Common Files\VMware
2019-10-11 19:18 - 2019-10-11 19:18 - 000000000 ____D C:\Program Files (x86)\VMware
2019-10-11 19:18 - 2019-09-16 18:56 - 001271728 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2019-10-11 19:18 - 2019-09-16 18:55 - 000399280 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2019-10-11 19:18 - 2019-09-16 18:55 - 000370096 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2019-10-11 19:18 - 2019-09-16 18:54 - 000116536 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2019-10-11 19:18 - 2019-09-16 18:54 - 000043840 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2019-10-11 19:18 - 2019-09-16 18:48 - 000100368 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2019-10-11 19:18 - 2019-09-16 18:48 - 000052288 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys
2019-10-11 19:18 - 2019-08-21 08:12 - 000083984 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2019-10-11 19:18 - 2019-08-14 01:36 - 000103224 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2019-10-11 19:18 - 2019-08-14 01:36 - 000046392 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2019-10-11 19:18 - 2019-08-14 01:36 - 000042296 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2019-10-11 17:29 - 2019-10-11 17:29 - 000001009 _____ C:\Users\Public\Desktop\µTorrent.lnk
2019-10-11 17:29 - 2019-10-11 17:29 - 000001009 _____ C:\ProgramData\Desktop\µTorrent.lnk
2019-10-11 17:29 - 2019-10-11 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\µTorrent
2019-10-11 17:25 - 2019-10-11 17:25 - 000000000 ___RD C:\Sandbox
2019-10-11 17:24 - 2019-10-11 19:07 - 000000000 ____D C:\Program Files\Sandboxie
2019-10-11 17:24 - 2019-10-11 17:37 - 000002852 _____ C:\Windows\Sandboxie.ini
2019-10-11 17:22 - 2019-10-12 15:26 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\uTorrent
2019-10-11 17:22 - 2019-10-11 17:22 - 000002699 _____ C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2019-10-11 16:58 - 2019-10-11 16:58 - 000000000 ____D C:\Program Files\TAP-Windows
2019-10-11 16:52 - 2019-10-11 16:55 - 000000000 ____D C:\ProgramData\Avira
2019-10-11 05:08 - 2019-10-11 05:08 - 004745808 _____ (Acronis) C:\Windows\system32\auto_reactivate.exe
2019-10-11 05:08 - 2019-10-11 05:08 - 000286736 _____ (Acronis International GmbH) C:\Windows\system32\snapapiar64.dll
2019-10-10 23:28 - 2019-10-11 19:18 - 000825898 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-10-10 23:04 - 2019-10-10 23:04 - 000002094 _____ C:\Users\Public\Desktop\Bloody7.lnk
2019-10-10 23:04 - 2019-10-10 23:04 - 000002094 _____ C:\ProgramData\Desktop\Bloody7.lnk
2019-10-10 23:04 - 2019-10-10 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloody
2019-10-10 23:04 - 2019-10-10 23:04 - 000000000 ____D C:\ProgramData\Bloody7
2019-10-10 23:04 - 2019-10-10 23:04 - 000000000 ____D C:\Program Files (x86)\Bloody7
2019-10-10 22:43 - 2019-10-10 23:02 - 034333904 _____ C:\Users\homeuser\Downloads\Bloody7_V2019.0927_MUI.exe
2019-10-10 22:27 - 2019-10-10 22:33 - 000000000 ____D C:\ProgramData\HitmanPro
2019-10-10 22:27 - 2019-10-10 22:27 - 000001994 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2019-10-10 22:27 - 2019-10-10 22:27 - 000001994 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2019-10-10 22:27 - 2019-10-10 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2019-10-10 22:27 - 2019-10-10 22:27 - 000000000 ____D C:\Program Files\HitmanPro
2019-10-10 22:20 - 2019-10-10 22:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-10 21:59 - 2019-10-10 21:59 - 000000000 ____D C:\KVRT_Data
2019-10-10 21:10 - 2019-10-10 21:10 - 000000655 _____ C:\Windows\system32\Drivers\etc\hosts.zip
2019-10-10 21:08 - 2019-10-12 17:13 - 000000000 ____D C:\Users\homeuser\Desktop\FRST
2019-10-10 21:08 - 2019-10-12 17:13 - 000000000 ____D C:\FRST
2019-10-10 20:57 - 2019-10-10 20:58 - 000000000 ____D C:\Program Files\HyperSnap
2019-10-10 20:57 - 2019-10-10 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperSnap
2019-10-10 20:46 - 2019-10-12 17:12 - 000000000 ____D C:\Users\homeuser\AppData\Local\CrashDumps
2019-10-10 20:44 - 2019-10-10 20:44 - 000000000 ____D C:\Users\homeuser\AppData\Local\Viber Media S.à r.l
2019-10-10 20:35 - 2019-10-11 19:15 - 000000000 ____D C:\Users\homeuser\Documents\ViberDownloads
2019-10-10 20:34 - 2019-10-12 15:09 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\ViberPC
2019-10-10 20:34 - 2019-10-10 20:44 - 000000000 ____D C:\Users\homeuser\AppData\Local\Viber
2019-10-10 20:34 - 2019-10-10 20:34 - 000001032 _____ C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2019-10-10 20:34 - 2019-10-10 20:34 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2019-10-10 20:34 - 2019-10-10 20:34 - 000000000 ____D C:\Users\homeuser\AppData\Local\Package Cache
2019-10-10 20:22 - 2019-10-10 20:22 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinTools.net Premium
2019-10-10 20:22 - 2019-10-10 20:22 - 000000000 ____D C:\Program Files (x86)\WinTools Software
2019-10-10 20:15 - 2019-10-10 20:15 - 000000121 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2019-10-10 20:15 - 2019-10-10 20:15 - 000000000 ____D C:\Users\homeuser\Documents\Boson NetSim Labs
2019-10-10 20:15 - 2019-10-10 20:15 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Boson Software, LLC
2019-10-10 20:15 - 2019-10-10 20:15 - 000000000 ____D C:\Users\homeuser\AppData\Local\Boson_Software,_LLC
2019-10-10 20:14 - 2019-10-10 20:14 - 000002118 _____ C:\Users\Public\Desktop\Boson NetSim 11.lnk
2019-10-10 20:14 - 2019-10-10 20:14 - 000002118 _____ C:\ProgramData\Desktop\Boson NetSim 11.lnk
2019-10-10 20:14 - 2019-10-10 20:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boson Software
2019-10-10 20:14 - 2019-10-10 20:14 - 000000000 ____D C:\ProgramData\Boson Software
2019-10-10 20:14 - 2019-10-10 20:14 - 000000000 ____D C:\Program Files (x86)\Boson Software
2019-10-10 20:02 - 2019-10-12 17:12 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Clipdiary
2019-10-10 20:02 - 2019-10-10 20:02 - 000001114 _____ C:\Users\homeuser\Desktop\Clipdiary.lnk
2019-10-10 20:02 - 2019-10-10 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clipdiary
2019-10-10 20:02 - 2019-10-10 20:02 - 000000000 ____D C:\Program Files (x86)\Clipdiary
2019-10-10 19:25 - 2019-10-10 20:34 - 000001030 _____ C:\Users\homeuser\Desktop\Viber.lnk
2019-10-10 19:22 - 2019-10-11 01:09 - 000001411 _____ C:\Users\homeuser\Desktop\Mamba.lnk
2019-10-10 19:22 - 2019-10-10 19:22 - 000001407 _____ C:\Users\homeuser\Desktop\VK.lnk
2019-10-10 19:15 - 2007-10-12 02:00 - 000490008 _____ (Logitech Inc.) C:\Windows\SysWOW64\LVUI2.dll
2019-10-10 19:15 - 2007-10-12 02:00 - 000486936 _____ (Logitech Inc.) C:\Windows\system32\LVUIRC64.dll
2019-10-10 19:15 - 2007-10-12 02:00 - 000465432 _____ (Logitech Inc.) C:\Windows\SysWOW64\LVUI2RC.dll
2019-10-10 19:15 - 2007-10-12 02:00 - 000050072 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LVUSBS64.sys
2019-10-10 19:15 - 2007-10-12 01:59 - 000685080 _____ (Logitech Inc.) C:\Windows\system32\LVUI64.dll
2019-10-10 19:15 - 2007-10-12 01:57 - 000416280 _____ (Logitech Inc.) C:\Windows\SysWOW64\lvcodec2.dll
2019-10-10 19:15 - 2007-10-12 01:57 - 000257560 _____ (Logitech Inc.) C:\Windows\system32\lvco1150.dll
2019-10-10 19:15 - 2007-10-12 01:56 - 001214488 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LV302V64.SYS
2019-10-10 19:15 - 2007-10-12 01:56 - 000475672 _____ (Logitech Inc.) C:\Windows\system32\lvcod64.dll
2019-10-10 19:15 - 2007-10-12 01:18 - 000021138 _____ C:\Windows\system32\Repository.reg
2019-10-10 19:15 - 2007-10-12 01:11 - 000059500 _____ C:\Windows\system32\lvcoin64.ini
2019-10-10 19:00 - 2019-10-10 19:00 - 000003908 _____ C:\Windows\system32\Tasks\BlueStacksHelper
2019-10-10 18:57 - 2019-10-10 18:57 - 000000000 ____D C:\Users\homeuser\AppData\Local\CEF
2019-10-10 18:43 - 2019-10-10 18:43 - 000000000 ____D C:\Users\homeuser\Downloads\Telegram Desktop
2019-10-10 18:15 - 2019-10-10 18:15 - 000001571 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2019-10-10 18:15 - 2019-10-10 18:15 - 000001571 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk
2019-10-10 18:15 - 2019-10-10 18:15 - 000001571 _____ C:\ProgramData\Desktop\BlueStacks.lnk
2019-10-10 18:15 - 2019-10-10 18:15 - 000001261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2019-10-10 18:15 - 2019-10-10 18:15 - 000001249 _____ C:\Users\Public\Desktop\BlueStacks Multi-Instance Manager.lnk
2019-10-10 18:15 - 2019-10-10 18:15 - 000001249 _____ C:\ProgramData\Desktop\BlueStacks Multi-Instance Manager.lnk
2019-10-10 18:12 - 2019-10-10 18:12 - 000000000 ____D C:\Program Files\BlueStacks
2019-10-10 16:54 - 2019-10-10 16:54 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\ChemTable Software
2019-10-10 16:54 - 2019-10-10 16:54 - 000000000 ____D C:\Users\homeuser\AppData\Local\ChemTable Software
2019-10-10 16:53 - 2019-10-10 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Organizer
2019-10-10 16:53 - 2019-10-10 16:53 - 000000000 ____D C:\Program Files (x86)\Reg Organizer
2019-10-10 16:44 - 2019-10-11 23:08 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Telegram Desktop
2019-10-10 16:44 - 2019-10-10 16:44 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2019-10-10 16:35 - 2019-10-10 16:35 - 000004522 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-10-10 16:35 - 2019-10-10 16:35 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Macromedia
2019-10-10 16:34 - 2019-10-10 16:37 - 000000000 ____D C:\Users\homeuser\AppData\Local\Adobe
2019-10-10 16:27 - 2019-10-10 18:12 - 000000000 ____D C:\Users\Public\BlueStacks
2019-10-10 16:27 - 2019-10-10 18:12 - 000000000 ____D C:\Users\homeuser\AppData\Local\BlueStacksSetup
2019-10-10 16:27 - 2019-10-10 18:12 - 000000000 ____D C:\Users\homeuser\AppData\Local\BlueStacks
2019-10-10 16:20 - 2019-10-10 16:20 - 000000000 ____D C:\Users\homeuser\Jeppesen
2019-10-10 16:17 - 2019-10-10 16:17 - 000000000 ____D C:\Users\homeuser\AppData\Local\Jeppesen
2019-10-10 16:06 - 2019-10-10 16:06 - 000002070 _____ C:\Users\Public\Desktop\CDA Monitor.lnk
2019-10-10 16:06 - 2019-10-10 16:06 - 000002070 _____ C:\ProgramData\Desktop\CDA Monitor.lnk
2019-10-10 16:05 - 2015-12-10 00:47 - 000124928 _____ (Jeppesen Sanderson, Inc.) C:\Windows\system32\JFPDView.dll
2019-10-10 16:04 - 2019-10-10 16:04 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Softland
2019-10-10 16:04 - 2019-10-10 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\novaPDF 7
2019-10-10 16:04 - 2019-10-10 16:04 - 000000000 ____D C:\Program Files\Softland
2019-10-10 16:04 - 2014-03-19 15:10 - 000029472 _____ (Softland) C:\Windows\system32\novamnk7.dll
2019-10-10 16:04 - 2014-03-19 15:10 - 000022304 _____ (Softland) C:\Windows\system32\novamik7.dll
2019-10-10 16:04 - 2014-01-10 15:43 - 000007549 _____ C:\Windows\system32\novak7.ctm
2019-10-10 16:03 - 2019-10-12 15:23 - 000000000 ____D C:\ProgramData\Package Cache
2019-10-10 16:03 - 2019-10-10 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jeppesen
2019-10-10 16:02 - 2019-10-10 16:06 - 000000000 ____D C:\Program Files (x86)\Jeppesen
2019-10-10 15:57 - 2019-10-12 16:58 - 000000000 ____D C:\ProgramData\Jeppesen
2019-10-10 15:57 - 2019-10-10 16:02 - 000000000 ____D C:\Users\Public\Documents\Jeppesen
2019-10-10 15:57 - 2019-10-10 16:02 - 000000000 ____D C:\ProgramData\Documents\Jeppesen
2019-10-10 15:23 - 2019-10-10 15:23 - 000000000 ____D C:\Windows\system32\Tasks\MEGA
2019-10-10 15:23 - 2019-10-10 15:23 - 000000000 ____D C:\Users\homeuser\AppData\Local\Mega Limited
2019-10-10 15:22 - 2019-10-10 15:22 - 000003642 _____ C:\Windows\system32\Tasks\CreateExplorerShellUnelevatedTask
2019-10-10 15:22 - 2019-10-10 15:22 - 000000799 _____ C:\Users\Public\Desktop\MEGAsync.lnk
2019-10-10 15:22 - 2019-10-10 15:22 - 000000799 _____ C:\ProgramData\Desktop\MEGAsync.lnk
2019-10-10 15:22 - 2019-10-10 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync
2019-10-10 15:22 - 2019-10-10 15:22 - 000000000 ____D C:\ProgramData\MEGAsync
2019-10-10 15:20 - 2019-10-12 16:39 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\WhatsApp
2019-10-10 15:20 - 2019-10-10 15:20 - 000002212 _____ C:\Users\homeuser\Desktop\WhatsApp.lnk
2019-10-10 15:20 - 2019-10-10 15:20 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2019-10-10 15:20 - 2019-10-10 15:20 - 000000000 ____D C:\Users\homeuser\AppData\Local\WhatsApp
2019-10-10 12:49 - 2019-10-10 12:49 - 000000000 ____D C:\ProgramData\Apple
2019-10-10 12:49 - 2019-10-10 12:49 - 000000000 ____D C:\Program Files\Bonjour
2019-10-10 12:49 - 2019-10-10 12:49 - 000000000 ____D C:\Program Files (x86)\Bonjour
2019-10-10 12:29 - 2019-10-10 12:29 - 000000000 ____D C:\Users\homeuser\AppData\Local\NVIDIA
2019-10-10 12:27 - 2019-10-10 06:10 - 000000000 ____D C:\Users\homeuser\AppData\Local\D3DSCache
2019-10-10 12:26 - 2019-10-10 12:26 - 000000000 ____D C:\Users\homeuser\AppData\Local\PeerDistRepub
2019-10-10 12:13 - 2019-10-10 12:14 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\ProcessLasso
2019-10-10 12:13 - 2019-10-10 12:13 - 000003106 _____ C:\Windows\system32\Tasks\Process Lasso Management Console (GUI)
2019-10-10 12:13 - 2019-10-10 12:13 - 000003096 _____ C:\Windows\system32\Tasks\Process Lasso Core Engine Only
2019-10-10 12:13 - 2019-10-10 12:13 - 000000000 ____D C:\ProgramData\ProcessLasso
2019-10-10 12:13 - 2019-10-10 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso Pro
2019-10-10 12:13 - 2019-10-10 12:13 - 000000000 ____D C:\Program Files\Process Lasso
2019-10-10 11:55 - 2019-10-10 11:56 - 000000000 ____D C:\Windows\system32\MRT
2019-10-10 11:55 - 2019-10-10 11:55 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-10-10 11:53 - 2019-10-12 00:00 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel Pro
2019-10-10 11:53 - 2019-10-10 11:53 - 025443840 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 019811840 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 018019840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 007015936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 006232064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 005915648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 004481536 _____ (Microsoft Corporation) C:\Windows\system32\DHolographicDisplay.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 004129616 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 003525592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-10-10 11:53 - 2019-10-10 11:53 - 002494440 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 002422592 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2019-10-10 11:53 - 2019-10-10 11:53 - 002314648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 002236144 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 002190864 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 002138472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2019-10-10 11:53 - 2019-10-10 11:53 - 001716752 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001611792 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001610752 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001510752 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001505320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001501712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001386000 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001297936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001273392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001244944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001152016 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001098712 _____ (Microsoft Corporation) C:\Windows\system32\DolbyDecMFT.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001043984 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 001012792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000960512 _____ (Microsoft Corporation) C:\Windows\system32\assignedaccessmanagersvc.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000957240 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000952416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DolbyDecMFT.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000939008 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000904704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\opengl32.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000843776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000827408 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000816648 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000742912 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000741392 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000722944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapi.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000666128 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000659456 _____ (Microsoft Corporation) C:\Windows\system32\AssignedAccessManager.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000649016 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2019-10-10 11:53 - 2019-10-10 11:53 - 000537600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000524800 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000516544 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000502784 _____ C:\Windows\system32\AssignedAccessCsp.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000495120 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000417280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000394256 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000387832 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000376832 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapibase.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000258064 _____ (Microsoft Corporation) C:\Windows\system32\AppVFileSystemMetadata.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glu32.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000231440 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000228880 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamMap.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000202768 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamingUX.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000181776 _____ (Microsoft Corporation) C:\Windows\system32\AppVDllSurrogate.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000173072 _____ (Microsoft Corporation) C:\Windows\system32\AppVNice.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000145208 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000133632 _____ (Microsoft Corporation) C:\Windows\system32\appvetwclientres.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakrathunk.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvvmtransport.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iemigplugin.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\BdeUISrv.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000037904 _____ (Microsoft Corporation) C:\Windows\system32\SyncAppvPublishingServer.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000021816 _____ (Microsoft Corporation) C:\Windows\system32\ScriptRunner.exe
