I've build pretty recently a new machine with the following specs:
Gigabyte Z370 Aorus Gaming 7 DDR4 ATX Motherboard
Intel Core i7-8700K LGA1151 3.70GHz OEM Processor
Straight Power 11 850w - 80plus Gold Power Supply
MSI GeForce GTX 1060 6GB ARMOR OC Graphics Card
Be Quiet! Silent Loop All In One 280mm Cpu Liquid Cooler
Samsung 250GB 960 Evo M.2 SSD
Crucial Ballistix Sport LT 32GB Kit DDR4 2400MHz Memory Kit BLS2C16G4D240FSB
Sound Blaster Z
Samsung SSD 840 Pro
Samsung HD204UI HDD
and additional hdds
And I experience constant problems with sounds poping, half second freezing etc. This happens mainly after opening some website which contain more srcipts, flash, lots of images etc. But not necessarily - it's enough that the machine runs for a couple of hours and the issue starts regardless. I was thinking that's something related to the network card or the SSD. When I used utorrent on the full speed it was the worst, computer was freezing totally, and torrent client stopped responding. I moved the downloads folder to a different hdd and it improved, but hasn't resolved.
Then thought it's something wrong with the sound card, but tested with a different one and with the onboard one and it's the same.
I've tested the config with Windows 7 x64, Windows 10 x64 and it was the same. But the problem doesn't exist if I for instance play some resource greedy games - they perform as expected.
Then... my mobo failed after BIOS update.
I've got a new motherboard, this time ASRock Z390 Taichi.
Story continues with same problem.
I've requested the shop to check the CPU, as I've checked all the other components with different machines and everything seemed to be fine with them. Shop has returned my money, so I've purchased i9-9900K. And guess what? The .... problem still occurs with exactly the same symptoms. Anyone has any idea what is the root cause, as it's driving me mad.
I recently dug in many forums, and as they suggested have disabled Windows Defender (I use Bitdefender) and IPv6, which improved a little bit in a sense, that it takes a bit longer after restart befor problem occurs.
Attaching required logs and the graph from LatencyMon after 6 hours since the boot time.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2019
Ran by Marcin (administrator) on ADON (10-02-2019 18:32:16)
Running from E:\downloads
Loaded Profiles: Marcin (Available Profiles: Marcin)
Platform: Windows 10 Pro Version 1803 17134.523 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
(Genesys Logic) C:\Windows\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Dries Amine) C:\Program Files (x86)\Amine Dries\Horloger\Horloger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(K2T.eu, Kaworu) C:\Program Files\K2T\WTW\wtw.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
() C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Resplendence Software Projects Sp.) C:\Program Files\LatencyMon\LatMon.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Nullsoft, Inc.) D:\system\Winamp\winamp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft)
HKLM\...\Run: [BGinfo] => "C:\Program Files (x86)\BGinfo\bginfo.cmd"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [147016 2018-09-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [ZaAntiRansomware] => C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe [4224584 2018-11-14] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4114240 2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3282000 2019-01-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330176 2014-08-19] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Winlogon [Shell] explorer.exe [3611368 2018-07-06] (Microsoft Windows -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53535080 2019-01-16] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\Run: [Horloger] => C:\Program Files (x86)\Amine Dries\Horloger\Horloger.exe [574464 2010-05-28] (Dries Amine)
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3133216 2019-01-04] (Valve -> Valve Corporation)
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ANOTHE~1.SCR [55808 2005-03-01] ()
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( )
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] ()
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [181760 2018-04-11] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32-x32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project)
HKLM\...\Drivers32-x32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( )
HKLM\...\Drivers32-x32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] ()
HKLM\...\Drivers32-x32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] ()
HKLM\...\Drivers32-x32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler)
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [190464 2018-04-11] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
Startup: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iVMS-4200 Client.lnk [2018-11-16]
ShortcutTarget: iVMS-4200 Client.lnk -> C:\Program Files\iVMS-4200 Station\iVMS-4200\iVMS-4200 Client\iVMS-4200.exe ()
Startup: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WTW.lnk [2018-11-17]
ShortcutTarget: WTW.lnk -> C:\Program Files\K2T\WTW\wtw.exe (K2T.eu, Kaworu)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{905b10be-073e-4f33-aa9e-5e461809a6e7}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9facca7d-3a25-4e00-939d-0713d5eb0835}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKU\S-1-5-21-3644142787-1589759995-767243190-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-3644142787-1589759995-767243190-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-12-07] (Bitdefender SRL -> Bitdefender)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-12-07] (Bitdefender SRL -> Bitdefender)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-12-07] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-12-07] (Bitdefender SRL -> Bitdefender)
Toolbar: HKU\S-1-5-21-3644142787-1589759995-767243190-1001 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-12-07] (Bitdefender SRL -> Bitdefender)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
FireFox:
========
FF DefaultProfile: l8yo2bip.default-1542472685927
FF ProfilePath: C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\l8yo2bip.default-1542472685927 [2019-02-10]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2018-12-07]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2018-10-29] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2017-08-22] ()
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [779152 2018-12-07] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [779152 2018-12-07] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195320 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [2498296 2018-05-30] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33016 2018-10-31] (Check Point Software Technologies Ltd. -> )
R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33016 2018-10-31] (Check Point Software Technologies Ltd. -> )
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2017-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-19] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-19] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
R2 GeneStorSvc; C:\Windows\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe [149592 2019-01-14] (Genesys Logic, Inc. -> Genesys Logic)
S4 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [529240 2018-12-07] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender SRL -> Bitdefender)
R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [17656 2018-03-22] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-16] (TeamViewer GmbH -> TeamViewer GmbH)
R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [196344 2018-04-23] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [112656 2018-12-07] (Bitdefender SRL -> Bitdefender)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4210584 2018-09-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [804656 2018-12-07] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-15] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-15] (Microsoft Corporation -> Microsoft Corporation)
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [56688 2018-04-16] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [47688 2018-11-14] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2018-09-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2019-01-31] (ASROCK Incorporation -> ASRock Incorporation)
S3 AsrDrv103; C:\Windows\SysWOW64\Drivers\AsrDrv103.sys [34568 2018-12-04] (ASROCK Incorporation -> ASRock Incorporation) [File not signed]
R0 asstahci64; C:\Windows\System32\drivers\asstahci64.sys [98696 2019-01-31] (ASMedia Technology Inc. -> Asmedia Technology)
S0 asstor64; C:\Windows\System32\drivers\asstor64.sys [84304 2018-12-03] (ASMedia Technology Inc. -> Asmedia Technology)
R1 atc; C:\Windows\System32\DRIVERS\atc.sys [1292296 2018-06-05] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [156912 2018-10-18] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23032 2018-04-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 bdprivmon; C:\Windows\System32\DRIVERS\bdprivmon.sys [45728 2018-09-17] (Bitdefender SRL -> © Bitdefender SRL)
S3 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [96448 2018-04-27] (Bitdefender SRL -> BitDefender)
R2 cpbak; C:\Windows\System32\DRIVERS\cpbak.sys [61592 2018-04-11] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R1 CPEPMon; C:\Windows\System32\DRIVERS\CPEPMon.sys [68280 2018-04-09] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1074984 2017-01-18] (Creative Technology Ltd -> Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [42792 2017-01-18] (Creative Technology Ltd -> Creative Technology Ltd)
R3 e1rexpress; C:\Windows\System32\drivers\e1r65x64.sys [548800 2019-01-31] (Intel(R) INTELNPG1 -> Intel Corporation)
R1 epnetflt; C:\Windows\system32\drivers\epnetflt.sys [117400 2017-12-10] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R1 epregflt; C:\Windows\system32\drivers\epregflt.sys [101552 2017-10-23] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R0 Gemma; C:\Windows\System32\DRIVERS\Gemma.sys [359584 2018-12-07] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [200064 2019-01-14] (Genesys Logic, Inc. -> Genesys Logic)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [193184 2018-05-29] (Bitdefender SRL -> BitDefender LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-11-15] (Martin Malik - REALiX -> REALiX(tm))
R0 iaStorAC; C:\Windows\System32\drivers\iaStorAC.sys [967696 2018-12-03] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [147112 2018-12-07] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Ignis; C:\Windows\System32\DRIVERS\ignis.sys [196352 2018-12-07] (Bitdefender SRL -> Bitdefender)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\Bin\ISWKL.sys [65264 2018-03-11] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R3 LifeCamTrueColor; C:\Windows\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation -> Microsoft Corporation)
R3 mv91cons; C:\Windows\System32\drivers\mv91cons.sys [33504 2018-11-15] (Marvell Semiconductor, Inc. -> Marvell Semiconductor Inc.)
R0 mvs91xx; C:\Windows\System32\drivers\mvs91xx.sys [342760 2018-11-15] (Marvell Semiconductor, Inc. -> Marvell Semiconductor, Inc.)
S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7689728 2018-04-11] (Microsoft Windows -> Intel Corporation)
R2 NPF; C:\Program Files\iVMS-4200 Station\iVMS-4200\Drivers\npf64.sys [36600 2018-08-13] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_fcd0b48b9144f71d\nvlddmkm.sys [20706392 2019-02-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [48040 2018-09-25] (SteelSeries ApS -> SteelSeries ApS)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [609576 2018-06-28] (Bitdefender SRL -> Bitdefender)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2015-06-18] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [461240 2018-09-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46184 2018-11-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [328696 2018-11-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-15] (Microsoft Windows -> Microsoft Corporation)
U3 iswSvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-10 18:27 - 2019-02-10 18:32 - 000000000 ____D C:\FRST
2019-02-10 12:51 - 2019-02-10 14:31 - 000000000 ___DC C:\Users\Marcin\AppData\LocalLow\uTorrent
2019-02-10 00:55 - 2019-02-10 01:17 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\NexusFont
2019-02-10 00:55 - 2019-02-10 00:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nexusfont
2019-02-10 00:55 - 2019-02-10 00:55 - 000000000 ____D C:\Program Files (x86)\nexusfont
2019-02-09 20:21 - 2019-02-09 20:21 - 000000234 ____C C:\Users\Marcin\Desktop\Far Cry Primal.url
2019-02-09 20:21 - 2019-02-09 20:21 - 000000234 ____C C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Far Cry Primal.url
2019-02-09 17:05 - 2019-02-09 17:05 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Canneverbe Limited
2019-02-09 17:05 - 2019-02-09 17:05 - 000000000 ____D C:\ProgramData\Canneverbe Limited
2019-02-09 15:15 - 2019-02-09 15:58 - 000000000 ____D C:\ESD
2019-02-09 15:14 - 2019-02-09 15:14 - 000000000 ____D C:\$WINDOWS.~BT
2019-02-09 11:35 - 2019-02-09 11:35 - 000001406 _ C:\Users\Public\Desktop\HP LJ M1530 Scan.lnk
2019-02-09 11:35 - 2019-02-09 11:35 - 000000000 ___DC C:\Users\Marcin\Desktop\HP
2019-02-09 11:35 - 2019-02-09 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-02-09 11:31 - 2019-02-09 11:32 - 000000000 ____D C:\HP_LaserJet_Professional_M1530_MFP_Series
2019-02-08 12:31 - 2019-02-08 12:31 - 000000000 ____D C:\Program Files\HandBrake
2019-02-08 12:30 - 2019-02-08 12:34 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\HandBrake
2019-02-08 12:30 - 2019-02-08 12:31 - 000000865 ____C C:\Users\Marcin\Desktop\Handbrake.lnk
2019-02-08 12:30 - 2019-02-08 12:30 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2019-02-08 12:29 - 2019-02-08 12:30 - 000000000 ____D C:\Program Files (x86)\Handbrake
2019-02-07 07:22 - 2019-02-07 07:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-02-06 01:10 - 2019-02-06 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2019-02-06 01:10 - 2019-02-06 01:10 - 000000000 ____D C:\Program Files\CPUID
2019-02-05 13:15 - 2019-02-05 13:15 - 000051024 _ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-02-05 13:15 - 2019-02-05 13:15 - 000047800 _ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-02-05 13:15 - 2019-02-05 13:15 - 000047800 _ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-02-05 13:15 - 2019-02-05 13:15 - 000047800 _ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-02-05 00:59 - 2019-02-05 00:59 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-05 00:39 - 2019-02-05 01:01 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2019-02-05 00:39 - 2019-02-05 00:39 - 000000045 _ C:\Windows\SysWOW64\initdebug.nfo