2019-10-10 11:53 - 2019-10-10 11:53 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\appvetwstreamingux.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\TSErrRedir.dll
2019-10-10 11:53 - 2019-10-10 11:53 - 000001184 _____ C:\Users\homeuser\Desktop\Hard Disk Sentinel Pro.lnk
2019-10-10 11:53 - 2019-10-10 11:53 - 000000000 ____D C:\Windows\system32\Tasks\HardDiskSentinel
2019-10-10 11:53 - 2019-10-10 11:53 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel Pro
2019-10-10 11:53 - 2019-10-10 11:53 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Hard Disk Sentinel
2019-10-10 11:52 - 2019-10-10 11:53 - 019849216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 025900544 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 022628352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 017787392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 014816256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 009928504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 008010752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 007905000 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 007848192 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 007754240 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 007600664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 007263992 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 007195648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 006517640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 006425600 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 006227624 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 006164480 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 006084048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 005865272 _____ (Microsoft Corporation) C:\Windows\system32\spwizimg.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 005764872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 005105152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 005041664 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 004612520 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 004562688 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 004538880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 004046336 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 004012544 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003964056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 003947008 _____ (Microsoft Corporation) C:\Windows\system32\tellib.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003771392 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003742032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003727360 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 003701760 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003590968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 003553280 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003386880 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003184128 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 003105280 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002861568 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002821120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002799616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 002772032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002762504 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-10-10 11:52 - 2019-10-10 11:52 - 002723328 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 002703360 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002590208 _____ C:\Windows\system32\dwmscene.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002552120 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002466304 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002456064 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002448712 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002284032 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002258856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002160640 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002132280 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002120704 _____ (Microsoft Corporation) C:\Windows\system32\WpcDesktopMonSvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002120272 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002114048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002095104 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002081976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002069504 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 002000168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001957008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001952360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001942528 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001940952 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001913296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001857024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001847808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001845408 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001835008 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001830200 _____ (Microsoft Corporation) C:\Windows\system32\rdpserverbase.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001819136 _____ (Microsoft Corporation) C:\Windows\system32\CoreShell.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001788728 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001757096 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-10-10 11:52 - 2019-10-10 11:52 - 001748480 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001743672 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001730560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001721144 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001692160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001687040 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001664928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001664376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001657856 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001656392 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001616784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001616608 _____ (Microsoft Corporation) C:\Windows\system32\ttdrecordcpu.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001607680 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001563648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001562424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001543168 _____ (Microsoft Corporation) C:\Windows\system32\WindowManagement.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001512320 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 001482040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 001473488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001439744 _____ (Microsoft Corporation) C:\Windows\system32\usocoreworker.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 001413704 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001412096 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001394488 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 001383856 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001372160 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001366128 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-10-10 11:52 - 2019-10-10 11:52 - 001334064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ttdrecordcpu.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001319936 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001283072 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001263616 _____ (Microsoft Corporation) C:\Windows\system32\opengl32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001261800 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001217904 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 001214976 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001182240 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 001178816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001154656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001150240 _____ (Microsoft Corporation) C:\Windows\system32\InputHost.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001149712 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 001091584 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001084432 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001072952 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 001066496 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001054872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001047968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001036800 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001029432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ClipSp.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 001023128 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 001009152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000984376 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000975872 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000950784 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000944664 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000931840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000923136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000923136 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000904208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000893952 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000890472 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000882688 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000880088 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000875008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000874296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000858112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000856576 _____ C:\Windows\system32\MBR2GPT.EXE
2019-10-10 11:52 - 2019-10-10 11:52 - 000844800 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000841216 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000839680 _____ (Microsoft Corporation) C:\Windows\system32\d3d9on12.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000833312 _____ (Microsoft Corporation) C:\Windows\system32\pkeyhelper.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000829536 _____ (Microsoft Corporation) C:\Windows\system32\BioIso.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000818688 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000792296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputHost.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000784384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000783480 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000775768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000774672 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000772656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000765440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000759488 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000758584 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000750080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.Search.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000735232 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000732176 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_StorageSense.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000717312 _____ (Microsoft Corporation) C:\Windows\system32\mousocoreworker.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000702464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.FileExplorer.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000691712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000679880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000674072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000673080 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000669496 _____ (Microsoft Corporation) C:\Windows\system32\computecore.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000656960 _____ (Microsoft Corporation) C:\Windows\system32\d3d11on12.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000652800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000647168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000639400 _____ (Microsoft Corporation) C:\Windows\system32\msvcp_win.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.Search.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000623104 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000617784 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000612864 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000606208 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000599040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000598024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000598016 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000596992 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000595456 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000589384 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000587776 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_PCDisplay.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000568336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000563200 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000558592 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Notifications.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000551952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Vid.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000551936 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000551424 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000546816 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000541696 _____ (Microsoft Corporation) C:\Windows\system32\ResourceMapper.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000541480 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000539648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9on12.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000533504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000531968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000530432 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000520192 _____ (Microsoft Corporation) C:\Windows\system32\usosvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000518656 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000516408 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000515896 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000513536 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000507704 _____ (Microsoft Corporation) C:\Windows\system32\spwizeng.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000507152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000501232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp_win.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000500736 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-10-10 11:52 - 2019-10-10 11:52 - 000496640 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000487576 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_enclave.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.FileExplorer.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000483328 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000476672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000476672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000466416 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000463272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000462136 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000457216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cldflt.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000456504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000452408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000450360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11on12.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000449888 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000448000 _____ (Microsoft Corporation) C:\Windows\system32\SettingsEnvironment.Desktop.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000442704 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000441144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000436536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000429568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000422008 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-10-10 11:52 - 2019-10-10 11:52 - 000415808 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000412152 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000404392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000398728 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\NotificationControllerPS.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000383984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000382976 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000380216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000379840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000375720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000363624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000359424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MbbCx.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000355840 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicSvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000355000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000342896 _____ (Microsoft Corporation) C:\Windows\system32\ttdwriter.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000334936 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\ComposableShellProxyStub.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000324408 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\dmenterprisediagnostics.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000315392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000300184 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000293344 _____ (Microsoft Corporation) C:\Windows\system32\cfgmgr32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\directxdatabaseupdater.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000285256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000284160 _____ (Microsoft Corporation) C:\Windows\system32\container.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000283688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ttdwriter.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000282112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.AppDefaults.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000278080 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000275968 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000275456 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_CapabilityAccess.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000268800 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000268288 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicCapsule.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\UpdateDeploymentProvider.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000252416 _____ (Microsoft Corporation) C:\Windows\system32\wpnservice.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\ManageCI.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000247856 _____ (Microsoft Corporation) C:\Windows\system32\weretw.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Gpu.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000236520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000235008 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000231936 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000227840 _____ (Microsoft Corporation) C:\Windows\system32\IndexedDbLegacy.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000225080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wof.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000224768 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2019-10-10 11:52 - 2019-10-10 11:52 - 000224256 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000223032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000221696 _____ (Microsoft Corporation) C:\Windows\system32\dxgiadaptercache.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000220472 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000210744 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000208184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000206336 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000202040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000201728 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000201016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000199480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000199480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\Win32CompatibilityAppraiserCSP.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\container.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000193592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\weretw.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-10-10 11:52 - 2019-10-10 11:52 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000179512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000178176 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000176440 _____ (Microsoft Corporation) C:\Windows\system32\uxlib.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000176152 _____ (Microsoft Corporation) C:\Windows\system32\imm32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000173568 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\SpatialAudioLicenseSrv.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000165832 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000163328 _____ (Microsoft Corporation) C:\Windows\system32\glu32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000162304 _____ (Microsoft Corporation) C:\Windows\system32\fwbase.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000159112 _____ (Microsoft Corporation) C:\Windows\system32\devobj.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ComposableShellProxyStub.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000155648 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_AppExecutionAlias.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000152408 _____ (Microsoft Corporation) C:\Windows\system32\KerbClientShared.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000151568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_BackgroundApps.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000150328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SpatialAudioLicenseSrv.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000140496 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\Chakrathunk.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prntvpt.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000137864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000137728 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_ForceSync.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000132408 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000132096 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinAUG.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000127064 _____ (Microsoft Corporation) C:\Windows\system32\win32u.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000125232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KerbClientShared.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\ApplicationControlCSP.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000122880 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000121856 _____ (Microsoft Corporation) C:\Windows\system32\updatecsp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000119840 _____ (Microsoft Corporation) C:\Windows\system32\OpenWith.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000117048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000116904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\EaseOfAccessDialog.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000110080 _____ C:\Windows\system32\ResBParser.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\CoreShellExtFramework.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000105832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpenWith.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000105272 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000100664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmcl.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000093712 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000093184 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000092624 _____ (Microsoft Corporation) C:\Windows\system32\taskhostw.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EaseOfAccessDialog.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000089544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32u.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicAgent.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000088352 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000084496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\rdvvmtransport.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000079376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\uaspstor.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\CustomInstallExec.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\tetheringclient.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000073024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\dwm.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000066832 _____ (Microsoft Corporation) C:\Windows\system32\iumcrypt.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollCtrl.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidspi.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\AssignedAccessRuntime.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\devrtl.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\audioresourceregistrar.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\pnppolicy.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000053248 _____ C:\Windows\system32\Drivers\UsbPmApi.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000052752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\tetheringconfigsp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollCtrl.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000047616 _____ C:\Windows\system32\UsbPmApi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AssignedAccessRuntime.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000047000 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cellulardatacapabilityhandler.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000043536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\WiredNetworkCSP.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000039304 _____ (Microsoft Corporation) C:\Windows\system32\NtlmShared.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000037176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\IcsEntitlementHost.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\enrollmentapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000033048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NtlmShared.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000028936 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspipe.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicPS.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2019-10-10 11:52 - 2019-10-10 11:52 - 000027648 _____ (Microsoft Corporation) C:\Windows\system32\Win32_DeviceGuard.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\CSystemEventsBrokerClient.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000021544 _____ (Microsoft Corporation) C:\Windows\system32\kdhvcom.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000020944 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\wmsgapi.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\bindflt.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000016696 _____ (Microsoft Corporation) C:\Windows\system32\spwizres.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\d3d8thk.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDJPN.DLL
2019-10-10 11:52 - 2019-10-10 11:52 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\pacjsworker.exe
2019-10-10 11:52 - 2019-10-10 11:52 - 000011576 _____ (Microsoft Corporation) C:\Windows\system32\uxlibres.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbd106.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCertResources.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000003584 _____ (Microsoft Corporation) C:\Windows\system32\TpmCertResources.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tier2punctuations.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2019-10-10 11:52 - 2019-10-10 11:52 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2019-10-10 11:48 - 2019-09-20 07:36 - 000492544 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-10-10 11:48 - 2019-09-20 07:14 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-10-10 11:47 - 2019-10-10 11:47 - 000741432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-10-10 11:44 - 2019-10-12 16:57 - 000000000 ____D C:\ProgramData\NVIDIA
2019-10-10 11:44 - 2019-10-10 23:06 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-10-10 11:44 - 2019-10-10 11:44 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-10-10 11:44 - 2019-10-10 11:44 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-10-10 11:44 - 2019-09-05 22:49 - 005468144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-10-10 11:44 - 2019-09-05 22:49 - 002634608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-10-10 11:44 - 2019-09-05 22:49 - 001767920 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-10-10 11:44 - 2019-09-05 22:49 - 000654320 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-10-10 11:44 - 2019-09-05 22:49 - 000450600 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-10-10 11:44 - 2019-09-05 22:49 - 000125240 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-10-10 11:44 - 2019-09-05 22:49 - 000082800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-10-10 11:44 - 2019-09-05 04:04 - 008709382 _____ C:\Windows\system32\nvcoproc.bin
2019-10-10 11:44 - 2019-08-01 16:07 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-10-10 11:43 - 2019-09-06 21:29 - 001012432 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-10-10 11:43 - 2019-09-06 21:29 - 001012432 _____ C:\Windows\system32\vulkan-1.dll
2019-10-10 11:43 - 2019-09-06 21:29 - 000876240 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-10-10 11:43 - 2019-09-06 21:29 - 000876240 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-10-10 11:43 - 2019-09-06 21:29 - 000447368 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-10-10 11:43 - 2019-09-06 21:29 - 000351944 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-10-10 11:43 - 2019-09-06 21:29 - 000301264 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-10-10 11:43 - 2019-09-06 21:29 - 000301264 _____ C:\Windows\system32\vulkaninfo.exe
2019-10-10 11:43 - 2019-09-06 21:29 - 000273104 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-10-10 11:43 - 2019-09-06 21:29 - 000273104 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-10-10 11:43 - 2019-09-06 21:28 - 011562376 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-10-10 11:43 - 2019-09-06 21:28 - 009937104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 002051008 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 001550080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 001477512 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 001247432 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 001140616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 000959424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 000812800 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 000676096 _____ C:\Windows\system32\nvofapi64.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 000658880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 000632768 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 000544648 _____ C:\Windows\SysWOW64\nvofapi.dll
2019-10-10 11:43 - 2019-09-06 21:27 - 000524168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 040444856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 035334536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 017300360 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 014921096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 005358472 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 004696968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 001726400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6443630.dll
2019-10-10 11:43 - 2019-09-06 21:26 - 001491336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6443630.dll
2019-10-10 11:43 - 2019-09-06 18:24 - 005002192 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-10-10 11:43 - 2019-09-06 18:24 - 004263840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-10-10 11:43 - 2019-09-06 00:19 - 000054700 _____ C:\Windows\system32\nvinfo.pb
2019-10-10 11:42 - 2019-10-10 11:42 - 000003206 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2019-10-10 11:42 - 2019-10-10 11:42 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-10-10 11:42 - 2019-10-10 11:42 - 000000000 ___RD C:\Users\Default\OneDrive
2019-10-10 11:42 - 2019-10-10 11:42 - 000000000 ___RD C:\Users\Default User\OneDrive
2019-10-10 11:42 - 2019-10-10 11:42 - 000000000 ___HD C:\OneDriveTemp
2019-10-10 11:41 - 2019-10-10 14:32 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2019-10-10 11:41 - 2019-10-10 11:44 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-10-10 11:28 - 2019-10-10 11:28 - 000000000 ____D C:\Users\homeuser\AppData\Local\OneDrive
2019-10-10 11:20 - 2019-10-10 11:33 - 000000000 ____D C:\ProgramData\DisplayDriverUninstaller
2019-10-10 11:17 - 2019-10-10 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-10-10 11:17 - 2019-10-10 11:17 - 000000000 ____D C:\Program Files (x86)\7-Zip
2019-10-10 10:50 - 2019-10-10 11:51 - 000000000 ____D C:\Temp torrents
2019-10-10 10:27 - 2019-03-18 15:20 - 008628736 _____ (Microsoft Corporation) C:\Windows\system32\prm0019.dll