2019-02-05 00:39 - 2019-02-05 00:39 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2019-02-04 23:29 - 2019-02-01 04:02 - 010894304 _ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 020101816 _ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 017428560 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 009254488 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 004297024 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 001471600 _ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 001462024 _ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 001168936 _ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 001151984 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 001145720 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 000914904 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 000822576 _ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 000794440 _ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 000637992 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-02-04 23:29 - 2019-02-01 00:07 - 001005984 _ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-02-04 23:29 - 2019-02-01 00:07 - 001005984 _ C:\Windows\system32\vulkan-1.dll
2019-02-04 23:29 - 2019-02-01 00:07 - 000869792 _ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-02-04 23:29 - 2019-02-01 00:07 - 000869792 _ C:\Windows\SysWOW64\vulkan-1.dll
2019-02-04 23:29 - 2019-02-01 00:07 - 000551896 _ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-02-04 23:29 - 2019-02-01 00:07 - 000456848 _ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-02-04 23:29 - 2019-02-01 00:07 - 000269728 _ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-02-04 23:29 - 2019-02-01 00:07 - 000269728 _ C:\Windows\system32\vulkaninfo.exe
2019-02-04 23:29 - 2019-02-01 00:07 - 000244128 _ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-02-04 23:29 - 2019-02-01 00:07 - 000244128 _ C:\Windows\SysWOW64\vulkaninfo.exe
2019-02-04 23:29 - 2019-02-01 00:03 - 001464224 _ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-02-04 23:29 - 2019-02-01 00:03 - 001129560 _ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-02-04 23:29 - 2019-02-01 00:03 - 000992728 _ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2019-02-04 23:29 - 2019-02-01 00:03 - 000668872 _ C:\Windows\system32\nvofapi64.dll
2019-02-04 23:29 - 2019-02-01 00:03 - 000631896 _ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-02-04 23:29 - 2019-02-01 00:03 - 000566560 _ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2019-02-04 23:29 - 2019-02-01 00:03 - 000534752 _ C:\Windows\SysWOW64\nvofapi.dll
2019-02-04 23:29 - 2019-02-01 00:03 - 000522328 _ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 040234888 _ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 035140488 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 005272832 _ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 004623968 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 002031904 _ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 001534912 _ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 000752224 _ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 000611528 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 000448720 _ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2019-02-04 23:29 - 2019-02-01 00:01 - 000858312 _ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2019-02-04 23:29 - 2019-01-31 06:13 - 000104677 _ C:\Windows\system32\nvidia-smi.1.pdf
2019-02-04 23:29 - 2019-01-31 06:13 - 000047032 _ C:\Windows\system32\nvinfo.pb
2019-02-03 19:02 - 2019-02-03 20:49 - 000000000 ____D C:\pixel
2019-02-01 23:24 - 2019-02-01 23:24 - 000466520 _ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2019-02-01 23:24 - 2019-02-01 23:24 - 000445016 _ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2019-02-01 23:24 - 2019-02-01 23:24 - 000123480 _ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2019-02-01 23:24 - 2019-02-01 23:24 - 000109144 _ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2019-02-01 23:24 - 2019-02-01 23:24 - 000000000 ____D C:\Program Files\Creative
2019-02-01 23:24 - 2014-04-25 16:33 - 001898496 ____N (Creative) C:\Windows\system32\Sens_oal.dll
2019-02-01 23:24 - 2014-04-25 16:29 - 001609728 ____N (Creative) C:\Windows\SysWOW64\Sens_oal.dll
2019-02-01 23:24 - 2012-11-26 17:19 - 000005687 ____N C:\Windows\SysWOW64\CTOPT352.cat
2019-02-01 23:24 - 2012-08-13 14:51 - 000167424 ____N (Creative Technology Ltd) C:\Windows\SysWOW64\CTOPT352.dll
2019-02-01 23:24 - 2010-10-04 15:20 - 000079360 ____N (Creative Technology Ltd) C:\Windows\SysWOW64\CTOPT399.dll
2019-02-01 23:24 - 2010-10-03 14:48 - 000005498 ____N C:\Windows\SysWOW64\CTOPT399.cat
2019-02-01 23:24 - 2008-12-22 20:13 - 000061440 ____N (Creative Technology Ltd) C:\Windows\SysWOW64\CTChkAud.dll
2019-02-01 23:24 - 2006-12-05 13:53 - 000042496 ____N (Creative Technology Ltd.) C:\Windows\SysWOW64\AddCat.exe
2019-02-01 23:24 - 2000-05-11 01:00 - 000090112 ____N (Creative Technology Ltd.) C:\Windows\Updreg.EXE
2019-01-31 23:41 - 2019-01-31 23:41 - 000022280 _ (ASRock Incorporation) C:\Windows\SysWOW64\Drivers\AsrDrv101.sys
2019-01-31 23:17 - 2019-01-31 23:17 - 000548800 _ (Intel Corporation) C:\Windows\system32\Drivers\e1r65x64.sys
2019-01-31 23:17 - 2019-01-31 23:17 - 000089536 _ (Intel Corporation) C:\Windows\system32\Drivers\e1rmsg.dll
2019-01-31 23:17 - 2019-01-31 23:17 - 000003096 _ C:\Windows\system32\e1r65x64.din
2019-01-31 23:16 - 2019-01-31 23:16 - 000466728 _ (Microsoft Corporation) C:\Windows\system32\coin99itp.dll
2019-01-31 23:16 - 2019-01-31 23:16 - 000098696 _ (Asmedia Technology) C:\Windows\system32\Drivers\asstahci64.sys
2019-01-14 00:30 - 2019-01-14 00:30 - 003183192 _ (Genesys Logic) C:\Windows\SysWOW64\GLCRIcon.dll
2019-01-14 00:30 - 2019-01-14 00:30 - 000200064 _ (Genesys Logic) C:\Windows\system32\Drivers\GeneStor.sys
2019-01-13 20:03 - 2019-01-13 20:03 - 000000000 ____D C:\Windows\system32\appmgmt
2019-01-13 19:16 - 2019-01-13 19:16 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Fatshark
2019-01-12 19:45 - 2019-01-12 19:45 - 000003562 _ C:\Windows\System32\Tasks\HPLJCustParticipation
2019-01-12 19:45 - 2019-01-12 19:45 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Hewlett-Packard Company
2019-01-12 19:44 - 2019-01-12 19:44 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\HpUpdate
2019-01-12 19:43 - 2019-01-12 19:43 - 000000608 ___SH C:\Windows\system32\winzvprt5.sys
2019-01-12 19:40 - 2011-09-28 09:44 - 000311808 _ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn117.dll
2019-01-12 19:40 - 2011-09-28 09:34 - 000316928 _ C:\Windows\SysWOW64\hpcc3117.DLL
2019-01-12 19:39 - 2019-01-12 19:39 - 000000000 ____D C:\HP_LaserJet_400_MFP_M425
2019-01-12 19:39 - 2015-04-29 22:49 - 001022984 _ (Hewlett-Packard) C:\Windows\system32\hpptsplj425_x64.dll
2019-01-12 19:39 - 2015-04-29 22:49 - 000828936 _ (Hewlett-Packard) C:\Windows\SysWOW64\hpptsplj425.dll
2019-01-12 19:39 - 2015-04-29 22:49 - 000584712 _ (HP Inc., LP) C:\Windows\system32\hpwia2_lj425.dll
2019-01-11 23:16 - 2019-01-11 23:16 - 000000222 ____C C:\Users\Marcin\Desktop\Warhammer End Times - Vermintide.url
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-10 18:30 - 2018-12-10 00:17 - 000002622 __RSH C:\ProgramData\ntuser.pol
2019-02-10 18:27 - 2018-04-11 23:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-10 16:41 - 2018-11-16 16:14 - 000001379 _ C:\Users\Public\Desktop\Skype.lnk
2019-02-10 16:41 - 2018-11-16 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-02-10 16:07 - 2018-11-15 17:46 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-02-10 14:31 - 2018-11-22 13:43 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\uTorrent
2019-02-10 10:50 - 2018-11-18 00:00 - 000000000 ____D C:\iVMS-4200
2019-02-10 10:31 - 2018-11-15 17:52 - 000842628 _ C:\Windows\system32\PerfStringBackup.INI
2019-02-10 10:31 - 2018-04-11 23:36 - 000000000 ____D C:\Windows\INF
2019-02-10 10:27 - 2018-11-15 18:45 - 000000000 ___DC C:\Users\Marcin\AppData\LocalLow\Mozilla
2019-02-10 10:26 - 2018-11-22 14:45 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-10 10:25 - 2018-11-16 16:18 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-02-10 10:25 - 2018-11-15 17:46 - 005135792 _ C:\Windows\system32\FNTCACHE.DAT
2019-02-10 10:25 - 2018-11-15 17:46 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-10 01:58 - 2018-11-26 13:07 - 000050685 _ C:\bdlog.txt
2019-02-10 01:58 - 2018-04-11 21:04 - 000524288 _ C:\Windows\system32\config\BBI
2019-02-10 01:56 - 2018-11-16 01:30 - 000000000 ____D C:\Users\Marcin\Calibre Library
2019-02-10 00:57 - 2018-11-16 16:43 - 000000000 ____D C:\Program Files\rempl
2019-02-10 00:57 - 2018-04-11 23:30 - 000000000 ____D C:\Windows\CbsTemp
2019-02-10 00:54 - 2018-04-11 23:38 - 000000167 _ C:\Windows\win.ini
2019-02-10 00:51 - 2018-11-16 13:11 - 000000000 ___RD C:\Moje dokumenty
2019-02-10 00:40 - 2018-12-11 09:46 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-02-09 23:41 - 2018-11-15 19:03 - 000000000 ____D C:\ProgramData\ProductData
2019-02-09 23:41 - 2018-11-15 19:02 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\IObit
2019-02-09 23:40 - 2018-11-17 16:49 - 000000000 ____D C:\Program Files (x86)\HD Tune Pro
2019-02-09 23:40 - 2018-11-15 22:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-02-09 23:39 - 2018-11-16 21:23 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-02-09 23:38 - 2018-12-11 09:10 - 000000000 ____D C:\Program Files (x86)\Any eBook Converter
2019-02-09 19:38 - 2018-04-11 23:38 - 000000000 ____D C:\Windows\LiveKernelReports
2019-02-09 19:28 - 2018-04-11 23:38 - 000000000 ____D C:\Windows\AppReadiness
2019-02-09 15:58 - 2018-11-15 17:46 - 000000000 ____D C:\Windows\Panther
2019-02-09 15:02 - 2018-04-11 23:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-09 11:35 - 2018-11-27 00:45 - 000000182 _ C:\Windows\system32\AddPort.ini
2019-02-09 11:35 - 2018-11-27 00:43 - 000000000 ____D C:\Program Files (x86)\HP
2019-02-08 18:09 - 2018-12-04 10:03 - 000000000 ____D C:\sell
2019-02-08 17:40 - 2018-11-15 17:51 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Adobe
2019-02-08 07:40 - 2018-11-15 18:07 - 000000000 ____D C:\ProgramData\Packages
2019-02-08 07:24 - 2018-04-11 21:04 - 000065536 _ C:\Windows\system32\config\ELAM
2019-02-07 23:55 - 2018-11-16 14:46 - 000000000 ___HD C:\SandBlastBackup
2019-02-07 07:22 - 2018-11-19 00:39 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-02-06 00:50 - 2018-11-15 18:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-05 00:59 - 2018-11-15 18:45 - 000001005 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-05 00:59 - 2018-11-15 18:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-02-04 23:30 - 2018-11-15 17:56 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-02-04 19:49 - 2018-11-16 01:30 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\calibre
2019-02-03 00:03 - 2018-11-16 16:18 - 000001040 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-02-03 00:03 - 2018-11-16 16:18 - 000001028 _ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-02-01 23:24 - 2018-11-15 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2019-02-01 23:24 - 2018-11-15 22:21 - 000000000 ____D C:\Program Files (x86)\Creative
2019-02-01 23:23 - 2018-11-15 22:21 - 000000078 ___RH C:\Windows\ctfile.rfc
2019-02-01 23:23 - 2018-11-15 17:56 - 000000000 ____D C:\Users\Public\Creative
2019-02-01 04:01 - 2018-09-16 23:32 - 005037040 _ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-01-31 06:13 - 2018-11-22 14:49 - 000001951 _ C:\Windows\NvTelemetryContainerRecovery.bat
2019-01-30 20:08 - 2018-11-26 01:09 - 005364776 _ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-01-30 20:08 - 2018-11-26 01:09 - 002624824 _ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-01-30 20:08 - 2018-11-26 01:09 - 001767920 _ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-01-30 20:08 - 2018-11-26 01:09 - 000651248 _ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-01-30 20:08 - 2018-11-26 01:09 - 000450600 _ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-01-30 20:08 - 2018-11-26 01:09 - 000124968 _ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-01-30 20:08 - 2018-11-26 01:09 - 000082800 _ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-01-30 13:34 - 2018-11-26 01:09 - 008488852 _ C:\Windows\system32\nvcoproc.bin
2019-01-26 14:03 - 2018-11-26 01:08 - 000001951 _ C:\Windows\NvContainerRecovery.bat
2019-01-16 01:32 - 2018-11-15 17:51 - 000000000 ____D C:\Users\Marcin
2019-01-13 20:05 - 2018-11-27 00:37 - 000000000 ____D C:\ProgramData\HP
2019-01-13 20:00 - 2018-11-18 03:00 - 000000000 ____D C:\Program Files (x86)\Steam
2019-01-12 19:45 - 2018-11-27 00:37 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2019-01-12 18:30 - 2018-12-06 23:42 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\KeePass
2019-01-12 17:49 - 2018-12-06 23:14 - 000001186 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2019-01-12 17:49 - 2018-12-06 23:14 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2019-01-11 23:16 - 2018-11-19 12:24 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-11-15 17:46
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019
Ran by Marcin (10-02-2019 18:33:03)
Running from E:\downloads
Windows 10 Pro Version 1803 17134.523 (X64) (2018-11-15 17:47:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3644142787-1589759995-767243190-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3644142787-1589759995-767243190-503 - Limited - Disabled)
Guest (S-1-5-21-3644142787-1589759995-767243190-501 - Limited - Disabled)
Marcin (S-1-5-21-3644142787-1589759995-767243190-1001 - Administrator - Enabled) => C:\Users\Marcin
WDAGUtilityAccount (S-1-5-21-3644142787-1589759995-767243190-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {8D637332-9C08-995E-98D7-8237936B0E9F}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{BC741628-0AFC-405C-8946-DD46D1005A0A}) (Version: 8.2.4 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
ACDSee Photo Studio Ultimate 2018 (HKLM\...\{35035ABF-4733-478B-88AC-CB25FF451926}) (Version: 11.0.0.1200 - ACD Systems International Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
AIDA64 5.99.4900 (HKLM-x32\...\AIDA64_is1) (Version: 5.99.4900 - lrepacks.ru)
Another Matrix Screen Saver (HKLM-x32\...\Another Matrix Screen Saver_is1) (Version: - NicheScreenSavers.com)
Assassin's Creed Odyssey (HKLM-x32\...\Uplay Install 5059) (Version: - Ubisoft)
Assassin's Creed Origins (HKLM-x32\...\Uplay Install 3539) (Version: - Ubisoft)
A-Tuning v3.0.245 (HKLM-x32\...\A-Tuning_is1) (Version: 3.0.245 - ASRock Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 23.0.8.115 - Bitdefender)
Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 23.0.14.61 - Bitdefender)
Book Collector (HKLM-x32\...\{FD0F8123-9035-44B0-B331-2596979E74ED}_is1) (Version: - Collectorz.com)
calibre 64bit (HKLM\...\{A9CFF5B2-9CF6-4903-ACD1-CE9CFDFD6206}) (Version: 3.34.0 - Kovid Goyal)
Check Point SBA (HKLM\...\{942ADD32-A2CC-4A36-B0AB-AB881084CFE0}) (Version: 86.5.1 - Check Point Software Technologies Ltd.) Hidden
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
CPUID HWMonitor 1.39 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.39 - CPUID, Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 418.81 - NVIDIA Corporation) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dropbox (HKLM-x32\...\Dropbox) (Version: 66.4.84 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Exact Audio Copy 1.3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.3 - Andre Wiethoff)
Far Cry Primal (HKLM-x32\...\Uplay Install 2010) (Version: - Ubisoft)
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: "1.0.0.10" - Rockstar Games)
HandBrake 1.2.0 (HKLM-x32\...\HandBrake) (Version: 1.2.0 - )
Horloger 1.0 Final (HKLM-x32\...\Horloger 1.0 Final) (Version: - )
HP LaserJet Professional M1530 MFP Series (HKLM-x32\...\{74280B5D-A0AF-46c5-9C85-D9EA078262F1}) (Version: 15.0.15188.928 - Hewlett-Packard)
HP LJ M1530 MFP Series HP Scan (HKLM-x32\...\{C05002F1-06F8-4A15-B6F8-E4DC655C28AA}) (Version: 1.0.302.0 - Hewlett-Packard Co.)