2019-10-10 10:26 - 2019-10-09 21:18 - 000002317 _____ C:\Users\homeuser\Documents\indexfile.txt
2019-10-10 10:23 - 2019-10-12 16:59 - 000000000 ____D C:\Users\homeuser\AppData\LocalLow\Mozilla
2019-10-10 10:23 - 2019-10-11 15:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-10-10 10:23 - 2019-10-10 22:20 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-10-10 10:23 - 2019-10-10 10:23 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-10-10 10:23 - 2019-10-10 10:23 - 000000993 _____ C:\ProgramData\Desktop\Firefox.lnk
2019-10-10 10:23 - 2019-10-10 10:23 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Mozilla
2019-10-10 10:23 - 2019-10-10 10:23 - 000000000 ____D C:\Users\homeuser\AppData\Local\Mozilla
2019-10-10 10:23 - 2019-10-10 10:23 - 000000000 ____D C:\ProgramData\Mozilla
2019-10-10 10:19 - 2019-10-10 10:19 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Google
2019-10-10 10:16 - 2019-10-10 10:16 - 000001635 _____ C:\Users\Public\Desktop\Total Commander HomeUser v71.lnk
2019-10-10 10:16 - 2019-10-10 10:16 - 000001635 _____ C:\ProgramData\Desktop\Total Commander HomeUser v71.lnk
2019-10-10 10:16 - 2019-10-10 10:16 - 000000777 _____ C:\Users\Public\Desktop\Total Commander PowerUser v71.lnk
2019-10-10 10:16 - 2019-10-10 10:16 - 000000777 _____ C:\ProgramData\Desktop\Total Commander PowerUser v71.lnk
2019-10-10 10:16 - 2019-10-10 10:16 - 000000000 ____D C:\Users\Public\Desktop\TC PU Programs
2019-10-10 10:16 - 2019-10-10 10:16 - 000000000 ____D C:\ProgramData\Desktop\TC PU Programs
2019-10-10 10:16 - 2019-08-29 15:36 - 000286208 _____ C:\Windows\SysWOW64\lame_enc.dll
2019-10-10 10:16 - 2014-01-13 04:46 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2019-10-10 10:16 - 2009-12-29 23:27 - 000503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2019-10-10 10:16 - 2009-12-29 23:27 - 000487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCP70.DLL
2019-10-10 10:16 - 2009-12-29 23:27 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2019-10-10 10:15 - 2019-10-10 10:22 - 000000000 ____D C:\Users\homeuser\AppData\Local\Google
2019-10-10 10:15 - 2019-10-10 10:15 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-10 10:15 - 2019-10-10 10:15 - 000002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-10-10 10:15 - 2019-10-10 10:15 - 000002332 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-10-10 10:14 - 2019-10-10 10:14 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-10 10:14 - 2019-10-10 10:14 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-10 10:14 - 2019-10-10 10:14 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-10 10:13 - 2019-10-10 10:13 - 000000000 ___HD C:\Users\homeuser\MicrosoftEdgeBackups
2019-10-10 10:12 - 2019-10-10 10:23 - 000000000 ____D C:\TCPU71
2019-10-10 10:09 - 2019-10-12 14:15 - 000000000 ____D C:\Windows\Panther
2019-10-10 09:58 - 2019-10-10 07:19 - 000000000 ____D C:\Users\homeuser\AppData\Local\PlaceholderTileLogoFolder
2019-10-10 09:55 - 2019-10-12 16:58 - 000000000 ____D C:\ProgramData\Bigfoot Networks
2019-10-10 09:55 - 2019-10-10 20:14 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-10-10 09:55 - 2019-10-10 09:55 - 000002311 _____ C:\Users\Public\Desktop\Bigfoot Networks Killer Network Manager.lnk
2019-10-10 09:55 - 2019-10-10 09:55 - 000002311 _____ C:\ProgramData\Desktop\Bigfoot Networks Killer Network Manager.lnk
2019-10-10 09:55 - 2019-10-10 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bigfoot Networks
2019-10-10 09:55 - 2019-10-10 09:55 - 000000000 ____D C:\Program Files\Bigfoot Networks
2019-10-10 09:53 - 2019-10-10 09:53 - 000000000 ____D C:\Program Files (x86)\Intel
2019-10-10 09:53 - 2010-03-02 11:04 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2019-10-10 09:52 - 2019-10-10 09:52 - 000000000 ____D C:\Intel
2019-10-10 09:48 - 2019-10-10 18:09 - 000001134 _____ C:\Windows\system32\config\VSMIDK
2019-10-10 09:45 - 2019-10-11 00:14 - 000000000 ____D C:\ProgramData\Packages
2019-10-10 09:41 - 2019-10-10 11:08 - 000000000 ____D C:\Users\homeuser\AppData\Local\Comms
2019-10-10 09:37 - 2019-10-12 16:58 - 000000000 ___RD C:\Users\homeuser\OneDrive
2019-10-10 09:36 - 2019-10-10 14:32 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-10-10 09:36 - 2019-10-10 10:13 - 000000000 ____D C:\Users\homeuser\AppData\Local\MicrosoftEdge
2019-10-10 09:36 - 2019-10-10 09:36 - 000001450 _____ C:\Users\homeuser\Desktop\Microsoft Edge.lnk
2019-10-10 09:35 - 2019-10-11 00:13 - 000000000 ____D C:\Users\homeuser\AppData\Local\Packages
2019-10-10 09:35 - 2019-10-10 16:37 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Adobe
2019-10-10 09:35 - 2019-10-10 12:01 - 000000000 ___RD C:\Users\homeuser\3D Objects
2019-10-10 09:35 - 2019-10-10 11:27 - 000000000 ____D C:\Users\homeuser\AppData\Local\ConnectedDevicesPlatform
2019-10-10 09:35 - 2019-10-10 10:17 - 000000000 ____D C:\Users\homeuser\AppData\Local\Publishers
2019-10-10 09:35 - 2019-10-10 09:35 - 000000000 ____D C:\Users\homeuser\AppData\Local\VirtualStore
2019-10-10 09:35 - 2019-10-10 07:21 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-10-10 09:34 - 2019-10-12 15:31 - 000000000 ____D C:\Users\homeuser
2019-10-10 09:34 - 2019-10-10 09:34 - 000000020 ___SH C:\Users\homeuser\ntuser.ini
2019-10-10 09:33 - 2019-10-12 17:03 - 000812210 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-10 09:30 - 2019-10-10 09:30 - 000000000 ____D C:\Windows\CSC
2019-10-10 09:30 - 2019-10-10 09:30 - 000000000 ____D C:\ProgramData\USOShared
2019-10-10 09:30 - 2019-09-09 20:47 - 002874368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2019-10-10 09:28 - 2019-10-10 20:50 - 000000000 ____D C:\Windows\minidump
2019-10-10 09:28 - 2019-10-10 09:28 - 000000000 _SHDL C:\Documents and Settings
2019-10-10 09:11 - 2019-10-12 16:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-10-10 09:11 - 2019-10-10 12:10 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-10-10 09:11 - 2019-10-10 09:11 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-10-10 09:10 - 2019-10-11 19:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-10-10 09:10 - 2019-10-10 09:10 - 000000000 ____D C:\Windows\ServiceProfiles
2019-10-10 08:21 - 2019-10-10 08:21 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FxSound Enhancer
2019-10-10 08:21 - 2019-10-10 08:21 - 000000000 ____D C:\Users\homeuser\AppData\Local\DFX
2019-10-10 08:21 - 2019-10-10 08:21 - 000000000 ____D C:\Program Files (x86)\DFX
2019-10-10 08:14 - 2019-10-10 08:14 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2019-10-10 08:14 - 2019-10-10 08:14 - 000000000 ____D C:\Program Files\Realtek
2019-10-10 08:14 - 2019-10-10 08:14 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-10-10 08:14 - 2017-06-29 18:55 - 003509256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 003507688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 001347136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000914016 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000768808 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000691680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000642920 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000577832 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000410032 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000221960 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000209528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000110976 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2019-10-10 08:14 - 2017-06-29 18:55 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2019-10-10 08:14 - 2017-06-29 18:54 - 004059960 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2019-10-10 08:14 - 2017-06-29 18:54 - 000330552 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2019-10-10 08:14 - 2017-06-29 18:52 - 005826560 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2019-10-10 08:14 - 2017-06-29 18:52 - 003677160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2019-10-10 08:14 - 2017-06-29 18:52 - 003205120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2019-10-10 08:14 - 2017-06-29 18:52 - 000574752 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2019-10-10 08:14 - 2017-06-29 18:52 - 000118592 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2019-10-10 08:14 - 2017-06-29 18:51 - 002210304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2019-10-10 08:14 - 2017-06-29 18:51 - 002050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2019-10-10 08:14 - 2017-06-29 18:51 - 000041088 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt64.sys
2019-10-10 08:14 - 2017-06-29 18:51 - 000023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2019-10-10 08:14 - 2017-06-29 18:50 - 000122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2019-10-10 08:14 - 2017-06-29 03:05 - 012334923 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2019-10-10 08:14 - 2017-06-29 03:05 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2019-10-10 08:14 - 2016-09-22 14:55 - 002839520 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2019-10-10 07:35 - 2019-10-10 08:15 - 000000000 ___HD C:\Program Files (x86)\Temp
2019-10-10 07:28 - 2019-10-10 17:10 - 000000000 ____D C:\Users\homeuser\AppData\Local\ElevatedDiagnostics
2019-10-10 07:23 - 2019-10-10 07:23 - 000000000 ____D C:\Windows\pss
2019-10-10 06:56 - 2019-10-10 19:15 - 000000000 ____D C:\Program Files\Common Files\logishrd
2019-10-10 06:44 - 2019-10-10 06:44 - 000036408 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2019-10-10 06:43 - 2019-10-10 06:43 - 000000000 ____D C:\SysinternalsSuite
2019-10-10 06:38 - 2019-10-12 16:06 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\vlc
2019-10-10 06:38 - 2019-10-10 06:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-10-10 06:37 - 2019-10-10 06:37 - 000000000 ____D C:\Program Files\VideoLAN
2019-10-10 06:33 - 2019-10-12 16:57 - 000000000 ____D C:\Program Files\Core Temp
2019-10-10 06:33 - 2019-10-10 06:33 - 000002914 _____ C:\Windows\system32\Tasks\Core Temp Autostart homeuser
2019-10-10 06:33 - 2019-10-10 06:33 - 000000989 _____ C:\Users\homeuser\Desktop\Core Temp.lnk
2019-10-10 06:33 - 2019-10-10 06:33 - 000000067 _____ C:\Users\homeuser\Desktop\Core Temp Gadget & Addons.url
2019-10-10 06:33 - 2019-10-10 06:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2019-10-10 06:30 - 2019-10-10 06:30 - 000000000 ____D C:\Users\homeuser\AppData\Local\Apps\2.0
2019-10-10 05:50 - 2019-10-12 14:49 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Wise Disk Cleaner
2019-10-10 05:50 - 2019-10-10 05:50 - 000001277 _____ C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2019-10-10 05:50 - 2019-10-10 05:50 - 000001277 _____ C:\ProgramData\Desktop\Wise Disk Cleaner.lnk
2019-10-10 05:50 - 2019-10-10 05:50 - 000000000 ____D C:\Windows\system32\Tasks\WiseCleaner
2019-10-10 05:50 - 2019-10-10 05:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner
2019-10-10 05:50 - 2019-10-10 05:50 - 000000000 ____D C:\Program Files (x86)\Wise
2019-10-10 05:46 - 2019-10-10 05:46 - 000000000 ____D C:\AdwCleaner
2019-10-10 05:39 - 2019-10-10 05:44 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-10-10 05:39 - 2019-10-10 05:39 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-10-10 05:39 - 2019-10-10 05:39 - 000001912 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-10-10 05:39 - 2019-10-10 05:39 - 000000000 ____D C:\Users\homeuser\AppData\Local\mbamtray
2019-10-10 05:39 - 2019-10-10 05:39 - 000000000 ____D C:\Users\homeuser\AppData\Local\mbam
2019-10-10 05:39 - 2019-10-10 05:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-10-10 05:39 - 2019-10-10 05:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-10-10 05:39 - 2019-10-10 05:39 - 000000000 ____D C:\Program Files\Malwarebytes
2019-10-10 05:39 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-10-10 04:18 - 2019-10-12 15:05 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Discord
2019-10-10 04:18 - 2019-10-10 15:20 - 000000000 ____D C:\Users\homeuser\AppData\Local\SquirrelTemp
2019-10-10 04:18 - 2019-10-10 04:18 - 000002248 _____ C:\Users\homeuser\Desktop\Discord.lnk
2019-10-10 04:18 - 2019-10-10 04:18 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-10-10 04:18 - 2019-10-10 04:18 - 000000000 ____D C:\Users\homeuser\AppData\Local\Discord
2019-10-10 04:18 - 2019-10-10 04:18 - 000000000 ____D C:\ProgramData\SquirrelMachineInstalls
2019-10-10 03:28 - 2019-10-10 03:59 - 000000000 ____D C:\Users\homeuser\AppData\Roaming\Acronis
2019-10-10 03:27 - 2019-10-10 14:50 - 000000000 ____D C:\ProgramData\Acronis
2019-10-10 03:27 - 2019-10-10 04:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2019-10-10 03:27 - 2019-10-10 04:10 - 000000000 ____D C:\Program Files (x86)\Acronis
2019-10-10 03:27 - 2019-10-10 03:27 - 000883256 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000693768 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tnd.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000687768 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_protector.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000390592 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_tracker.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000371144 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000330176 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\virtual_file.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000243472 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\volume_tracker.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000182832 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000171968 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys
2019-10-10 03:27 - 2019-10-10 03:27 - 000001286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image.lnk
2019-10-10 03:27 - 2019-10-10 03:27 - 000001274 _____ C:\Users\Public\Desktop\Acronis True Image.lnk
2019-10-10 03:27 - 2019-10-10 03:27 - 000001274 _____ C:\ProgramData\Desktop\Acronis True Image.lnk
2019-10-10 03:27 - 2019-10-10 03:27 - 000000000 ____D C:\ProgramData\Acronis Mobile Backup Data
2019-10-10 03:10 - 2019-10-12 16:57 - 000000208 _____ C:\Windows\SysWOW64\AbBakConfig.dat
2019-10-10 03:10 - 2019-10-12 16:57 - 000000150 _____ C:\Windows\SysWOW64\winsevr.dat
2019-10-10 03:10 - 2019-10-10 23:20 - 000001024 ____H C:\SYSTAG.BIN
2019-10-10 03:10 - 2019-10-10 03:10 - 000000000 ____D C:\ProgramData\Aomei
2019-10-10 03:09 - 2019-10-12 16:57 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2019-10-10 03:09 - 2019-10-10 03:10 - 000001130 _____ C:\Users\Public\Desktop\AOMEI Backupper.lnk
2019-10-10 03:09 - 2019-10-10 03:10 - 000001130 _____ C:\ProgramData\Desktop\AOMEI Backupper.lnk
2019-10-10 03:09 - 2019-10-10 03:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2019-10-10 03:09 - 2017-09-01 18:12 - 000038320 _____ C:\Windows\system32\amwrtdrv.sys
2019-10-10 03:09 - 2016-12-21 22:54 - 000051120 _____ C:\Windows\system32\ambakdrv.sys
2019-10-10 03:09 - 2016-12-21 22:52 - 000171952 _____ C:\Windows\system32\ammntdrv.sys
2019-10-10 03:08 - 2019-10-10 14:55 - 000000000 ____D C:\ProgramData\AomeiBR
2019-09-16 18:54 - 2019-09-16 18:54 - 000099648 _____ (VMware, Inc.) C:\Windows\system32\vmnetbridge.dll
2019-09-16 18:54 - 2019-09-16 18:54 - 000066368 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys
2019-09-16 18:54 - 2019-09-16 18:54 - 000045880 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys
2019-09-16 18:54 - 2019-09-16 18:54 - 000045880 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-12 17:03 - 2019-03-19 07:50 - 000000000 ____D C:\Windows\INF
2019-10-12 16:57 - 2019-03-19 07:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-12 16:40 - 2019-03-19 07:37 - 000524288 _____ C:\Windows\system32\config\BBI
2019-10-12 15:45 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\AppReadiness
2019-10-11 23:54 - 2019-03-19 07:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-11 23:33 - 2019-03-19 07:37 - 000000000 ____D C:\Windows\CbsTemp
2019-10-11 14:30 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\appcompat
2019-10-10 22:21 - 2019-03-19 07:37 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-10-10 20:39 - 2019-03-19 07:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-10-10 16:35 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-10-10 16:35 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\Macromed
2019-10-10 12:10 - 2019-03-19 07:52 - 000000000 ____D C:\Program Files\Windows Defender
2019-10-10 11:59 - 2019-03-19 09:23 - 000000000 ___SD C:\Windows\system32\AppV
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ___RD C:\Windows\PrintDialog
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\SysWOW64\oobe
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\SystemResources
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\WinMetadata
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\oobe
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\migwiz
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\Dism
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-10-10 11:59 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\bcastdvr
2019-10-10 11:55 - 2019-03-19 07:37 - 000000000 ____D C:\Windows\servicing
2019-10-10 11:44 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\Help
2019-10-10 10:27 - 2019-03-19 09:22 - 000000000 ____D C:\Windows\OCR
2019-10-10 10:08 - 2019-03-19 07:49 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-10-10 09:46 - 2019-03-19 07:52 - 000000000 ____D C:\ProgramData\USOPrivate
2019-10-10 09:45 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\ServiceState
2019-10-10 09:34 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2019-10-10 09:30 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\spool
2019-10-10 09:30 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-10-10 09:10 - 2019-03-19 07:52 - 000000000 ____D C:\Windows\LiveKernelReports
2019-10-10 05:54 - 2019-03-19 07:52 - 000000000 ___SD C:\Windows\Downloaded Program Files