HPLJDXPHelper (HKLM-x32\...\{010788AB-706E-4604-A46B-6785EAB64B5E}) (Version: 140.069.007 - HP) Hidden
HPLJUTCore (HKLM-x32\...\{B445502B-2F83-4873-90F1-06059F71A46A}) (Version: 014.000.0001 - HP) Hidden
hppLaserJetService (HKLM-x32\...\{0C4C3664-157A-4D69-B474-31EBF2EE1AE3}) (Version: 009.033.00926 - Hewlett-Packard) Hidden
hppM425LaserJetService (HKLM-x32\...\{5CDD2730-3425-4423-AC99-0FAB62A35D9B}) (Version: 001.019.00639 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{E35D0ED5-716B-4E1F-8477-54DD746DF527}) (Version: 140.040.00231 - Hewlett Packard) Hidden
iVMS-4200(2.7.2.7) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.7.2.7 - hikvision)
kED 2.1.4.0 (HKLM-x32\...\kED_is1) (Version: - )
KeePass Password Safe 2.41 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.41 - Dominik Reichl)
Kindle Previewer 3 (HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\Kindle Previewer 3) (Version: 3.28.1 - Amazon)
K-Lite Mega Codec Pack 14.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.5 - KLCP)
LatencyMon 6.70 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{56F27690-F6EA-3356-980A-02BA379506EE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)语言包 - 简体中文 (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - CHS) (Version: 10.0.30319 - Microsoft Corporation)
MKVToolNix 29.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 29.0.0 - Moritz Bunkus)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 65.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 65.0 (x64 en-GB)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.1 - Mozilla)
nexusfont 2.6 (ver 2.6.2.1870) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version: - xiles)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.12 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.16.0.140 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.140 - NVIDIA Corporation)
NVIDIA Graphics Driver 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 418.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Pakiet zgodności dla systemu Office 2007 (HKLM-x32\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Polski (programisty) - UK (HKLM\...\{2D4D3FBD-514D-4323-803C-67A9170D9382}) (Version: 1.0.3.40 - Wojo)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
SADPTool (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 3.0.0.16 - hikvision)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}Office14.PROPLUSR{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype version 8.37 (HKLM-x32\...\Skype_is1) (Version: 8.37 - Skype Technologies S.A.)
Sound Blaster Z-Series (HKLM-x32\...\{DAB64FB1-0BBB-486E-9C57-A3E34F463AEB}) (Version: 1.01.10 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.9025 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 73.2 - Ubisoft)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: 3.0.6.27 - )
Win10Pcap (HKLM-x32\...\{B5B58F8A-1984-4F3E-B400-235A6E005002}) (Version: 10.2.5002 - Daiyuu Nobori, University of Tsukuba, Japan)
Winamp (HKLM-x32\...\Winamp) (Version: 5.572 - Nullsoft, Inc)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WTW 1.28.0.4860 IM (HKLM\...\{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}) (Version: 1.28.0.4860 - K2T.eu)
ZoneAlarm Anti-Ransomware (HKLM-x32\...\{0B8C3231-9818-4CB9-8213-4AB839836791}) (Version: 1.001.0670 - Check Point Software) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{6F277433-5A52-4DC5-AA23-ECE8FD045EBD}) (Version: 15.4.062.17802 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.4.062.17802 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{37F2A556-851C-46BA-BDD4-48745E7A106B}) (Version: 15.4.062.17802 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3644142787-1589759995-767243190-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Marcin\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3644142787-1589759995-767243190-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Marcin\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3644142787-1589759995-767243190-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Marcin\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [PicaViewCtxMenuShlExt] -> {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} => C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [2015-08-28] (ACD Systems International -> ACD Systems International Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-10-30] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-10-30] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-10-30] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {16FFDCEF-C4DC-43D6-885E-D9D4E4A4041D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {24DC0F47-CF61-4B72-95AC-AEE83CB6CFD9} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2963C7F7-EB96-430F-9366-7DCFB685F099} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {30878BD4-D708-4E8F-9B58-4F31B519D63C} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe (Hewlett-Packard Company -> Hewlett Packard)
Task: {53A3678B-7A86-43B8-93EB-F35B3DE3C6E5} - System32\Tasks\AdobeAAMUpdater-1.0-ADON-Marcin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {6D733FAE-0FCD-477D-98AD-9C1DC55A838C} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7D3C6D5E-9840-46DD-93D4-68B50B799125} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8D102A88-EB5F-4ACF-903A-BFBFA5E292B7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8FB7AF43-97C9-4416-92DE-FCEE22138774} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe (Bitdefender SRL -> Bitdefender)
Task: {91482678-0425-4AE6-A857-B2A66E1FB3B3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A4A5B739-ACAA-4744-84B8-E7D881F840D9} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ABBEEDBC-D9C6-441D-A86E-CBFFF2E18A6B} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B1D60EE0-DE93-4C6A-A685-F869D8F910C5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B4ABC517-53F4-4FAE-9F08-1EF76556F59D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {C9ABC908-B9F0-4465-8B3C-DC094A50DAEC} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E4C853A4-C5DF-4573-BA2E-AAC8ED251BAD} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E8025F87-FFE4-4738-ADC9-FC02EFF4C3B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {EF704C39-B9F8-4737-A7B5-7A2F87B3AD6B} - \Optimize Thumbnail Cache Files -> No File <==== ATTENTION
Task: {F80757AA-EFD7-4779-8069-8E288C9EFA0A} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe (Bitdefender SRL -> Bitdefender)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\Optimize Thumbnail Cache Files.job => Wscript.exe J/nologo /E:jscript /B C:\ProgramData\InstallShield\Update\isuspm.ini <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K2T\WTW\Forum.lnk -> hxxp://forum.k2t.eu
Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K2T\WTW\Propositions.lnk -> hxxp://bugtraq.k2t.eu
Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K2T\WTW\Report Bug.lnk -> hxxp://bugtraq.k2t.eu
==================== Loaded Modules (Whitelisted) ==============
2018-11-26 13:19 - 2018-11-26 13:19 - 000994752 _ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttpbr.mdl
2018-11-26 13:19 - 2018-11-26 13:19 - 000544880 _ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttpdsp.mdl
2018-11-26 13:19 - 2018-11-26 13:19 - 003240080 _ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttpph.mdl
2018-11-26 13:19 - 2018-11-26 13:19 - 001530368 _ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttprbl.mdl
2018-11-26 01:18 - 2018-12-06 10:14 - 001315312 _ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-11 23:34 - 2018-04-11 23:34 - 000491744 _ () C:\Windows\System32\InputHost.dll
2018-04-11 23:34 - 2018-04-11 23:34 - 000472064 _ () C:\Windows\ShellExperiences\TileControl.dll
2019-01-07 17:06 - 2018-11-09 02:17 - 002759680 _ () C:\Windows\ShellComponents\TaskFlowUI.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2019-01-09 18:27 - 2019-01-01 06:42 - 002185728 _ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-31 23:14 - 2019-01-31 23:14 - 000182272 _ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-02-07 01:08 - 2019-02-07 01:08 - 028028416 _ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-02-07 01:08 - 2019-02-07 01:08 - 000305152 _ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-04-12 16:24 - 2018-04-12 16:24 - 000902656 _ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-29 16:35 - 2018-11-29 16:35 - 004202208 _ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-07 01:08 - 2019-02-07 01:08 - 006033408 _ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-02-07 01:08 - 2019-02-07 01:08 - 009338368 _ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-11-26 01:18 - 2018-12-06 10:14 - 101252592 _ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-11-26 01:18 - 2018-12-06 10:14 - 004620272 _ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libglesv2.dll
2018-11-26 01:18 - 2018-12-06 10:14 - 000109040 _ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libegl.dll
2018-11-16 13:23 - 2018-05-21 06:20 - 000019456 _ () C:\Program Files\K2T\WTW\libCryptoLayer.module
2018-11-16 13:23 - 2018-05-21 06:18 - 000088064 _ () C:\Program Files\K2T\WTW\libCryptoWtw.module
2018-11-16 13:23 - 2018-05-21 06:20 - 000579584 _ () C:\Program Files\K2T\WTW\libImage.module
2018-11-16 13:23 - 2018-05-21 06:20 - 000575488 _ () C:\Program Files\K2T\WTW\libSQ3.module
2018-11-16 13:23 - 2018-05-21 06:18 - 000092160 _ () C:\Program Files\K2T\WTW\libZlib.module
2018-11-16 13:23 - 2018-05-21 06:18 - 000129024 _ () C:\Program Files\K2T\WTW\libExpat.module
2018-11-16 13:23 - 2018-05-21 06:21 - 000442880 _ () C:\Program Files\K2T\WTW\libLexer.module
2018-11-16 13:23 - 2018-05-21 06:25 - 000014336 _ () C:\Program Files\K2T\WTW\libWin8.module
2018-10-31 00:47 - 2018-10-31 00:47 - 000033016 _ () c:\program files (x86)\checkpoint\endpoint security\tpcommon\cipolla\sbacipollasrvhost.exe
2018-11-15 18:11 - 2018-11-15 18:11 - 000009216 _ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-31 23:14 - 2019-01-31 23:14 - 000060416 _ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-31 23:14 - 2019-01-31 23:14 - 000481280 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-01-31 23:14 - 2019-01-31 23:14 - 080636416 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-11-15 18:10 - 2018-11-15 18:28 - 002523136 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-01-17 19:25 - 2019-01-17 19:25 - 000012288 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-01-31 23:14 - 2019-01-31 23:14 - 003824640 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-31 23:14 - 2019-01-31 23:14 - 014225408 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-01-31 23:14 - 2019-01-31 23:14 - 002871296 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-11-15 18:10 - 2018-11-15 18:28 - 000973312 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-11-15 18:10 - 2018-11-15 18:28 - 004584960 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-31 23:14 - 2019-01-31 23:14 - 000146432 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\SKU.dll
2018-12-07 19:51 - 2018-12-07 19:51 - 004220928 _ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-12-07 19:51 - 2018-12-07 19:51 - 004380232 _ () C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18003.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000153336 _ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\TPCommonCLI.dll
2015-07-20 11:26 - 2015-07-20 11:26 - 001058320 _ () C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CloudServices.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000096504 _ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationProxyWrapperLib.dll
2018-11-26 01:18 - 2018-12-06 10:14 - 001033200 _ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000063224 _ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\FileOperationsWrapperLib.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000059128 _ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\FileOperationsLib.dll
2018-11-16 16:14 - 2019-01-16 23:33 - 001837672 _ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2019-02-10 16:41 - 2019-01-16 23:33 - 002388832 _ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2019-02-10 16:41 - 2019-01-16 23:33 - 000097840 _ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2019-02-10 16:41 - 2019-01-16 23:33 - 000219696 _ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2019-02-10 16:41 - 2019-01-16 23:33 - 000081768 _ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node
2018-11-16 16:14 - 2019-01-16 23:33 - 002901504 _ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-11-16 16:14 - 2019-01-16 23:33 - 000015360 _ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2019-02-10 16:41 - 2019-01-16 23:33 - 000405056 _ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2019-02-10 16:41 - 2019-01-16 23:33 - 000138816 _ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2019-02-10 16:41 - 2019-01-16 23:34 - 003239784 _ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\Processing.NDI.Lib.x86.dll
2018-11-19 00:19 - 2018-06-14 10:26 - 000144336 _ () C:\Program Files\LatencyMon\rspWmi32.dll
2018-11-19 00:19 - 2018-06-14 10:26 - 000512368 _ () C:\Program Files\LatencyMon\rspSymSrv32.dll
2018-11-19 00:19 - 2018-06-14 10:26 - 000132080 _ () C:\Program Files\LatencyMon\rspDisMon32.dll
2010-01-13 22:46 - 2018-11-19 21:34 - 000016384 _ () D:\system\Winamp\System\gracenote.w5s
2015-04-24 17:23 - 2012-02-22 01:33 - 000242176 _ () D:\system\Winamp\Plugins\in_cue.dll
2015-04-24 17:23 - 2012-02-22 01:33 - 000128512 _ () D:\system\Winamp\Plugins\in_sid2.dll
2010-01-13 22:46 - 2018-11-19 21:34 - 000028672 _ () D:\system\Winamp\Plugins\ml_autotag.dll
2008-10-16 20:43 - 2008-10-16 20:43 - 003204096 _ () D:\system\Winamp\Plugins\ml_nowplaying2.dll
2010-01-13 22:46 - 2018-11-19 21:34 - 000061952 _ () D:\system\Winamp\Plugins\ml_plg.dll
2010-01-13 22:46 - 2013-12-13 02:47 - 000333824 _ () D:\system\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2015-04-24 17:23 - 2012-02-22 01:33 - 000004608 _ () D:\system\Winamp\Plugins\gen_cue.dll
2006-07-23 20:47 - 2006-07-23 20:47 - 000065536 _ () D:\system\Winamp\Plugins\gen_mbapi.dll
2010-01-13 22:46 - 2018-11-19 21:34 - 000057344 _ () D:\system\Winamp\Plugins\gen_orgler.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-11 23:38 - 2018-04-11 23:36 - 000000824 _ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\Control Panel\Desktop\\Wallpaper -> d:\Temp\BGInfo.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: HP LaserJet Service => 2
HKLM\...\StartupApproved\Run32: => "UpdReg"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "StatusAlerts"
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{7FB50155-A53B-40BE-9EC4-33F918D87D3E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{0581C84D-8C9C-48A1-A179-995B256EF9E2}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{999AEACF-DE6F-4021-B70C-1FEE3C0DA3B9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{9AB8829F-B0A1-4273-AE49-3EAC78EC91A9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{AA2C8D4A-12CB-4071-BF3F-25828F684FD0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2681B8CD-5A9D-450A-9AA5-355B9D7E43B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DCF7C353-B879-4AFB-A217-806963D2ABDA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DriverBooster.exe No File
FirewallRules: [{94CE14F9-D30C-4055-A5AF-F40D12891D54}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DriverBooster.exe No File
FirewallRules: [{91BC3E32-55DB-436E-9B10-85149BEBFB51}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DBDownloader.exe No File
FirewallRules: [{C3AE03D8-8C64-45E2-9971-306A18CE3355}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DBDownloader.exe No File
FirewallRules: [{BEF01ED8-05C9-46CB-B141-1F32382D9E59}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\AutoUpdate.exe No File
FirewallRules: [{BEEB34C8-559D-4FC5-BB83-8C7F6621C9CB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\AutoUpdate.exe No File
FirewallRules: [{85756C1A-2D4B-43E1-A616-9C8B12186C63}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe (K2T.eu, Kaworu)
FirewallRules: [{153BB44A-F5B9-4F27-AC5B-AD832930D0CA}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe (K2T.eu, Kaworu)
FirewallRules: [TCP - Installer for ACDSee Commander Ultimate 2018] => (Allow) C:\Program Files\ACD Systems\ACDSee Ultimate\11.0\ACDSeeCommanderUltimate11.exe (KpoJIuK)
FirewallRules: [UDP - Installer for ACDSee Commander Ultimate 2018] => (Allow) C:\Program Files\ACD Systems\ACDSee Ultimate\11.0\ACDSeeCommanderUltimate11.exe (KpoJIuK)
FirewallRules: [{28E4C156-2475-46A9-B73B-1FEF2C363C9D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{77D9A318-762E-453B-A46A-1E2EBCDD05BD}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{494A5C03-D2C9-45F6-BD34-58AFDC27587C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{92562666-23B2-4D77-8FDD-A1B268B4D065}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3FD18AD1-99BC-47D5-9091-57F7699E529A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{73159E31-C0F1-42C8-B49A-F6A9C946E94B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{0CBCC607-D18F-4AF8-B731-AB94E6D5E959}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{448CEBBB-E06C-4C90-987D-C6988C99A722}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{272E83BF-BB7A-4382-866B-C875706DCA00}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{347B3632-2353-497F-A042-DFBB186AFE4C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{46E4D87B-0E84-46F2-8FF0-B6CAE2797286}] => (Allow) D:5\Steam\steamapps\common\Call of Cthulhu\CallOfCthulhu.exe No File
FirewallRules: [{83C312AE-0254-46F3-B8E3-42633EC95EA6}] => (Allow) D:5\Steam\steamapps\common\Call of Cthulhu\CallOfCthulhu.exe No File
FirewallRules: [{5747F6F1-F992-446B-9747-12A251A3591A}] => (Allow) D:5\Steam\steamapps\common\Metro 2033 Redux\metro.exe No File
FirewallRules: [{434988D9-ECC2-4A58-A1B9-C752A3EFB818}] => (Allow) D:5\Steam\steamapps\common\Metro 2033 Redux\metro.exe No File
FirewallRules: [{B4E4D92B-85E0-4414-AD7A-CA000E0D753B}] => (Allow) D:5\Steam\steamapps\common\Metro Last Light Redux\metro.exe No File
FirewallRules: [{FA138968-8BC4-481F-B006-4BDB664BC210}] => (Allow) D:5\Steam\steamapps\common\Metro Last Light Redux\metro.exe No File
FirewallRules: [{4A24218A-276A-429A-B83D-9E56F2ECE8C0}] => (Allow) L:\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro)
FirewallRules: [{6BE86B6D-CF24-4627-9659-01EFBFA70B4A}] => (Allow) L:\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro)
FirewallRules: [{1FBDFE0A-657F-47EF-9918-B1C165E84B44}] => (Allow) C:\Users\Marcin\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D1330323-93AE-422F-8A39-629FFA47F1B2}] => (Allow) C:\Users\Marcin\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{1B31B0E7-CA92-43CD-B1C9-466299FA72B8}] => (Allow) L:\Steam\steamapps\common\Hitman™\Launcher.exe (IO INTERACTIVE A/S -> )
FirewallRules: [{58CF86E3-0A1C-43F3-9328-3ECBC8EFA463}] => (Allow) L:\Steam\steamapps\common\Hitman™\Launcher.exe (IO INTERACTIVE A/S -> )
FirewallRules: [{9CAF693D-BFE6-41D5-B605-D7C2DD265461}] => (Allow) L:\Steam\steamapps\common\Ring of Elysium\SLauncher.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{378004EA-5312-41A8-9794-460658ADB5A4}] => (Allow) L:\Steam\steamapps\common\Ring of Elysium\SLauncher.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{8763941E-E827-4A20-A30E-596828945C4F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8988DE50-8045-4FF4-BDE7-AB694A811206}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{56FDE6C7-B304-4CEB-B6D7-109FEAAE4011}] => (Allow) I:\Age of Empires III\age3.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [{961F8CC3-6BAD-46EC-A00A-871C4270499E}] => (Allow) I:\Age of Empires III\age3.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [{68206F20-57D8-4CB2-A4E9-606EBC074991}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8BD24899-493A-483B-87B1-C5E1446275A0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3A9B90BA-AABE-42F2-8EE7-E48CCA1A0B28}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7E3B41A1-A73F-4490-A1AD-98E92E989FCF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5B03B75B-03CB-4F17-989F-71475DD79047}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AEE3969D-6A9B-4C3E-9D96-873CEC38AA37}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3E5832B7-8EDD-4A27-B1C7-CE75A0870968}] => (Allow) L:\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{C10412BA-D441-42C0-8DF0-6A9258BD5B78}] => (Allow) L:\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{09A3DE97-7468-4272-A908-77DBA2AC117A}] => (Allow) L:\Steam\steamapps\common\Sniper Ghost Warrior\Sniper_x86.exe (City Interactive)
FirewallRules: [{3B846ACF-79D2-435F-8DFD-3533AFA3C7DB}] => (Allow) L:\Steam\steamapps\common\Sniper Ghost Warrior\Sniper_x86.exe (City Interactive)
FirewallRules: [{8BD081CB-B61F-4ED2-8279-F62B4CDAED05}] => (Allow) L:\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{F05514FD-757C-4B51-AF78-39307D73A1B9}] => (Allow) L:\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{220A64F4-7C57-4B69-8EFB-9D9016DF3F19}] => (Allow) L:\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{9B1A8031-0646-4F85-95E5-82E5C81BBE2F}] => (Allow) L:\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{D84EE1A0-F898-4C70-B628-DB44C2753916}] => (Allow) L:\Steam\steamapps\common\Call of Cthulhu\CallOfCthulhu.exe (Focus Home Interactive -> )
FirewallRules: [{8C7E23C2-464F-4E76-8485-B1CCB0B2A6E9}] => (Allow) L:\Steam\steamapps\common\Call of Cthulhu\CallOfCthulhu.exe (Focus Home Interactive -> )
FirewallRules: [{13E97AF3-F3D6-4B77-A161-211FFD951A7E}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\568705AA-DD8A-4134-B8B9-9609721FBBCE\Installer\hpbcsiInstaller.exe No File
FirewallRules: [{67EECD06-D2CD-46AE-8B8A-72DA3D5DB5F4}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\568705AA-DD8A-4134-B8B9-9609721FBBCE\Installer\hpbcsiInstaller.exe No File
FirewallRules: [{8D235337-1C36-46FF-9BA8-499E7F063DDD}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\74280B5D-A0AF-46c5-9C85-D9EA078262F1\Installer\hpbcsiInstaller.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{E8B2193E-8582-4B06-ADDA-AEFA442D477C}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\74280B5D-A0AF-46c5-9C85-D9EA078262F1\Installer\hpbcsiInstaller.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{6D3F97E7-FF4C-4B7C-9EA1-AB2255166AC3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{34BA0CE4-6DC0-4FD4-B783-8D93A246EB85}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{F3C90871-70FB-4690-BE74-E4E5ABBBBB10}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{25A1AAA3-1CDA-42F2-A318-13C68C2644DB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{AEADEFF9-5443-4A2C-B99F-2AF7AAA7D521}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{7E2DFC6D-3DAC-4FE5-B00E-B7265F78B593}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{750A8B26-9828-4291-945A-BDF05F9DDFD0}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
09-02-2019 23:40:17 Removed ePUBee Maker
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/10/2019 01:15:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FontCache, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: fntcache.dll, version: 10.0.17134.376, time stamp: 0xc351a612
Exception code: 0x40000015
Fault offset: 0x000000000005a939
Faulting process ID: 0xd78
Faulting application start time: 0x01d4c0d2c4ea597c
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\fntcache.dll
Report ID: 06977304-83c0-4460-b0c9-2fd007598141
Faulting package full name:
Faulting package-relative application ID:
Error: (02/08/2019 12:23:03 PM) (Source: TESvc) (EventID: 1000) (User: )
Description: TESvc crashed with the following message: 'Time: 2019-02-08 12:23:03Z
HResult: -2146233088
Is Terminating: True
Exception: System.Exception: Can't GetQueuedCompletionStatus: 6
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.WorkerThread(IntPtr buffer, Int32 bufferSize)
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.<>c__DisplayClass2.<KickStart>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
'
Error: (02/08/2019 12:23:03 PM) (Source: TESvc) (EventID: 1000) (User: )
Description: TESvc crashed with the following message: 'Time: 2019-02-08 12:23:03Z
HResult: -2146233088
Is Terminating: True
Exception: System.Exception: Can't GetQueuedCompletionStatus: 6
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.WorkerThread(IntPtr buffer, Int32 bufferSize)
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.<>c__DisplayClass2.<KickStart>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
'
Error: (02/08/2019 12:23:03 PM) (Source: TESvc) (EventID: 1000) (User: )
Description: TESvc crashed with the following message: 'Time: 2019-02-08 12:23:03Z
HResult: -2146233088
Is Terminating: True
Exception: System.Exception: Can't GetQueuedCompletionStatus: 6
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.WorkerThread(IntPtr buffer, Int32 bufferSize)
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.<>c__DisplayClass2.<KickStart>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
'
Error: (02/08/2019 12:23:03 PM) (Source: TESvc) (EventID: 1000) (User: )
Description: TESvc crashed with the following message: 'Time: 2019-02-08 12:23:03Z
HResult: -2146233088
Is Terminating: True
Exception: System.Exception: Can't GetQueuedCompletionStatus: 6
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.WorkerThread(IntPtr buffer, Int32 bufferSize)
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.<>c__DisplayClass2.<KickStart>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
'
Error: (02/08/2019 12:23:03 PM) (Source: TESvc) (EventID: 1000) (User: )
Description: TESvc crashed with the following message: 'Time: 2019-02-08 12:23:03Z
HResult: -2146233088
Is Terminating: True
Exception: System.Exception: Can't GetQueuedCompletionStatus: 6
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.WorkerThread(IntPtr buffer, Int32 bufferSize)
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.<>c__DisplayClass2.<KickStart>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
'
Error: (02/07/2019 07:22:36 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
Error: (02/07/2019 07:22:36 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
System errors:
=============
Error: (02/10/2019 04:53:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/10/2019 04:44:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/10/2019 04:42:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/10/2019 04:41:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/10/2019 04:33:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/10/2019 10:27:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/10/2019 10:26:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/10/2019 10:25:26 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Windows Defender:
===================================
Date: 2018-11-15 17:59:20.864
Description:
Windows Defender Antivirus has detected a suspicious behavior.
Name: Informational:Behavior/ModifiedKernel
ID: 2045043236
Severity: Low
Category: Suspicious Behaviour
Path Found: process:_0
Detection Origin: Unknown
Detection Type: Suspicious
Detection Source: Real-Time Protection
Status: Executing
Process Name: Unknown
Signature ID: 717259538435
Signature Version: AV: 1.263.48.0, AS: 1.263.48.0
Engine Version: 1.1.15400.5
Fidelity Label: Medium
Target File Name: c:\windows\\system32\drivers\e1d65x64.sys
CodeIntegrity:
===================================
Date: 2019-02-10 10:25:35.752
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
Date: 2019-02-09 23:54:17.330
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
Date: 2019-02-09 20:05:29.399
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
Date: 2019-02-09 19:28:02.991
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
Date: 2019-02-09 14:59:40.876
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
Date: 2019-02-08 12:18:52.034
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
Date: 2019-02-08 07:24:37.854
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
Date: 2019-02-07 23:56:17.914
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz
Percentage of memory in use: 24%
Total physical RAM: 32703.22 MB
Available physical RAM: 24537.31 MB
Total Virtual: 32703.22 MB
Available Virtual: 21348.2 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.28 GB) (Free:153.61 GB) NTFS
Drive d: (temp) (Fixed) (Total:39.07 GB) (Free:25.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (downloads) (Fixed) (Total:322.27 GB) (Free:29.86 GB) NTFS
Drive f: (empty) (Fixed) (Total:337.29 GB) (Free:75.09 GB) NTFS
Drive h: () (Fixed) (Total:1863.01 GB) (Free:180.74 GB) NTFS
Drive i: (SSD2) (Fixed) (Total:238.47 GB) (Free:2.97 GB) NTFS
Drive j: (3D) (Fixed) (Total:931.51 GB) (Free:188.99 GB) NTFS
Drive k: (New Volume) (Fixed) (Total:465.76 GB) (Free:40.58 GB) NTFS
Drive l: (SSD) (Fixed) (Total:465.75 GB) (Free:29.59 GB) NTFS
\\?\Volume{ba5010ff-39fe-444d-8841-ffa18404b5e9}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{f03c246c-0beb-4eb9-900f-4bd5699014ae}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 3777085E)
Partition: GPT.
========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: E3932D60)
Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=659.6 GB) - (Type=0F Extended)
========================================================
Disk: 2 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 1430CFF6)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: AD7287B9)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (Size: 1863 GB) (Disk ID: 416BC4E5)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: E4B6D691)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
_
CONCLUSION
_
Your system appears to be having trouble handling real-time audio and other tasks. You are likely to experience buffer underruns appearing as drop outs, clicks or pops. One or more DPC routines that belong to a driver running in your system appear to be executing for too long. At least one detected problem appears to be network related. In case you are using a WLAN adapter, try disabling it to get better results. One problem may be related to power management, disable CPU throttling settings in Control Panel and BIOS setup. Check for BIOS updates.
LatencyMon has been analyzing your system for 0:22:43 (h
ss) on processors 0,1,2,3,4,5,6,7,8,9,10 and 11.
_
SYSTEM INFORMATION
_
Computer name: ADON
OS version: Windows 10 , 10.0, build: 17134 (x64)
Hardware: ASRock, Z390 Taichi
CPU: GenuineIntel Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz
Logical processors: 16
Processor groups: 1
RAM: 32703 MB total
_
CPU SPEED
_
Reported CPU speed: 360 MHz
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
WARNING: the CPU speed that was measured is only a fraction of the CPU speed reported. Your CPUs may be throttled back due to variable speed settings and thermal issues. It is suggested that you run a utility which reports your actual CPU frequency and temperature.