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2019
Ran by homeuser (12-10-2019 17:15:14)
Running from C:\Users\homeuser\Desktop\FRST
Windows 10 Pro Version 1903 18362.418 (X64) (2019-10-10 06:28:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3024691867-316160702-395545048-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3024691867-316160702-395545048-503 - Limited - Disabled)
Guest (S-1-5-21-3024691867-316160702-395545048-501 - Limited - Disabled)
homeuser (S-1-5-21-3024691867-316160702-395545048-1001 - Administrator - Enabled) => C:\Users\homeuser
WDAGUtilityAccount (S-1-5-21-3024691867-316160702-395545048-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\uTorrent) (Version: 3.5.5.45365 - BitTorrent Inc.)
µTorrent 3.5.5 (HKLM-x32\...\µTorrent 3.5.5 Build 45365) (Version: - )
7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Acronis True Image (HKLM-x32\...\{862C72C1-E306-424D-A030-B8DB22A1AC8A}) (Version: 24.4.21400 - Acronis)
Acronis Universal Restore Bootable Media Builder (HKLM-x32\...\{D8DCEF7C-9698-46FF-A1CB-89FAB7712E9E}) (Version: 11.7.40250 - Acronis)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.270 - Adobe)
AOMEI Backupper Professional Trial (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Bigfoot Networks Killer Network Manager (HKLM\...\{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.603 - Bigfoot Networks) Hidden
Bigfoot Networks Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.603 - Bigfoot Networks)
Bloody7 (HKLM-x32\...\Bloody3) (Version: 19.09.0012 - Bloody)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.140.2.1004 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boson NetSim 11 (HKLM-x32\...\{FFC473CA-A239-47D5-8B57-40055095196F}) (Version: 11.7.0000 - Boson Software, LLC) Hidden
Boson NetSim 11 (HKLM-x32\...\InstallShield_{FFC473CA-A239-47D5-8B57-40055095196F}) (Version: 11.7.0000 - Boson Software, LLC)
Cisco Packet Tracer 7.2.1 64Bit (HKLM\...\Cisco Packet Tracer 7.2.1 64Bit_is1) (Version: - Cisco Systems, Inc.)
Clipdiary 5.3 (HKLM-x32\...\Clipdiary) (Version: 5.3 - Tiushkov Nikolay)
Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU)
Discord (HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
FxSound Enhancer (HKLM-x32\...\FxSound Enhancer) (Version: 13.027 - FxSound)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Hard Disk Sentinel Pro (HKLM-x32\...\Hard Disk Sentinel Pro) (Version: 5.50.10482 - )
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
Hotspot Shield 8.4.6 (HKLM-x32\...\HotspotShield) (Version: 8.4.6 - AnchorFree Inc.) Hidden
Hotspot Shield 8.7.0 (HKLM-x32\...\{58481a68-e716-4546-a844-70b3c6f1516e}) (Version: 8.7.0.11379 - AnchorFree Inc.)
Hotspot Shield 8.7.0 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925D197AF96}) (Version: 8.7.0.11379 - AnchorFree Inc.) Hidden
HyperSnap 8.16.16 (HKLM\...\HyperSnap_is1) (Version: 8.16.16 - Hyperionics Technology, LLC)
Jeppesen CDA Service (HKLM-x32\...\{B9C9E547-9F27-4C4B-8E9C-58400B35CFE1}) (Version: 4.0.0.123 - Jeppesen)
Jeppesen Format Print Driver (HKLM-x32\...\{986090B3-C3B8-4DD4-8BB1-6561F74915FF}) (Version: 1.1.0.8 - Jeppesen)
Jeppesen Program and Data Installation (HKLM-x32\...\{4173F0BF-2363-4DC3-92A9-446B69DBB134}) (Version: 1.0.0.0 - Jeppesen)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.20.27508 (HKLM-x32\...\{7b178cda-9740-4701-a92a-f168d213b343}) (Version: 14.20.27508.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.20.27508 (HKLM-x32\...\{8c3f057e-d6a6-4338-ac6a-f1c795a6577b}) (Version: 14.20.27508.1 - Microsoft Corporation)
Mozilla Firefox 69.0.3 (x64 ru) (HKLM\...\Mozilla Firefox 69.0.3 (x64 ru)) (Version: 69.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.2 - Mozilla)
novaPDF for SDK v7 (novaPDF 7.7 printer) (HKLM\...\novaPDF for SDK v7_is1) (Version: 7.7.3987 - Softland)
NVIDIA Graphics Driver 436.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Process Lasso Pro (HKLM-x32\...\Process Lasso Pro) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Reg Organizer 8.30 (HKLM-x32\...\Reg Organizer_is1) (Version: 8.30 - lrepacks.ru)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Telegram Desktop version 1.8.15 (HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.15 - Telegram FZ-LLC)
Viber (HKLM-x32\...\{1ACD6C5F-7CFF-49C9-B1EE-3DF0C20B179E}) (Version: 11.6.0.51 - Viber Media S.a.r.l) Hidden
Viber (HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\{6b955245-7912-40bc-915d-8c6e3fe859e4}) (Version: 11.6.0.51 - Viber Media S.a.r.l)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VMware Workstation (HKLM\...\{95339CED-ADD1-48FA-94DF-72E64B7893D6}) (Version: 15.5.0 - VMware, Inc.)
WhatsApp (HKU\S-1-5-21-3024691867-316160702-395545048-1001\...\WhatsApp) (Version: 0.3.4941 - WhatsApp)
WinTools.net Premium (HKLM-x32\...\WinTools.net Premium) (Version: - WinTools Software Engineering, Ltd.)
Wise Disk Cleaner 10.2.5 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 10.2.5 - WiseCleaner.com, Inc.)