_
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
Highest measured interrupt to process latency (µs): 58564.299983
Average measured interrupt to process latency (µs): 6.708411
Highest measured interrupt to DPC latency (µs): 58559.464425
Average measured interrupt to DPC latency (µs): 5.167176
_
REPORTED ISRs
_
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
Highest ISR routine execution time (µs): 134.885556
Driver with highest ISR routine execution time: dxgkrnl.sys - DirectX Graphics Kernel, Microsoft Corporation
Highest reported total ISR routine time (%): 0.045903
Driver with highest ISR total time: dxgkrnl.sys - DirectX Graphics Kernel, Microsoft Corporation
Total time spent in ISRs (%) 0.058991
ISR count (execution time <250 µs): 1671551
ISR count (execution time 250-500 µs): 0
ISR count (execution time 500-999 µs): 0
ISR count (execution time 1000-1999 µs): 0
ISR count (execution time 2000-3999 µs): 0
ISR count (execution time >=4000 µs): 0
_
REPORTED DPCs
_
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
Highest DPC routine execution time (µs): 49372.588889
Driver with highest DPC routine execution time: ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
Highest reported total DPC routine time (%): 0.034417
Driver with highest DPC total execution time: tcpip.sys - TCP/IP Driver, Microsoft Corporation
Total time spent in DPCs (%) 0.110449
DPC count (execution time <250 µs): 5272120
DPC count (execution time 250-500 µs): 0
DPC count (execution time 500-999 µs): 128
DPC count (execution time 1000-1999 µs): 642
DPC count (execution time 2000-3999 µs): 1888
DPC count (execution time >=4000 µs): 0
_
REPORTED HARD PAGEFAULTS
_
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
Process with highest pagefault count: teamviewer.exe
Total number of hard pagefaults 1054
Hard pagefault count of hardest hit process: 754
Number of processes hit: 18
_
PER CPU DATA
_
CPU 0 Interrupt cycle time (s): 50.134034
CPU 0 ISR highest execution time (µs): 134.885556
CPU 0 ISR total execution time (s): 12.863622
CPU 0 ISR count: 1670649
CPU 0 DPC highest execution time (µs): 49372.588889
CPU 0 DPC total execution time (s): 17.360242
CPU 0 DPC count: 5176245
_
CPU 1 Interrupt cycle time (s): 5.227976
CPU 1 ISR highest execution time (µs): 9.361667
CPU 1 ISR total execution time (s): 0.002182
CPU 1 ISR count: 888
CPU 1 DPC highest execution time (µs): 6936.255556
CPU 1 DPC total execution time (s): 0.116603
CPU 1 DPC count: 6747
_
CPU 2 Interrupt cycle time (s): 6.820183
CPU 2 ISR highest execution time (µs): 7.699444
CPU 2 ISR total execution time (s): 0.000072
CPU 2 ISR count: 14
CPU 2 DPC highest execution time (µs): 15212.242222
CPU 2 DPC total execution time (s): 0.373179
CPU 2 DPC count: 53805
_
CPU 3 Interrupt cycle time (s): 4.838249
CPU 3 ISR highest execution time (µs): 0.0
CPU 3 ISR total execution time (s): 0.0
CPU 3 ISR count: 0
CPU 3 DPC highest execution time (µs): 6745.501667
CPU 3 DPC total execution time (s): 0.016481
CPU 3 DPC count: 707
_
CPU 4 Interrupt cycle time (s): 5.066911
CPU 4 ISR highest execution time (µs): 0.0
CPU 4 ISR total execution time (s): 0.0
CPU 4 ISR count: 0
CPU 4 DPC highest execution time (µs): 14542.7150
CPU 4 DPC total execution time (s): 0.035755
CPU 4 DPC count: 4469
_
CPU 5 Interrupt cycle time (s): 5.225426
CPU 5 ISR highest execution time (µs): 0.0
CPU 5 ISR total execution time (s): 0.0
CPU 5 ISR count: 0
CPU 5 DPC highest execution time (µs): 5929.847778
CPU 5 DPC total execution time (s): 0.018526
CPU 5 DPC count: 455
_
CPU 6 Interrupt cycle time (s): 58.587495
CPU 6 ISR highest execution time (µs): 0.0
CPU 6 ISR total execution time (s): 0.0
CPU 6 ISR count: 0
CPU 6 DPC highest execution time (µs): 36574.144444
CPU 6 DPC total execution time (s): 5.874004
CPU 6 DPC count: 15182
_
CPU 7 Interrupt cycle time (s): 4.783220
CPU 7 ISR highest execution time (µs): 0.0
CPU 7 ISR total execution time (s): 0.0
CPU 7 ISR count: 0
CPU 7 DPC highest execution time (µs): 10518.358333
CPU 7 DPC total execution time (s): 0.048631
CPU 7 DPC count: 6287
_
CPU 8 Interrupt cycle time (s): 5.449508
CPU 8 ISR highest execution time (µs): 0.0
CPU 8 ISR total execution time (s): 0.0
CPU 8 ISR count: 0
CPU 8 DPC highest execution time (µs): 24466.187778
CPU 8 DPC total execution time (s): 0.095333
CPU 8 DPC count: 6268
_
CPU 9 Interrupt cycle time (s): 5.117948
CPU 9 ISR highest execution time (µs): 0.0
CPU 9 ISR total execution time (s): 0.0
CPU 9 ISR count: 0
CPU 9 DPC highest execution time (µs): 13165.2350
CPU 9 DPC total execution time (s): 0.035371
CPU 9 DPC count: 1761
_
CPU 10 Interrupt cycle time (s): 5.750938
CPU 10 ISR highest execution time (µs): 0.0
CPU 10 ISR total execution time (s): 0.0
CPU 10 ISR count: 0
CPU 10 DPC highest execution time (µs): 11868.700556
CPU 10 DPC total execution time (s): 0.068160
CPU 10 DPC count: 2840
_
CPU 11 Interrupt cycle time (s): 4.827582
CPU 11 ISR highest execution time (µs): 0.0
CPU 11 ISR total execution time (s): 0.0
CPU 11 ISR count: 0
CPU 11 DPC highest execution time (µs): 20526.306667
CPU 11 DPC total execution time (s): 0.046445
CPU 11 DPC count: 790
_
Gigabyte Z370 Aorus Gaming 7 DDR4 ATX Motherboard
Intel Core i7-8700K LGA1151 3.70GHz OEM Processor
Straight Power 11 850w - 80plus Gold Power Supply
MSI GeForce GTX 1060 6GB ARMOR OC Graphics Card
Be Quiet! Silent Loop All In One 280mm Cpu Liquid Cooler
Samsung 250GB 960 Evo M.2 SSD
Crucial Ballistix Sport LT 32GB Kit DDR4 2400MHz Memory Kit BLS2C16G4D240FSB
Sound Blaster Z
Samsung SSD 840 Pro
Samsung HD204UI HDD
and additional hdds
And I experience constant problems with sounds poping, half second freezing etc. This happens mainly after opening some website which contain more srcipts, flash, lots of images etc. But not necessarily - it's enough that the machine runs for a couple of hours and the issue starts regardless. I was thinking that's something related to the network card or the SSD. When I used utorrent on the full speed it was the worst, computer was freezing totally, and torrent client stopped responding. I moved the downloads folder to a different hdd and it improved, but hasn't resolved.
Then thought it's something wrong with the sound card, but tested with a different one and with the onboard one and it's the same.
I've tested the config with Windows 7 x64, Windows 10 x64 and it was the same. But the problem doesn't exist if I for instance play some resource greedy games - they perform as expected.
Then... my mobo failed after BIOS update.
I've got a new motherboard, this time ASRock Z390 Taichi.
Story continues with same problem.
I've requested the shop to check the CPU, as I've checked all the other components with different machines and everything seemed to be fine with them. Shop has returned my money, so I've purchased i9-9900K. And guess what? The .... problem still occurs with exactly the same symptoms. Anyone has any idea what is the root cause, as it's driving me mad.
I recently dug in many forums, and as they suggested have disabled Windows Defender (I use Bitdefender) and IPv6, which improved a little bit in a sense, that it takes a bit longer after restart befor problem occurs.
Attaching required logs and the graph from LatencyMon after 6 hours since the boot time.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2019
Ran by Marcin (administrator) on ADON (10-02-2019 18:32:16)
Running from E:\downloads
Loaded Profiles: Marcin (Available Profiles: Marcin)
Platform: Windows 10 Pro Version 1803 17134.523 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
(Genesys Logic) C:\Windows\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Dries Amine) C:\Program Files (x86)\Amine Dries\Horloger\Horloger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(K2T.eu, Kaworu) C:\Program Files\K2T\WTW\wtw.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
() C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Resplendence Software Projects Sp.) C:\Program Files\LatencyMon\LatMon.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Nullsoft, Inc.) D:\system\Winamp\winamp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft)
HKLM\...\Run: [BGinfo] => "C:\Program Files (x86)\BGinfo\bginfo.cmd"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [147016 2018-09-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [ZaAntiRansomware] => C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe [4224584 2018-11-14] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4114240 2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3282000 2019-01-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330176 2014-08-19] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Winlogon [Shell] explorer.exe [3611368 2018-07-06] (Microsoft Windows -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53535080 2019-01-16] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\Run: [Horloger] => C:\Program Files (x86)\Amine Dries\Horloger\Horloger.exe [574464 2010-05-28] (Dries Amine)
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3133216 2019-01-04] (Valve -> Valve Corporation)
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ANOTHE~1.SCR [55808 2005-03-01] ()
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( )
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] ()
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [181760 2018-04-11] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32-x32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project)
HKLM\...\Drivers32-x32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( )
HKLM\...\Drivers32-x32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] ()
HKLM\...\Drivers32-x32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] ()
HKLM\...\Drivers32-x32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler)
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [190464 2018-04-11] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
Startup: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iVMS-4200 Client.lnk [2018-11-16]
ShortcutTarget: iVMS-4200 Client.lnk -> C:\Program Files\iVMS-4200 Station\iVMS-4200\iVMS-4200 Client\iVMS-4200.exe ()
Startup: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WTW.lnk [2018-11-17]
ShortcutTarget: WTW.lnk -> C:\Program Files\K2T\WTW\wtw.exe (K2T.eu, Kaworu)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{905b10be-073e-4f33-aa9e-5e461809a6e7}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9facca7d-3a25-4e00-939d-0713d5eb0835}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKU\S-1-5-21-3644142787-1589759995-767243190-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-3644142787-1589759995-767243190-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-12-07] (Bitdefender SRL -> Bitdefender)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-12-07] (Bitdefender SRL -> Bitdefender)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-12-07] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-12-07] (Bitdefender SRL -> Bitdefender)
Toolbar: HKU\S-1-5-21-3644142787-1589759995-767243190-1001 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-12-07] (Bitdefender SRL -> Bitdefender)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
FireFox:
========
FF DefaultProfile: l8yo2bip.default-1542472685927
FF ProfilePath: C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\l8yo2bip.default-1542472685927 [2019-02-10]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2018-12-07]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2018-10-29] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2017-08-22] ()
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [779152 2018-12-07] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [779152 2018-12-07] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195320 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [2498296 2018-05-30] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33016 2018-10-31] (Check Point Software Technologies Ltd. -> )
R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33016 2018-10-31] (Check Point Software Technologies Ltd. -> )
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2017-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-19] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-19] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
R2 GeneStorSvc; C:\Windows\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe [149592 2019-01-14] (Genesys Logic, Inc. -> Genesys Logic)
S4 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [529240 2018-12-07] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender SRL -> Bitdefender)
R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [17656 2018-03-22] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-16] (TeamViewer GmbH -> TeamViewer GmbH)
R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [196344 2018-04-23] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [112656 2018-12-07] (Bitdefender SRL -> Bitdefender)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4210584 2018-09-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [804656 2018-12-07] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-15] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-15] (Microsoft Corporation -> Microsoft Corporation)
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [56688 2018-04-16] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [47688 2018-11-14] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2018-09-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2019-01-31] (ASROCK Incorporation -> ASRock Incorporation)
S3 AsrDrv103; C:\Windows\SysWOW64\Drivers\AsrDrv103.sys [34568 2018-12-04] (ASROCK Incorporation -> ASRock Incorporation) [File not signed]
R0 asstahci64; C:\Windows\System32\drivers\asstahci64.sys [98696 2019-01-31] (ASMedia Technology Inc. -> Asmedia Technology)
S0 asstor64; C:\Windows\System32\drivers\asstor64.sys [84304 2018-12-03] (ASMedia Technology Inc. -> Asmedia Technology)
R1 atc; C:\Windows\System32\DRIVERS\atc.sys [1292296 2018-06-05] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [156912 2018-10-18] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23032 2018-04-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 bdprivmon; C:\Windows\System32\DRIVERS\bdprivmon.sys [45728 2018-09-17] (Bitdefender SRL -> © Bitdefender SRL)
S3 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [96448 2018-04-27] (Bitdefender SRL -> BitDefender)
R2 cpbak; C:\Windows\System32\DRIVERS\cpbak.sys [61592 2018-04-11] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R1 CPEPMon; C:\Windows\System32\DRIVERS\CPEPMon.sys [68280 2018-04-09] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1074984 2017-01-18] (Creative Technology Ltd -> Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [42792 2017-01-18] (Creative Technology Ltd -> Creative Technology Ltd)
R3 e1rexpress; C:\Windows\System32\drivers\e1r65x64.sys [548800 2019-01-31] (Intel(R) INTELNPG1 -> Intel Corporation)
R1 epnetflt; C:\Windows\system32\drivers\epnetflt.sys [117400 2017-12-10] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R1 epregflt; C:\Windows\system32\drivers\epregflt.sys [101552 2017-10-23] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R0 Gemma; C:\Windows\System32\DRIVERS\Gemma.sys [359584 2018-12-07] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [200064 2019-01-14] (Genesys Logic, Inc. -> Genesys Logic)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [193184 2018-05-29] (Bitdefender SRL -> BitDefender LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-11-15] (Martin Malik - REALiX -> REALiX(tm))
R0 iaStorAC; C:\Windows\System32\drivers\iaStorAC.sys [967696 2018-12-03] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [147112 2018-12-07] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Ignis; C:\Windows\System32\DRIVERS\ignis.sys [196352 2018-12-07] (Bitdefender SRL -> Bitdefender)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\Bin\ISWKL.sys [65264 2018-03-11] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R3 LifeCamTrueColor; C:\Windows\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation -> Microsoft Corporation)
R3 mv91cons; C:\Windows\System32\drivers\mv91cons.sys [33504 2018-11-15] (Marvell Semiconductor, Inc. -> Marvell Semiconductor Inc.)
R0 mvs91xx; C:\Windows\System32\drivers\mvs91xx.sys [342760 2018-11-15] (Marvell Semiconductor, Inc. -> Marvell Semiconductor, Inc.)
S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7689728 2018-04-11] (Microsoft Windows -> Intel Corporation)
R2 NPF; C:\Program Files\iVMS-4200 Station\iVMS-4200\Drivers\npf64.sys [36600 2018-08-13] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_fcd0b48b9144f71d\nvlddmkm.sys [20706392 2019-02-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [48040 2018-09-25] (SteelSeries ApS -> SteelSeries ApS)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [609576 2018-06-28] (Bitdefender SRL -> Bitdefender)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2015-06-18] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [461240 2018-09-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46184 2018-11-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [328696 2018-11-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-15] (Microsoft Windows -> Microsoft Corporation)
U3 iswSvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-10 18:27 - 2019-02-10 18:32 - 000000000 ____D C:\FRST
2019-02-10 12:51 - 2019-02-10 14:31 - 000000000 ___DC C:\Users\Marcin\AppData\LocalLow\uTorrent
2019-02-10 00:55 - 2019-02-10 01:17 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\NexusFont
2019-02-10 00:55 - 2019-02-10 00:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nexusfont
2019-02-10 00:55 - 2019-02-10 00:55 - 000000000 ____D C:\Program Files (x86)\nexusfont
2019-02-09 20:21 - 2019-02-09 20:21 - 000000234 ____C C:\Users\Marcin\Desktop\Far Cry Primal.url
2019-02-09 20:21 - 2019-02-09 20:21 - 000000234 ____C C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Far Cry Primal.url
2019-02-09 17:05 - 2019-02-09 17:05 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Canneverbe Limited
2019-02-09 17:05 - 2019-02-09 17:05 - 000000000 ____D C:\ProgramData\Canneverbe Limited
2019-02-09 15:15 - 2019-02-09 15:58 - 000000000 ____D C:\ESD
2019-02-09 15:14 - 2019-02-09 15:14 - 000000000 ____D C:\$WINDOWS.~BT
2019-02-09 11:35 - 2019-02-09 11:35 - 000001406 _ C:\Users\Public\Desktop\HP LJ M1530 Scan.lnk
2019-02-09 11:35 - 2019-02-09 11:35 - 000000000 ___DC C:\Users\Marcin\Desktop\HP
2019-02-09 11:35 - 2019-02-09 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-02-09 11:31 - 2019-02-09 11:32 - 000000000 ____D C:\HP_LaserJet_Professional_M1530_MFP_Series
2019-02-08 12:31 - 2019-02-08 12:31 - 000000000 ____D C:\Program Files\HandBrake
2019-02-08 12:30 - 2019-02-08 12:34 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\HandBrake
2019-02-08 12:30 - 2019-02-08 12:31 - 000000865 ____C C:\Users\Marcin\Desktop\Handbrake.lnk
2019-02-08 12:30 - 2019-02-08 12:30 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2019-02-08 12:29 - 2019-02-08 12:30 - 000000000 ____D C:\Program Files (x86)\Handbrake
2019-02-07 07:22 - 2019-02-07 07:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-02-06 01:10 - 2019-02-06 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2019-02-06 01:10 - 2019-02-06 01:10 - 000000000 ____D C:\Program Files\CPUID
2019-02-05 13:15 - 2019-02-05 13:15 - 000051024 _ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-02-05 13:15 - 2019-02-05 13:15 - 000047800 _ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-02-05 13:15 - 2019-02-05 13:15 - 000047800 _ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-02-05 13:15 - 2019-02-05 13:15 - 000047800 _ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-02-05 00:59 - 2019-02-05 00:59 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-05 00:39 - 2019-02-05 01:01 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2019-02-05 00:39 - 2019-02-05 00:39 - 000000045 _ C:\Windows\SysWOW64\initdebug.nfo
2019-02-05 00:39 - 2019-02-05 00:39 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2019-02-04 23:29 - 2019-02-01 04:02 - 010894304 _ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 020101816 _ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 017428560 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 009254488 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 004297024 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 001471600 _ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 001462024 _ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 001168936 _ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 001151984 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 001145720 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 000914904 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 000822576 _ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 000794440 _ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-02-04 23:29 - 2019-02-01 04:01 - 000637992 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-02-04 23:29 - 2019-02-01 00:07 - 001005984 _ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-02-04 23:29 - 2019-02-01 00:07 - 001005984 _ C:\Windows\system32\vulkan-1.dll
2019-02-04 23:29 - 2019-02-01 00:07 - 000869792 _ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-02-04 23:29 - 2019-02-01 00:07 - 000869792 _ C:\Windows\SysWOW64\vulkan-1.dll
2019-02-04 23:29 - 2019-02-01 00:07 - 000551896 _ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-02-04 23:29 - 2019-02-01 00:07 - 000456848 _ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-02-04 23:29 - 2019-02-01 00:07 - 000269728 _ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-02-04 23:29 - 2019-02-01 00:07 - 000269728 _ C:\Windows\system32\vulkaninfo.exe
2019-02-04 23:29 - 2019-02-01 00:07 - 000244128 _ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-02-04 23:29 - 2019-02-01 00:07 - 000244128 _ C:\Windows\SysWOW64\vulkaninfo.exe
2019-02-04 23:29 - 2019-02-01 00:03 - 001464224 _ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-02-04 23:29 - 2019-02-01 00:03 - 001129560 _ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-02-04 23:29 - 2019-02-01 00:03 - 000992728 _ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2019-02-04 23:29 - 2019-02-01 00:03 - 000668872 _ C:\Windows\system32\nvofapi64.dll
2019-02-04 23:29 - 2019-02-01 00:03 - 000631896 _ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-02-04 23:29 - 2019-02-01 00:03 - 000566560 _ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2019-02-04 23:29 - 2019-02-01 00:03 - 000534752 _ C:\Windows\SysWOW64\nvofapi.dll
2019-02-04 23:29 - 2019-02-01 00:03 - 000522328 _ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 040234888 _ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 035140488 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 005272832 _ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 004623968 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 002031904 _ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 001534912 _ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 000752224 _ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 000611528 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2019-02-04 23:29 - 2019-02-01 00:02 - 000448720 _ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2019-02-04 23:29 - 2019-02-01 00:01 - 000858312 _ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2019-02-04 23:29 - 2019-01-31 06:13 - 000104677 _ C:\Windows\system32\nvidia-smi.1.pdf
2019-02-04 23:29 - 2019-01-31 06:13 - 000047032 _ C:\Windows\system32\nvinfo.pb
2019-02-03 19:02 - 2019-02-03 20:49 - 000000000 ____D C:\pixel
2019-02-01 23:24 - 2019-02-01 23:24 - 000466520 _ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2019-02-01 23:24 - 2019-02-01 23:24 - 000445016 _ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2019-02-01 23:24 - 2019-02-01 23:24 - 000123480 _ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2019-02-01 23:24 - 2019-02-01 23:24 - 000109144 _ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2019-02-01 23:24 - 2019-02-01 23:24 - 000000000 ____D C:\Program Files\Creative
2019-02-01 23:24 - 2014-04-25 16:33 - 001898496 ____N (Creative) C:\Windows\system32\Sens_oal.dll
2019-02-01 23:24 - 2014-04-25 16:29 - 001609728 ____N (Creative) C:\Windows\SysWOW64\Sens_oal.dll
2019-02-01 23:24 - 2012-11-26 17:19 - 000005687 ____N C:\Windows\SysWOW64\CTOPT352.cat
2019-02-01 23:24 - 2012-08-13 14:51 - 000167424 ____N (Creative Technology Ltd) C:\Windows\SysWOW64\CTOPT352.dll
2019-02-01 23:24 - 2010-10-04 15:20 - 000079360 ____N (Creative Technology Ltd) C:\Windows\SysWOW64\CTOPT399.dll
2019-02-01 23:24 - 2010-10-03 14:48 - 000005498 ____N C:\Windows\SysWOW64\CTOPT399.cat
2019-02-01 23:24 - 2008-12-22 20:13 - 000061440 ____N (Creative Technology Ltd) C:\Windows\SysWOW64\CTChkAud.dll
2019-02-01 23:24 - 2006-12-05 13:53 - 000042496 ____N (Creative Technology Ltd.) C:\Windows\SysWOW64\AddCat.exe
2019-02-01 23:24 - 2000-05-11 01:00 - 000090112 ____N (Creative Technology Ltd.) C:\Windows\Updreg.EXE
2019-01-31 23:41 - 2019-01-31 23:41 - 000022280 _ (ASRock Incorporation) C:\Windows\SysWOW64\Drivers\AsrDrv101.sys
2019-01-31 23:17 - 2019-01-31 23:17 - 000548800 _ (Intel Corporation) C:\Windows\system32\Drivers\e1r65x64.sys
2019-01-31 23:17 - 2019-01-31 23:17 - 000089536 _ (Intel Corporation) C:\Windows\system32\Drivers\e1rmsg.dll
2019-01-31 23:17 - 2019-01-31 23:17 - 000003096 _ C:\Windows\system32\e1r65x64.din
2019-01-31 23:16 - 2019-01-31 23:16 - 000466728 _ (Microsoft Corporation) C:\Windows\system32\coin99itp.dll
2019-01-31 23:16 - 2019-01-31 23:16 - 000098696 _ (Asmedia Technology) C:\Windows\system32\Drivers\asstahci64.sys
2019-01-14 00:30 - 2019-01-14 00:30 - 003183192 _ (Genesys Logic) C:\Windows\SysWOW64\GLCRIcon.dll
2019-01-14 00:30 - 2019-01-14 00:30 - 000200064 _ (Genesys Logic) C:\Windows\system32\Drivers\GeneStor.sys
2019-01-13 20:03 - 2019-01-13 20:03 - 000000000 ____D C:\Windows\system32\appmgmt
2019-01-13 19:16 - 2019-01-13 19:16 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Fatshark
2019-01-12 19:45 - 2019-01-12 19:45 - 000003562 _ C:\Windows\System32\Tasks\HPLJCustParticipation
2019-01-12 19:45 - 2019-01-12 19:45 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Hewlett-Packard Company
2019-01-12 19:44 - 2019-01-12 19:44 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\HpUpdate
2019-01-12 19:43 - 2019-01-12 19:43 - 000000608 ___SH C:\Windows\system32\winzvprt5.sys
2019-01-12 19:40 - 2011-09-28 09:44 - 000311808 _ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn117.dll
2019-01-12 19:40 - 2011-09-28 09:34 - 000316928 _ C:\Windows\SysWOW64\hpcc3117.DLL
2019-01-12 19:39 - 2019-01-12 19:39 - 000000000 ____D C:\HP_LaserJet_400_MFP_M425
2019-01-12 19:39 - 2015-04-29 22:49 - 001022984 _ (Hewlett-Packard) C:\Windows\system32\hpptsplj425_x64.dll
2019-01-12 19:39 - 2015-04-29 22:49 - 000828936 _ (Hewlett-Packard) C:\Windows\SysWOW64\hpptsplj425.dll
2019-01-12 19:39 - 2015-04-29 22:49 - 000584712 _ (HP Inc., LP) C:\Windows\system32\hpwia2_lj425.dll
2019-01-11 23:16 - 2019-01-11 23:16 - 000000222 ____C C:\Users\Marcin\Desktop\Warhammer End Times - Vermintide.url
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-10 18:30 - 2018-12-10 00:17 - 000002622 __RSH C:\ProgramData\ntuser.pol
2019-02-10 18:27 - 2018-04-11 23:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-10 16:41 - 2018-11-16 16:14 - 000001379 _ C:\Users\Public\Desktop\Skype.lnk
2019-02-10 16:41 - 2018-11-16 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-02-10 16:07 - 2018-11-15 17:46 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-02-10 14:31 - 2018-11-22 13:43 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\uTorrent
2019-02-10 10:50 - 2018-11-18 00:00 - 000000000 ____D C:\iVMS-4200
2019-02-10 10:31 - 2018-11-15 17:52 - 000842628 _ C:\Windows\system32\PerfStringBackup.INI
2019-02-10 10:31 - 2018-04-11 23:36 - 000000000 ____D C:\Windows\INF
2019-02-10 10:27 - 2018-11-15 18:45 - 000000000 ___DC C:\Users\Marcin\AppData\LocalLow\Mozilla
2019-02-10 10:26 - 2018-11-22 14:45 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-10 10:25 - 2018-11-16 16:18 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-02-10 10:25 - 2018-11-15 17:46 - 005135792 _ C:\Windows\system32\FNTCACHE.DAT
2019-02-10 10:25 - 2018-11-15 17:46 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-10 01:58 - 2018-11-26 13:07 - 000050685 _ C:\bdlog.txt
2019-02-10 01:58 - 2018-04-11 21:04 - 000524288 _ C:\Windows\system32\config\BBI
2019-02-10 01:56 - 2018-11-16 01:30 - 000000000 ____D C:\Users\Marcin\Calibre Library
2019-02-10 00:57 - 2018-11-16 16:43 - 000000000 ____D C:\Program Files\rempl
2019-02-10 00:57 - 2018-04-11 23:30 - 000000000 ____D C:\Windows\CbsTemp
2019-02-10 00:54 - 2018-04-11 23:38 - 000000167 _ C:\Windows\win.ini
2019-02-10 00:51 - 2018-11-16 13:11 - 000000000 ___RD C:\Moje dokumenty
2019-02-10 00:40 - 2018-12-11 09:46 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-02-09 23:41 - 2018-11-15 19:03 - 000000000 ____D C:\ProgramData\ProductData
2019-02-09 23:41 - 2018-11-15 19:02 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\IObit
2019-02-09 23:40 - 2018-11-17 16:49 - 000000000 ____D C:\Program Files (x86)\HD Tune Pro
2019-02-09 23:40 - 2018-11-15 22:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-02-09 23:39 - 2018-11-16 21:23 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-02-09 23:38 - 2018-12-11 09:10 - 000000000 ____D C:\Program Files (x86)\Any eBook Converter
2019-02-09 19:38 - 2018-04-11 23:38 - 000000000 ____D C:\Windows\LiveKernelReports
2019-02-09 19:28 - 2018-04-11 23:38 - 000000000 ____D C:\Windows\AppReadiness
2019-02-09 15:58 - 2018-11-15 17:46 - 000000000 ____D C:\Windows\Panther
2019-02-09 15:02 - 2018-04-11 23:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-09 11:35 - 2018-11-27 00:45 - 000000182 _ C:\Windows\system32\AddPort.ini
2019-02-09 11:35 - 2018-11-27 00:43 - 000000000 ____D C:\Program Files (x86)\HP
2019-02-08 18:09 - 2018-12-04 10:03 - 000000000 ____D C:\sell
2019-02-08 17:40 - 2018-11-15 17:51 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Adobe
2019-02-08 07:40 - 2018-11-15 18:07 - 000000000 ____D C:\ProgramData\Packages
2019-02-08 07:24 - 2018-04-11 21:04 - 000065536 _ C:\Windows\system32\config\ELAM
2019-02-07 23:55 - 2018-11-16 14:46 - 000000000 ___HD C:\SandBlastBackup
2019-02-07 07:22 - 2018-11-19 00:39 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-02-06 00:50 - 2018-11-15 18:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-05 00:59 - 2018-11-15 18:45 - 000001005 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-05 00:59 - 2018-11-15 18:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-02-04 23:30 - 2018-11-15 17:56 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-02-04 19:49 - 2018-11-16 01:30 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\calibre
2019-02-03 00:03 - 2018-11-16 16:18 - 000001040 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-02-03 00:03 - 2018-11-16 16:18 - 000001028 _ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-02-01 23:24 - 2018-11-15 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2019-02-01 23:24 - 2018-11-15 22:21 - 000000000 ____D C:\Program Files (x86)\Creative
2019-02-01 23:23 - 2018-11-15 22:21 - 000000078 ___RH C:\Windows\ctfile.rfc
2019-02-01 23:23 - 2018-11-15 17:56 - 000000000 ____D C:\Users\Public\Creative
2019-02-01 04:01 - 2018-09-16 23:32 - 005037040 _ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-01-31 06:13 - 2018-11-22 14:49 - 000001951 _ C:\Windows\NvTelemetryContainerRecovery.bat
2019-01-30 20:08 - 2018-11-26 01:09 - 005364776 _ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-01-30 20:08 - 2018-11-26 01:09 - 002624824 _ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-01-30 20:08 - 2018-11-26 01:09 - 001767920 _ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-01-30 20:08 - 2018-11-26 01:09 - 000651248 _ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-01-30 20:08 - 2018-11-26 01:09 - 000450600 _ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-01-30 20:08 - 2018-11-26 01:09 - 000124968 _ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-01-30 20:08 - 2018-11-26 01:09 - 000082800 _ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-01-30 13:34 - 2018-11-26 01:09 - 008488852 _ C:\Windows\system32\nvcoproc.bin
2019-01-26 14:03 - 2018-11-26 01:08 - 000001951 _ C:\Windows\NvContainerRecovery.bat
2019-01-16 01:32 - 2018-11-15 17:51 - 000000000 ____D C:\Users\Marcin
2019-01-13 20:05 - 2018-11-27 00:37 - 000000000 ____D C:\ProgramData\HP
2019-01-13 20:00 - 2018-11-18 03:00 - 000000000 ____D C:\Program Files (x86)\Steam
2019-01-12 19:45 - 2018-11-27 00:37 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2019-01-12 18:30 - 2018-12-06 23:42 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\KeePass
2019-01-12 17:49 - 2018-12-06 23:14 - 000001186 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2019-01-12 17:49 - 2018-12-06 23:14 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2019-01-11 23:16 - 2018-11-19 12:24 - 000000000 ___DC C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-11-15 17:46
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019
Ran by Marcin (10-02-2019 18:33:03)
Running from E:\downloads
Windows 10 Pro Version 1803 17134.523 (X64) (2018-11-15 17:47:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3644142787-1589759995-767243190-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3644142787-1589759995-767243190-503 - Limited - Disabled)
Guest (S-1-5-21-3644142787-1589759995-767243190-501 - Limited - Disabled)
Marcin (S-1-5-21-3644142787-1589759995-767243190-1001 - Administrator - Enabled) => C:\Users\Marcin
WDAGUtilityAccount (S-1-5-21-3644142787-1589759995-767243190-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {8D637332-9C08-995E-98D7-8237936B0E9F}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{BC741628-0AFC-405C-8946-DD46D1005A0A}) (Version: 8.2.4 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
ACDSee Photo Studio Ultimate 2018 (HKLM\...\{35035ABF-4733-478B-88AC-CB25FF451926}) (Version: 11.0.0.1200 - ACD Systems International Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
AIDA64 5.99.4900 (HKLM-x32\...\AIDA64_is1) (Version: 5.99.4900 - lrepacks.ru)
Another Matrix Screen Saver (HKLM-x32\...\Another Matrix Screen Saver_is1) (Version: - NicheScreenSavers.com)
Assassin's Creed Odyssey (HKLM-x32\...\Uplay Install 5059) (Version: - Ubisoft)
Assassin's Creed Origins (HKLM-x32\...\Uplay Install 3539) (Version: - Ubisoft)
A-Tuning v3.0.245 (HKLM-x32\...\A-Tuning_is1) (Version: 3.0.245 - ASRock Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 23.0.8.115 - Bitdefender)
Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 23.0.14.61 - Bitdefender)
Book Collector (HKLM-x32\...\{FD0F8123-9035-44B0-B331-2596979E74ED}_is1) (Version: - Collectorz.com)
calibre 64bit (HKLM\...\{A9CFF5B2-9CF6-4903-ACD1-CE9CFDFD6206}) (Version: 3.34.0 - Kovid Goyal)
Check Point SBA (HKLM\...\{942ADD32-A2CC-4A36-B0AB-AB881084CFE0}) (Version: 86.5.1 - Check Point Software Technologies Ltd.) Hidden
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
CPUID HWMonitor 1.39 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.39 - CPUID, Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 418.81 - NVIDIA Corporation) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dropbox (HKLM-x32\...\Dropbox) (Version: 66.4.84 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Exact Audio Copy 1.3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.3 - Andre Wiethoff)
Far Cry Primal (HKLM-x32\...\Uplay Install 2010) (Version: - Ubisoft)
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: "1.0.0.10" - Rockstar Games)
HandBrake 1.2.0 (HKLM-x32\...\HandBrake) (Version: 1.2.0 - )
Horloger 1.0 Final (HKLM-x32\...\Horloger 1.0 Final) (Version: - )
HP LaserJet Professional M1530 MFP Series (HKLM-x32\...\{74280B5D-A0AF-46c5-9C85-D9EA078262F1}) (Version: 15.0.15188.928 - Hewlett-Packard)
HP LJ M1530 MFP Series HP Scan (HKLM-x32\...\{C05002F1-06F8-4A15-B6F8-E4DC655C28AA}) (Version: 1.0.302.0 - Hewlett-Packard Co.)