Packages:
=========
Avira Phantom VPN -> C:\Program Files\WindowsApps\Avira.AviraPhantomVPN_1.15.89.0_x64__h4a2wkdf3s2xr [2019-10-10] (Avira)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.22.7.0_x86__kgqvnymyfvs32 [2019-10-10] (king.com)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.25.5.0_x86__kgqvnymyfvs32 [2019-10-10] (king.com)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-10-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-11] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-11] (Microsoft Corporation) [MS Ad]
Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.10.0.0_neutral__v68kp9n051hdp [2019-10-10] (Symantec Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0 [2019-10-10] (Spotify AB)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_4_21400.dll [2019-09-23] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_4_21400.dll [2019-09-23] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_4_21400.dll [2019-09-23] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_4_21400.dll [2019-09-23] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2019-09-16] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2019-09-16] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-09-06] (Mega Limited -> )
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll [2019-10-10] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [475672 2007-10-12] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [416280 2007-10-12] (Logitech Inc -> Logitech Inc.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\homeuser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2019-10-10 23:04 - 2017-04-17 10:43 - 003852800 ____N () [File not signed] C:\Program Files (x86)\Bloody7\Bloody7\Data\Mouse\Forms\Internet_Advertisement\Internet_Advertisement_DLL.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000079360 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\CDAClient.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000154112 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\cdacommon.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000075776 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\CDAConfig.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000544256 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\CDACrypt.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000079872 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\CDAMsg.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000144896 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\DataMgr.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000238080 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\DownloadMgr.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000117248 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\jcommon.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000272896 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\tcutil.dll
2019-10-10 16:06 - 2016-04-01 08:30 - 000124416 _____ () [File not signed] C:\Program Files (x86)\Jeppesen\CDA\UpdateMgr.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000217600 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\BFCommon.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000404992 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modApplications.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000036864 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modFeatures.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000025088 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modFraps.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000241152 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modGraph.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000062464 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modlcd.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000289280 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modNetwork.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000184832 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modNpu.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000210944 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modOptions.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000055808 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modOverview.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000329216 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modSystemInfo.dll
2011-05-09 20:46 - 2011-05-09 20:46 - 002760192 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\QtCore4.dll
2011-05-09 20:56 - 2011-05-09 20:56 - 009856000 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\QtGui4.dll
2011-05-09 20:48 - 2011-05-09 20:48 - 000990720 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\QtNetwork4.dll
2011-05-09 20:47 - 2011-05-09 20:47 - 000416256 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\QtXml4.dll
2011-05-10 12:32 - 2011-05-10 12:32 - 000731648 _____ () [File not signed] C:\Program Files\Bigfoot Networks\Killer Network Manager\qwt5.dll
2019-10-10 10:13 - 2019-07-17 13:09 - 000097280 _____ () [File not signed] C:\TCPU71\Plugins\wdx\autorun\autorun.wdx
2019-10-10 10:13 - 2019-01-11 11:14 - 000009216 _____ () [File not signed] C:\TCPU71\Plugins\wdx\autorun\Plugins\Autorun_Sysinfo.dll
2019-10-10 10:13 - 2016-02-01 01:03 - 000009216 _____ () [File not signed] C:\TCPU71\Plugins\wdx\autorun\Plugins\TCFS2Tools.dll
2019-10-10 10:13 - 2013-10-17 01:06 - 000047616 _____ () [File not signed] C:\TCPU71\Plugins\wdx\EncInfo\EncInfo.wdx
2019-09-24 17:23 - 2019-09-24 17:23 - 024393024 _____ (Acronis International GmbH -> ) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2019-10-10 03:09 - 2015-05-21 14:32 - 000068784 _____ (Aomei Technology Co., Limited -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\AOMEI Backupper\vcomp.dll
2013-10-09 15:39 - 2013-10-09 15:39 - 000189952 _____ (Bigfoot Networks, Inc.) [File not signed] C:\Windows\system32\BfLLR.dll
2019-10-10 11:17 - 2019-02-21 19:00 - 000050688 _____ (Igor Pavlov) [File not signed] C:\Program Files (x86)\7-Zip\7-zip.dll
2017-09-03 10:38 - 2017-09-03 10:38 - 000019456 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Hard Disk Sentinel Pro\winspool.drv
2019-10-10 16:06 - 2016-04-01 08:30 - 001115648 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files (x86)\Jeppesen\CDA\libcurl.dll
2019-09-23 08:44 - 2019-09-23 08:44 - 025338368 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icudt54.dll
2019-09-23 08:44 - 2019-09-23 08:44 - 002056704 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuin54.dll
2019-09-23 08:44 - 2019-09-23 08:44 - 001425408 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuuc54.dll
2017-09-14 09:37 - 2017-09-14 09:37 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qgif.dll
2017-09-14 09:42 - 2017-09-14 09:42 - 000033280 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qicns.dll
2017-09-14 09:37 - 2017-09-14 09:37 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qico.dll
2017-09-14 09:37 - 2017-09-14 09:37 - 000245760 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qjpeg.dll
2017-09-14 09:42 - 2017-09-14 09:42 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qsvg.dll
2017-09-14 09:42 - 2017-09-14 09:42 - 000020992 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qtga.dll
2017-09-14 09:42 - 2017-09-14 09:42 - 000316416 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qtiff.dll
2017-09-14 09:42 - 2017-09-14 09:42 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qwbmp.dll
2017-09-14 09:42 - 2017-09-14 09:42 - 000322560 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qwebp.dll
2017-09-14 09:37 - 2017-09-14 09:37 - 001010688 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\platforms\qwindows.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 07:49 - 2019-10-12 17:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3024691867-316160702-395545048-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\homeuser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{629C5A6C-2A5B-4A52-BB1F-199B70DF0C9A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E2B68495-0037-40E3-B2AF-9484AFDE6130}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{23FBD9CE-AF7B-46E9-A69E-76BD3D5ACC2F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DA2AFA91-AE67-4D27-8ED8-79E742BAEBC4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1280639B-879D-4BC9-8FB7-61B5891485E7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7210E0A6-C3A3-471B-8EAC-354A916A474C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F30CCF39-8882-480F-922F-5D3ACE80A7C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C8A68741-FC74-4F9A-810E-570C90872C67}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{39E2673F-D4AE-4831-BD21-1D0E8F058668}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B7419F76-D5A7-444C-B718-7A03E6143BCF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4F44E9D8-08C3-462A-BC5B-6EB3DAC2CCF7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{84CCF5A6-5344-4F04-8BDD-A95C0EBDC0BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3E3A569-5EEE-4D4E-B0AD-129216A16AFC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{293C89BE-E43A-4753-BCE7-3C3114155802}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5B38AB3E-2CBE-4751-BA94-BA2CFEAC8F55}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0E954386-070C-4D2A-9EB1-6D47C3097C3F}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI TECHNOLOGY CO., LTD. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{4A2BC2ED-365C-4731-A4E7-9F978C61F249}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI TECHNOLOGY CO., LTD. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{2FF96B22-DF96-488A-8231-B75A12899BB6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [{3C79DBD5-9034-4876-9211-0889AC0DB166}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{149A8DCA-AC7F-43AA-80C5-9E79B91EAE35}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{2201CD25-6760-46B1-8640-A3C2A59740D0}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{E12AB4C0-1AB8-4315-8B03-11CE56B805E9}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> ) [File not signed]
FirewallRules: [{F9FCC330-3EB0-4C60-9ED7-797C536FED0C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> ) [File not signed]
FirewallRules: [{71B22CF3-3984-4361-A50A-347F9307CA9A}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
FirewallRules: [{09FD86FA-610E-4AA5-8EE0-8EF6C1870A98}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
FirewallRules: [{57477F2F-F84C-4716-A3B1-0E2B987F25CA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )
FirewallRules: [{A826BF27-199A-43D4-9565-F78B87B0511C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{6C16D8E8-D25E-449C-A13C-1D24727A35CE}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
FirewallRules: [{F87CBDC5-6E38-45D6-AB85-EF9411E30323}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> )
FirewallRules: [{2EF41B4F-C268-400E-9F06-7F32AFFF1FD5}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\LicenseActivator.exe (Acronis International GmbH -> )
FirewallRules: [{B9504A0D-DF5F-4B3D-A329-283C2734C00E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Home\report_sender.exe (Acronis International GmbH -> )
FirewallRules: [{EC94B174-E665-4E7E-8E4D-191C599E4DB5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> )
FirewallRules: [{C6B2DB6F-0383-44D1-AF28-0717908869AD}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{6E72D62D-18E7-4D4F-AEA5-C4B7ADC3E1D5}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe (Acronis International GmbH -> )
FirewallRules: [{9EBC34F3-F874-4C97-AC3A-D8246FBAD63D}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{BCDC2602-AB2E-4DD8-A80F-86CA81BCCA18}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> ) [File not signed]
FirewallRules: [{E1D9767C-F51F-4D74-A522-B9F655D2E681}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\PxeUi.exe (CHENGDU AOMEI TECHNOLOGY CO., LTD. -> AOMEI Tech Co., Ltd.)
FirewallRules: [TCP Query User{7EDECD1A-AF4D-4721-A283-6DDC4A8225DC}C:\program files (x86)\jeppesen\jeppview for windows\jeppview.exe] => (Allow) C:\program files (x86)\jeppesen\jeppview for windows\jeppview.exe (Jeppesen Sanderson, Inc -> Jeppesen-Sanderson)
FirewallRules: [UDP Query User{83D5C78E-08A5-4EFB-851E-A0FBA007691E}C:\program files (x86)\jeppesen\jeppview for windows\jeppview.exe] => (Allow) C:\program files (x86)\jeppesen\jeppview for windows\jeppview.exe (Jeppesen Sanderson, Inc -> Jeppesen-Sanderson)
FirewallRules: [{6301C9A4-C4AD-435D-9C5B-9CE8279845A6}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{8785B935-56E1-491D-855F-E7640BB0A7D0}] => (Allow) C:\Users\homeuser\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [{FDE54A32-E72B-4B90-B930-89A8853CD20E}] => (Allow) C:\Users\homeuser\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [{FA36331F-3B54-49B3-8708-1D0C2A3DAACC}] => (Allow) C:\Users\homeuser\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [{55A238E8-B308-4FB7-A6CB-0DF289DCCF38}] => (Allow) C:\Users\homeuser\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [{D2F9ABD6-60FC-4CF1-841C-52AFFA2F9C03}] => (Allow) C:\Users\homeuser\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [{6167B026-08F1-4E77-B739-20A5EF80B200}] => (Allow) C:\Users\homeuser\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [{B4195FA0-CE70-4EAF-B18E-72ED1E1B2BD0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{EB7BC6F7-E51F-48C0-811A-4740F1213413}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{550CD862-B8B8-430E-8040-2E2FE6549310}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{17F34F6C-4AC6-41FC-8819-E16182C90ECB}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{94829DD3-1E24-4401-86A2-E4E040082A12}] => (Allow) C:\Users\homeuser\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [{2254F46B-6D0A-4ECE-AFFA-4D63A689D3D3}] => (Allow) C:\Users\homeuser\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) [File not signed]
FirewallRules: [TCP Query User{8284B549-BAA9-4569-97C3-7396A4BED134}F:\difsoft\sdi_rus\sdi_x64_r1909.exe] => (Allow) F:\difsoft\sdi_rus\sdi_x64_r1909.exe (www.SamLab.ws) [File not signed]
FirewallRules: [UDP Query User{DFEC0AC0-904B-4EE5-833D-A1BD057DF93D}F:\difsoft\sdi_rus\sdi_x64_r1909.exe] => (Allow) F:\difsoft\sdi_rus\sdi_x64_r1909.exe (www.SamLab.ws) [File not signed]
FirewallRules: [TCP Query User{CB9BA30C-68C1-4FBC-8BDC-18E45E8148E2}C:\program files\cisco packet tracer 7.2.1\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.2.1\bin\packettracer7.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [UDP Query User{5087C5FD-A8B6-4582-ACF6-801172DE63D3}C:\program files\cisco packet tracer 7.2.1\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.2.1\bin\packettracer7.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2019 05:12:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TOTALCMD.EXE, version: 9.2.2.1, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 10.0.18362.418, time stamp: 0x2b181c2c
Exception code: 0xc06d007e
Fault offset: 0x00113572
Faulting process id: 0x34d0
Faulting application start time: 0x01d581051a71b039
Faulting application path: C:\TCPU71\TOTALCMD.EXE
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 51f64344-2288-4261-98a0-073bbb57030a
Faulting package full name:
Faulting package-relative application ID:

Error: (10/12/2019 05:09:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TOTALCMD.EXE, version: 9.2.2.1, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 10.0.18362.418, time stamp: 0x2b181c2c
Exception code: 0xc06d007e
Fault offset: 0x00113572
Faulting process id: 0x34d0
Faulting application start time: 0x01d581051a71b039
Faulting application path: C:\TCPU71\TOTALCMD.EXE
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: fffa7c6e-0715-4948-b780-0b85c4f1fede
Faulting package full name:
Faulting package-relative application ID:

Error: (10/12/2019 05:09:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TOTALCMD.EXE, version: 9.2.2.1, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 10.0.18362.418, time stamp: 0x2b181c2c
Exception code: 0xc06d007e
Fault offset: 0x00113572
Faulting process id: 0x34d0
Faulting application start time: 0x01d581051a71b039
Faulting application path: C:\TCPU71\TOTALCMD.EXE
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 6ed71b2a-9d8f-45e8-bb46-c90b42abb51c
Faulting package full name:
Faulting package-relative application ID:

Error: (10/12/2019 05:09:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TOTALCMD.EXE, version: 9.2.2.1, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 10.0.18362.418, time stamp: 0x2b181c2c
Exception code: 0xc06d007e
Fault offset: 0x00113572
Faulting process id: 0x34d0
Faulting application start time: 0x01d581051a71b039
Faulting application path: C:\TCPU71\TOTALCMD.EXE
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: e5546925-3587-4d71-87a4-aef4d5ddc172
Faulting package full name:
Faulting package-relative application ID:

Error: (10/12/2019 05:02:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TOTALCMD.EXE, version: 9.2.2.1, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 10.0.18362.418, time stamp: 0x2b181c2c
Exception code: 0xc06d007e
Fault offset: 0x00113572
Faulting process id: 0x34d0
Faulting application start time: 0x01d581051a71b039
Faulting application path: C:\TCPU71\TOTALCMD.EXE
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 4c130dfe-601c-4892-a73f-e240e252bc8d
Faulting package full name:
Faulting package-relative application ID:

Error: (10/12/2019 03:28:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (10/12/2019 03:28:59 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (10/12/2019 03:07:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.


System errors:
=============
Error: (10/12/2019 04:39:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/12/2019 04:39:53 PM) (Source: DCOM) (EventID: 10010) (User: SIMPC)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (10/12/2019 04:39:53 PM) (Source: DCOM) (EventID: 10010) (User: SIMPC)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (10/12/2019 04:39:53 PM) (Source: DCOM) (EventID: 10010) (User: SIMPC)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (10/12/2019 04:39:53 PM) (Source: DCOM) (EventID: 10010) (User: SIMPC)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (10/12/2019 04:39:53 PM) (Source: DCOM) (EventID: 10010) (User: SIMPC)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (10/12/2019 04:39:53 PM) (Source: DCOM) (EventID: 10010) (User: SIMPC)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (10/12/2019 04:39:53 PM) (Source: DCOM) (EventID: 10010) (User: SIMPC)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2019-10-12 16:27:21.248
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7B452A22-C9D2-4377-A41B-B8C869F47880}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-12 15:46:33.165
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1C3DA568-8055-4B71-B8C9-E83AA14046B1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-12 14:44:44.592
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B69D6E48-F670-4B1B-8DD7-6E70EE823EE7}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-12 14:34:25.552
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B820B248-0F05-4944-8287-EA7ABEB89D76}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-12 14:29:13.388
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {093BB496-8F58-4E5A-BAD5-908E5DD3FA9E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-10 11:49:26.387
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.1322.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-10-10 11:32:30.105
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2019-10-10 11:25:05.793
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2019-10-12 17:15:13.010
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-12 17:15:13.009
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-12 17:15:12.329
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-12 17:15:12.328
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-12 17:12:08.185
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-12 17:12:08.184
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-12 17:12:07.187
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-12 17:12:07.186
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Award Software International, Inc. F4d 12/12/2011
Motherboard: Gigabyte Technology Co., Ltd. G1.Guerrilla
Processor: Intel(R) Core(TM) i7 CPU 980 @ 3.33GHz
Percentage of memory in use: 48%
Total physical RAM: 12286.42 MB
Available physical RAM: 6290.11 MB
Total Virtual: 24574.42 MB
Available Virtual: 17325.26 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.88 GB) (Free:50.1 GB) NTFS
Drive d: (simdisk) (Fixed) (Total:119.24 GB) (Free:6.63 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (FILMS) (Fixed) (Total:931.51 GB) (Free:99.76 GB) NTFS
Drive f: (backup) (Fixed) (Total:931.51 GB) (Free:27.3 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (storage2) (Fixed) (Total:465.75 GB) (Free:46.97 GB) NTFS
Drive h: (2k10 Live 7.24) (CDROM) (Total:3.85 GB) (Free:0 GB) CDFS
Drive i: () (Fixed) (Total:55.89 GB) (Free:0.68 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{c2d32257-0000-0000-0000-80b81b000000}\ () (Fixed) (Total:0.46 GB) (Free:0.06 GB) NTFS
\\?\Volume{c2d32257-0000-0000-0000-50d61b000000}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: FB81C632)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F477C05A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 55.9 GB) (Disk ID: 465FB6DD)
Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: C2D32257)
Partition 1: (Not Active) - (Size=110.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=476 MB) - (Type=27)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 5 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: FB81C633)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Edit: Instructions updated.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ".
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF NewTabOverride: Mozilla\Firefox\Profiles\s2ccsxum.default-release -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
R3 ALSysIO; C:\Users\homeuser\AppData\Local\Temp\ALSysIO64.sys [47240 2019-10-12] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
C:\Users\homeuser\AppData\Local\Temp\ALSysIO64.sys
cmd: netsh winsock reset
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.
 
Last edited:
Hello.

I also have installers issues: they won`t work from local disk e, d. i see something like NSIS Error or volume label syntax is incorrect. to get these installer working i have to place it to system disk c. not sure it is due to malware but it`s weird:rolleyes:

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-10-2019 02
Ran by homeuser (13-10-2019 15:47:15) Run:2
Running from C:\Users\homeuser\Desktop\FRST
Loaded Profiles: homeuser (Available Profiles: homeuser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF NewTabOverride: Mozilla\Firefox\Profiles\s2ccsxum.default-release -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
R3 ALSysIO; C:\Users\homeuser\AppData\Local\Temp\ALSysIO64.sys [47240 2019-10-12] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
C:\Users\homeuser\AppData\Local\Temp\ALSysIO64.sys
cmd: netsh winsock reset
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"Firefox NewTabOverride ({a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}) " => removed successfully
ALSysIO => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ALSysIO => removed successfully
ALSysIO => service removed successfully
C:\Users\homeuser\AppData\Local\Temp\ALSysIO64.sys => moved successfully

========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18308256 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 633639 B
Edge => 187645 B
Chrome => 205058006 B
Firefox => 35425738 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 14582 B
NetworkService => 18142 B
homeuser => 9186354 B

RecycleBin => 0 B
EmptyTemp: => 265.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:47:38 ====
 

Attachments

  • Snap2.jpg
    Snap2.jpg
    294.3 KB · Views: 10
There are a number of reasons for the NSIS error or volume label syntax is incorrect. The ini file may be redirecting to the wrong folder/volume/file and needs to be corrected; there are spaces in the file name; the Windows Installer is closed and it is necessary to start the service; the installer file may be corrupted or the file name is Cyrillic and not recognized on the English system or, yes, it could be due to malware. However, because you do not wish to remove µTorrent or the files detected by Malwarebytes, AdwCleaner and Windows Defender, I don't have any further suggestions.

Please do the following to Uninstall FRST
  • Right-click on FRST/FRST64, and select Rename.
  • Rename it to Uninstall.exe and press Enter on your keyboard.
  • Double-click on Uninstall.exe. Your computer will restart, and allow it to do so. FRST will now uninstall.
 
Corrine said:
There are a number of reasons for the NSIS error or volume label syntax is incorrect. The ini file may be redirecting to the wrong folder/volume/file and needs to be corrected; there are spaces in the file name; the Windows Installer is closed and it is necessary to start the service; the installer file may be corrupted or the file name is Cyrillic and not recognized on the English system
Click to expand...

thank you. as it turned out the reason is not only files names but also folders names in Cyrillic but it is strange that older Windows 1809 which i had before did not pay attention to Cyrillic characters in names although it has also been installed in the eng (us) :rolleyes: in other issues the cause was the too old version of the installers. the question can be considered to be solved but I never understood how avast managed to sneak into the system
 
Last edited:
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top