HPLJDXPHelper (HKLM-x32\...\{010788AB-706E-4604-A46B-6785EAB64B5E}) (Version: 140.069.007 - HP) Hidden
HPLJUTCore (HKLM-x32\...\{B445502B-2F83-4873-90F1-06059F71A46A}) (Version: 014.000.0001 - HP) Hidden
hppLaserJetService (HKLM-x32\...\{0C4C3664-157A-4D69-B474-31EBF2EE1AE3}) (Version: 009.033.00926 - Hewlett-Packard) Hidden
hppM425LaserJetService (HKLM-x32\...\{5CDD2730-3425-4423-AC99-0FAB62A35D9B}) (Version: 001.019.00639 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{E35D0ED5-716B-4E1F-8477-54DD746DF527}) (Version: 140.040.00231 - Hewlett Packard) Hidden
iVMS-4200(2.7.2.7) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.7.2.7 - hikvision)
kED 2.1.4.0 (HKLM-x32\...\kED_is1) (Version: - )
KeePass Password Safe 2.41 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.41 - Dominik Reichl)
Kindle Previewer 3 (HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\Kindle Previewer 3) (Version: 3.28.1 - Amazon)
K-Lite Mega Codec Pack 14.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.5 - KLCP)
LatencyMon 6.70 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{56F27690-F6EA-3356-980A-02BA379506EE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)语言包 - 简体中文 (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - CHS) (Version: 10.0.30319 - Microsoft Corporation)
MKVToolNix 29.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 29.0.0 - Moritz Bunkus)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 65.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 65.0 (x64 en-GB)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.1 - Mozilla)
nexusfont 2.6 (ver 2.6.2.1870) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version: - xiles)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.12 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.16.0.140 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.140 - NVIDIA Corporation)
NVIDIA Graphics Driver 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 418.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Pakiet zgodności dla systemu Office 2007 (HKLM-x32\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Polski (programisty) - UK (HKLM\...\{2D4D3FBD-514D-4323-803C-67A9170D9382}) (Version: 1.0.3.40 - Wojo)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
SADPTool (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 3.0.0.16 - hikvision)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}Office14.PROPLUSR{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype version 8.37 (HKLM-x32\...\Skype_is1) (Version: 8.37 - Skype Technologies S.A.)
Sound Blaster Z-Series (HKLM-x32\...\{DAB64FB1-0BBB-486E-9C57-A3E34F463AEB}) (Version: 1.01.10 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.9025 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 73.2 - Ubisoft)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: 3.0.6.27 - )
Win10Pcap (HKLM-x32\...\{B5B58F8A-1984-4F3E-B400-235A6E005002}) (Version: 10.2.5002 - Daiyuu Nobori, University of Tsukuba, Japan)
Winamp (HKLM-x32\...\Winamp) (Version: 5.572 - Nullsoft, Inc)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WTW 1.28.0.4860 IM (HKLM\...\{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}) (Version: 1.28.0.4860 - K2T.eu)
ZoneAlarm Anti-Ransomware (HKLM-x32\...\{0B8C3231-9818-4CB9-8213-4AB839836791}) (Version: 1.001.0670 - Check Point Software) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{6F277433-5A52-4DC5-AA23-ECE8FD045EBD}) (Version: 15.4.062.17802 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.4.062.17802 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{37F2A556-851C-46BA-BDD4-48745E7A106B}) (Version: 15.4.062.17802 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3644142787-1589759995-767243190-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Marcin\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3644142787-1589759995-767243190-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Marcin\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3644142787-1589759995-767243190-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Marcin\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [PicaViewCtxMenuShlExt] -> {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} => C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [2015-08-28] (ACD Systems International -> ACD Systems International Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-10-30] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-10-30] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-10-30] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {16FFDCEF-C4DC-43D6-885E-D9D4E4A4041D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {24DC0F47-CF61-4B72-95AC-AEE83CB6CFD9} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2963C7F7-EB96-430F-9366-7DCFB685F099} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {30878BD4-D708-4E8F-9B58-4F31B519D63C} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe (Hewlett-Packard Company -> Hewlett Packard)
Task: {53A3678B-7A86-43B8-93EB-F35B3DE3C6E5} - System32\Tasks\AdobeAAMUpdater-1.0-ADON-Marcin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {6D733FAE-0FCD-477D-98AD-9C1DC55A838C} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7D3C6D5E-9840-46DD-93D4-68B50B799125} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8D102A88-EB5F-4ACF-903A-BFBFA5E292B7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8FB7AF43-97C9-4416-92DE-FCEE22138774} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe (Bitdefender SRL -> Bitdefender)
Task: {91482678-0425-4AE6-A857-B2A66E1FB3B3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A4A5B739-ACAA-4744-84B8-E7D881F840D9} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ABBEEDBC-D9C6-441D-A86E-CBFFF2E18A6B} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B1D60EE0-DE93-4C6A-A685-F869D8F910C5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B4ABC517-53F4-4FAE-9F08-1EF76556F59D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {C9ABC908-B9F0-4465-8B3C-DC094A50DAEC} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E4C853A4-C5DF-4573-BA2E-AAC8ED251BAD} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E8025F87-FFE4-4738-ADC9-FC02EFF4C3B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {EF704C39-B9F8-4737-A7B5-7A2F87B3AD6B} - \Optimize Thumbnail Cache Files -> No File <==== ATTENTION
Task: {F80757AA-EFD7-4779-8069-8E288C9EFA0A} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe (Bitdefender SRL -> Bitdefender)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\Optimize Thumbnail Cache Files.job => Wscript.exe J/nologo /E:jscript /B C:\ProgramData\InstallShield\Update\isuspm.ini <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K2T\WTW\Forum.lnk -> hxxp://forum.k2t.eu
Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K2T\WTW\Propositions.lnk -> hxxp://bugtraq.k2t.eu
Shortcut: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K2T\WTW\Report Bug.lnk -> hxxp://bugtraq.k2t.eu
==================== Loaded Modules (Whitelisted) ==============
2018-11-26 13:19 - 2018-11-26 13:19 - 000994752 _ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttpbr.mdl
2018-11-26 13:19 - 2018-11-26 13:19 - 000544880 _ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttpdsp.mdl
2018-11-26 13:19 - 2018-11-26 13:19 - 003240080 _ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttpph.mdl
2018-11-26 13:19 - 2018-11-26 13:19 - 001530368 _ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttprbl.mdl
2018-11-26 01:18 - 2018-12-06 10:14 - 001315312 _ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-11 23:34 - 2018-04-11 23:34 - 000491744 _ () C:\Windows\System32\InputHost.dll
2018-04-11 23:34 - 2018-04-11 23:34 - 000472064 _ () C:\Windows\ShellExperiences\TileControl.dll
2019-01-07 17:06 - 2018-11-09 02:17 - 002759680 _ () C:\Windows\ShellComponents\TaskFlowUI.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2019-01-09 18:27 - 2019-01-01 06:42 - 002185728 _ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-31 23:14 - 2019-01-31 23:14 - 000182272 _ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-02-07 01:08 - 2019-02-07 01:08 - 028028416 _ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-02-07 01:08 - 2019-02-07 01:08 - 000305152 _ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-04-12 16:24 - 2018-04-12 16:24 - 000902656 _ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-29 16:35 - 2018-11-29 16:35 - 004202208 _ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-07 01:08 - 2019-02-07 01:08 - 006033408 _ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-02-07 01:08 - 2019-02-07 01:08 - 009338368 _ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-11-26 01:18 - 2018-12-06 10:14 - 101252592 _ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-11-26 01:18 - 2018-12-06 10:14 - 004620272 _ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libglesv2.dll
2018-11-26 01:18 - 2018-12-06 10:14 - 000109040 _ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libegl.dll
2018-11-16 13:23 - 2018-05-21 06:20 - 000019456 _ () C:\Program Files\K2T\WTW\libCryptoLayer.module
2018-11-16 13:23 - 2018-05-21 06:18 - 000088064 _ () C:\Program Files\K2T\WTW\libCryptoWtw.module
2018-11-16 13:23 - 2018-05-21 06:20 - 000579584 _ () C:\Program Files\K2T\WTW\libImage.module
2018-11-16 13:23 - 2018-05-21 06:20 - 000575488 _ () C:\Program Files\K2T\WTW\libSQ3.module
2018-11-16 13:23 - 2018-05-21 06:18 - 000092160 _ () C:\Program Files\K2T\WTW\libZlib.module
2018-11-16 13:23 - 2018-05-21 06:18 - 000129024 _ () C:\Program Files\K2T\WTW\libExpat.module
2018-11-16 13:23 - 2018-05-21 06:21 - 000442880 _ () C:\Program Files\K2T\WTW\libLexer.module
2018-11-16 13:23 - 2018-05-21 06:25 - 000014336 _ () C:\Program Files\K2T\WTW\libWin8.module
2018-10-31 00:47 - 2018-10-31 00:47 - 000033016 _ () c:\program files (x86)\checkpoint\endpoint security\tpcommon\cipolla\sbacipollasrvhost.exe
2018-11-15 18:11 - 2018-11-15 18:11 - 000009216 _ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-31 23:14 - 2019-01-31 23:14 - 000060416 _ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-31 23:14 - 2019-01-31 23:14 - 000481280 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-01-31 23:14 - 2019-01-31 23:14 - 080636416 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-11-15 18:10 - 2018-11-15 18:28 - 002523136 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-01-17 19:25 - 2019-01-17 19:25 - 000012288 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-01-31 23:14 - 2019-01-31 23:14 - 003824640 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-31 23:14 - 2019-01-31 23:14 - 014225408 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-01-31 23:14 - 2019-01-31 23:14 - 002871296 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-11-15 18:10 - 2018-11-15 18:28 - 000973312 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-11-15 18:10 - 2018-11-15 18:28 - 004584960 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-31 23:14 - 2019-01-31 23:14 - 000146432 _ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\SKU.dll
2018-12-07 19:51 - 2018-12-07 19:51 - 004220928 _ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-12-07 19:51 - 2018-12-07 19:51 - 004380232 _ () C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18003.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000153336 _ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\TPCommonCLI.dll
2015-07-20 11:26 - 2015-07-20 11:26 - 001058320 _ () C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CloudServices.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000096504 _ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationProxyWrapperLib.dll
2018-11-26 01:18 - 2018-12-06 10:14 - 001033200 _ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000063224 _ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\FileOperationsWrapperLib.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000059128 _ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\FileOperationsLib.dll
2018-11-16 16:14 - 2019-01-16 23:33 - 001837672 _ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2019-02-10 16:41 - 2019-01-16 23:33 - 002388832 _ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2019-02-10 16:41 - 2019-01-16 23:33 - 000097840 _ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2019-02-10 16:41 - 2019-01-16 23:33 - 000219696 _ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2019-02-10 16:41 - 2019-01-16 23:33 - 000081768 _ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node
2018-11-16 16:14 - 2019-01-16 23:33 - 002901504 _ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-11-16 16:14 - 2019-01-16 23:33 - 000015360 _ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2019-02-10 16:41 - 2019-01-16 23:33 - 000405056 _ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2019-02-10 16:41 - 2019-01-16 23:33 - 000138816 _ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2019-02-10 16:41 - 2019-01-16 23:34 - 003239784 _ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\Processing.NDI.Lib.x86.dll
2018-11-19 00:19 - 2018-06-14 10:26 - 000144336 _ () C:\Program Files\LatencyMon\rspWmi32.dll
2018-11-19 00:19 - 2018-06-14 10:26 - 000512368 _ () C:\Program Files\LatencyMon\rspSymSrv32.dll
2018-11-19 00:19 - 2018-06-14 10:26 - 000132080 _ () C:\Program Files\LatencyMon\rspDisMon32.dll
2010-01-13 22:46 - 2018-11-19 21:34 - 000016384 _ () D:\system\Winamp\System\gracenote.w5s
2015-04-24 17:23 - 2012-02-22 01:33 - 000242176 _ () D:\system\Winamp\Plugins\in_cue.dll
2015-04-24 17:23 - 2012-02-22 01:33 - 000128512 _ () D:\system\Winamp\Plugins\in_sid2.dll
2010-01-13 22:46 - 2018-11-19 21:34 - 000028672 _ () D:\system\Winamp\Plugins\ml_autotag.dll
2008-10-16 20:43 - 2008-10-16 20:43 - 003204096 _ () D:\system\Winamp\Plugins\ml_nowplaying2.dll
2010-01-13 22:46 - 2018-11-19 21:34 - 000061952 _ () D:\system\Winamp\Plugins\ml_plg.dll
2010-01-13 22:46 - 2013-12-13 02:47 - 000333824 _ () D:\system\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2015-04-24 17:23 - 2012-02-22 01:33 - 000004608 _ () D:\system\Winamp\Plugins\gen_cue.dll
2006-07-23 20:47 - 2006-07-23 20:47 - 000065536 _ () D:\system\Winamp\Plugins\gen_mbapi.dll
2010-01-13 22:46 - 2018-11-19 21:34 - 000057344 _ () D:\system\Winamp\Plugins\gen_orgler.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-11 23:38 - 2018-04-11 23:36 - 000000824 _ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\Control Panel\Desktop\\Wallpaper -> d:\Temp\BGInfo.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: HP LaserJet Service => 2
HKLM\...\StartupApproved\Run32: => "UpdReg"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "StatusAlerts"
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-3644142787-1589759995-767243190-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{7FB50155-A53B-40BE-9EC4-33F918D87D3E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{0581C84D-8C9C-48A1-A179-995B256EF9E2}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{999AEACF-DE6F-4021-B70C-1FEE3C0DA3B9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{9AB8829F-B0A1-4273-AE49-3EAC78EC91A9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{AA2C8D4A-12CB-4071-BF3F-25828F684FD0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2681B8CD-5A9D-450A-9AA5-355B9D7E43B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DCF7C353-B879-4AFB-A217-806963D2ABDA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DriverBooster.exe No File
FirewallRules: [{94CE14F9-D30C-4055-A5AF-F40D12891D54}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DriverBooster.exe No File
FirewallRules: [{91BC3E32-55DB-436E-9B10-85149BEBFB51}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DBDownloader.exe No File
FirewallRules: [{C3AE03D8-8C64-45E2-9971-306A18CE3355}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DBDownloader.exe No File
FirewallRules: [{BEF01ED8-05C9-46CB-B141-1F32382D9E59}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\AutoUpdate.exe No File
FirewallRules: [{BEEB34C8-559D-4FC5-BB83-8C7F6621C9CB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\AutoUpdate.exe No File
FirewallRules: [{85756C1A-2D4B-43E1-A616-9C8B12186C63}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe (K2T.eu, Kaworu)
FirewallRules: [{153BB44A-F5B9-4F27-AC5B-AD832930D0CA}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe (K2T.eu, Kaworu)
FirewallRules: [TCP - Installer for ACDSee Commander Ultimate 2018] => (Allow) C:\Program Files\ACD Systems\ACDSee Ultimate\11.0\ACDSeeCommanderUltimate11.exe (KpoJIuK)
FirewallRules: [UDP - Installer for ACDSee Commander Ultimate 2018] => (Allow) C:\Program Files\ACD Systems\ACDSee Ultimate\11.0\ACDSeeCommanderUltimate11.exe (KpoJIuK)
FirewallRules: [{28E4C156-2475-46A9-B73B-1FEF2C363C9D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{77D9A318-762E-453B-A46A-1E2EBCDD05BD}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{494A5C03-D2C9-45F6-BD34-58AFDC27587C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{92562666-23B2-4D77-8FDD-A1B268B4D065}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3FD18AD1-99BC-47D5-9091-57F7699E529A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{73159E31-C0F1-42C8-B49A-F6A9C946E94B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{0CBCC607-D18F-4AF8-B731-AB94E6D5E959}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{448CEBBB-E06C-4C90-987D-C6988C99A722}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{272E83BF-BB7A-4382-866B-C875706DCA00}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{347B3632-2353-497F-A042-DFBB186AFE4C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{46E4D87B-0E84-46F2-8FF0-B6CAE2797286}] => (Allow) D:5\Steam\steamapps\common\Call of Cthulhu\CallOfCthulhu.exe No File
FirewallRules: [{83C312AE-0254-46F3-B8E3-42633EC95EA6}] => (Allow) D:5\Steam\steamapps\common\Call of Cthulhu\CallOfCthulhu.exe No File
FirewallRules: [{5747F6F1-F992-446B-9747-12A251A3591A}] => (Allow) D:5\Steam\steamapps\common\Metro 2033 Redux\metro.exe No File
FirewallRules: [{434988D9-ECC2-4A58-A1B9-C752A3EFB818}] => (Allow) D:5\Steam\steamapps\common\Metro 2033 Redux\metro.exe No File
FirewallRules: [{B4E4D92B-85E0-4414-AD7A-CA000E0D753B}] => (Allow) D:5\Steam\steamapps\common\Metro Last Light Redux\metro.exe No File
FirewallRules: [{FA138968-8BC4-481F-B006-4BDB664BC210}] => (Allow) D:5\Steam\steamapps\common\Metro Last Light Redux\metro.exe No File
FirewallRules: [{4A24218A-276A-429A-B83D-9E56F2ECE8C0}] => (Allow) L:\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro)
FirewallRules: [{6BE86B6D-CF24-4627-9659-01EFBFA70B4A}] => (Allow) L:\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro)
FirewallRules: [{1FBDFE0A-657F-47EF-9918-B1C165E84B44}] => (Allow) C:\Users\Marcin\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D1330323-93AE-422F-8A39-629FFA47F1B2}] => (Allow) C:\Users\Marcin\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{1B31B0E7-CA92-43CD-B1C9-466299FA72B8}] => (Allow) L:\Steam\steamapps\common\Hitman™\Launcher.exe (IO INTERACTIVE A/S -> )
FirewallRules: [{58CF86E3-0A1C-43F3-9328-3ECBC8EFA463}] => (Allow) L:\Steam\steamapps\common\Hitman™\Launcher.exe (IO INTERACTIVE A/S -> )
FirewallRules: [{9CAF693D-BFE6-41D5-B605-D7C2DD265461}] => (Allow) L:\Steam\steamapps\common\Ring of Elysium\SLauncher.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{378004EA-5312-41A8-9794-460658ADB5A4}] => (Allow) L:\Steam\steamapps\common\Ring of Elysium\SLauncher.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{8763941E-E827-4A20-A30E-596828945C4F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8988DE50-8045-4FF4-BDE7-AB694A811206}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{56FDE6C7-B304-4CEB-B6D7-109FEAAE4011}] => (Allow) I:\Age of Empires III\age3.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [{961F8CC3-6BAD-46EC-A00A-871C4270499E}] => (Allow) I:\Age of Empires III\age3.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [{68206F20-57D8-4CB2-A4E9-606EBC074991}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8BD24899-493A-483B-87B1-C5E1446275A0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3A9B90BA-AABE-42F2-8EE7-E48CCA1A0B28}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7E3B41A1-A73F-4490-A1AD-98E92E989FCF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5B03B75B-03CB-4F17-989F-71475DD79047}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AEE3969D-6A9B-4C3E-9D96-873CEC38AA37}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3E5832B7-8EDD-4A27-B1C7-CE75A0870968}] => (Allow) L:\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{C10412BA-D441-42C0-8DF0-6A9258BD5B78}] => (Allow) L:\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{09A3DE97-7468-4272-A908-77DBA2AC117A}] => (Allow) L:\Steam\steamapps\common\Sniper Ghost Warrior\Sniper_x86.exe (City Interactive)
FirewallRules: [{3B846ACF-79D2-435F-8DFD-3533AFA3C7DB}] => (Allow) L:\Steam\steamapps\common\Sniper Ghost Warrior\Sniper_x86.exe (City Interactive)
FirewallRules: [{8BD081CB-B61F-4ED2-8279-F62B4CDAED05}] => (Allow) L:\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{F05514FD-757C-4B51-AF78-39307D73A1B9}] => (Allow) L:\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{220A64F4-7C57-4B69-8EFB-9D9016DF3F19}] => (Allow) L:\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{9B1A8031-0646-4F85-95E5-82E5C81BBE2F}] => (Allow) L:\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{D84EE1A0-F898-4C70-B628-DB44C2753916}] => (Allow) L:\Steam\steamapps\common\Call of Cthulhu\CallOfCthulhu.exe (Focus Home Interactive -> )
FirewallRules: [{8C7E23C2-464F-4E76-8485-B1CCB0B2A6E9}] => (Allow) L:\Steam\steamapps\common\Call of Cthulhu\CallOfCthulhu.exe (Focus Home Interactive -> )
FirewallRules: [{13E97AF3-F3D6-4B77-A161-211FFD951A7E}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\568705AA-DD8A-4134-B8B9-9609721FBBCE\Installer\hpbcsiInstaller.exe No File
FirewallRules: [{67EECD06-D2CD-46AE-8B8A-72DA3D5DB5F4}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\568705AA-DD8A-4134-B8B9-9609721FBBCE\Installer\hpbcsiInstaller.exe No File
FirewallRules: [{8D235337-1C36-46FF-9BA8-499E7F063DDD}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\74280B5D-A0AF-46c5-9C85-D9EA078262F1\Installer\hpbcsiInstaller.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{E8B2193E-8582-4B06-ADDA-AEFA442D477C}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\74280B5D-A0AF-46c5-9C85-D9EA078262F1\Installer\hpbcsiInstaller.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{6D3F97E7-FF4C-4B7C-9EA1-AB2255166AC3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{34BA0CE4-6DC0-4FD4-B783-8D93A246EB85}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{F3C90871-70FB-4690-BE74-E4E5ABBBBB10}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{25A1AAA3-1CDA-42F2-A318-13C68C2644DB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{AEADEFF9-5443-4A2C-B99F-2AF7AAA7D521}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{7E2DFC6D-3DAC-4FE5-B00E-B7265F78B593}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{750A8B26-9828-4291-945A-BDF05F9DDFD0}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
09-02-2019 23:40:17 Removed ePUBee Maker
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/10/2019 01:15:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FontCache, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: fntcache.dll, version: 10.0.17134.376, time stamp: 0xc351a612
Exception code: 0x40000015
Fault offset: 0x000000000005a939
Faulting process ID: 0xd78
Faulting application start time: 0x01d4c0d2c4ea597c
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\fntcache.dll
Report ID: 06977304-83c0-4460-b0c9-2fd007598141
Faulting package full name:
Faulting package-relative application ID:
Error: (02/08/2019 12:23:03 PM) (Source: TESvc) (EventID: 1000) (User: )
Description: TESvc crashed with the following message: 'Time: 2019-02-08 12:23:03Z
HResult: -2146233088
Is Terminating: True
Exception: System.Exception: Can't GetQueuedCompletionStatus: 6
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.WorkerThread(IntPtr buffer, Int32 bufferSize)
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.<>c__DisplayClass2.<KickStart>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
'
Error: (02/08/2019 12:23:03 PM) (Source: TESvc) (EventID: 1000) (User: )
Description: TESvc crashed with the following message: 'Time: 2019-02-08 12:23:03Z
HResult: -2146233088
Is Terminating: True
Exception: System.Exception: Can't GetQueuedCompletionStatus: 6
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.WorkerThread(IntPtr buffer, Int32 bufferSize)
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.<>c__DisplayClass2.<KickStart>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
'
Error: (02/08/2019 12:23:03 PM) (Source: TESvc) (EventID: 1000) (User: )
Description: TESvc crashed with the following message: 'Time: 2019-02-08 12:23:03Z
HResult: -2146233088
Is Terminating: True
Exception: System.Exception: Can't GetQueuedCompletionStatus: 6
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.WorkerThread(IntPtr buffer, Int32 bufferSize)
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.<>c__DisplayClass2.<KickStart>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
'
Error: (02/08/2019 12:23:03 PM) (Source: TESvc) (EventID: 1000) (User: )
Description: TESvc crashed with the following message: 'Time: 2019-02-08 12:23:03Z
HResult: -2146233088
Is Terminating: True
Exception: System.Exception: Can't GetQueuedCompletionStatus: 6
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.WorkerThread(IntPtr buffer, Int32 bufferSize)
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.<>c__DisplayClass2.<KickStart>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
'
Error: (02/08/2019 12:23:03 PM) (Source: TESvc) (EventID: 1000) (User: )
Description: TESvc crashed with the following message: 'Time: 2019-02-08 12:23:03Z
HResult: -2146233088
Is Terminating: True
Exception: System.Exception: Can't GetQueuedCompletionStatus: 6
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.WorkerThread(IntPtr buffer, Int32 bufferSize)
at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.<>c__DisplayClass2.<KickStart>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
'
Error: (02/07/2019 07:22:36 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
Error: (02/07/2019 07:22:36 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
System errors:
=============
Error: (02/10/2019 04:53:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/10/2019 04:44:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/10/2019 04:42:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/10/2019 04:41:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/10/2019 04:33:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/10/2019 10:27:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/10/2019 10:26:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/10/2019 10:25:26 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Windows Defender:
===================================
Date: 2018-11-15 17:59:20.864
Description:
Windows Defender Antivirus has detected a suspicious behavior.
Name: Informational:Behavior/ModifiedKernel
ID: 2045043236
Severity: Low
Category: Suspicious Behaviour
Path Found: process:_0
Detection Origin: Unknown
Detection Type: Suspicious
Detection Source: Real-Time Protection
Status: Executing
Process Name: Unknown
Signature ID: 717259538435
Signature Version: AV: 1.263.48.0, AS: 1.263.48.0
Engine Version: 1.1.15400.5
Fidelity Label: Medium
Target File Name: c:\windows\\system32\drivers\e1d65x64.sys
CodeIntegrity:
===================================
Date: 2019-02-10 10:25:35.752
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
Date: 2019-02-09 23:54:17.330
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
Date: 2019-02-09 20:05:29.399
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
Date: 2019-02-09 19:28:02.991
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
Date: 2019-02-09 14:59:40.876
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
Date: 2019-02-08 12:18:52.034
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
Date: 2019-02-08 07:24:37.854
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
Date: 2019-02-07 23:56:17.914
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume10\Windows\System32\plkuk.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz
Percentage of memory in use: 24%
Total physical RAM: 32703.22 MB
Available physical RAM: 24537.31 MB
Total Virtual: 32703.22 MB
Available Virtual: 21348.2 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.28 GB) (Free:153.61 GB) NTFS
Drive d: (temp) (Fixed) (Total:39.07 GB) (Free:25.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (downloads) (Fixed) (Total:322.27 GB) (Free:29.86 GB) NTFS
Drive f: (empty) (Fixed) (Total:337.29 GB) (Free:75.09 GB) NTFS
Drive h: () (Fixed) (Total:1863.01 GB) (Free:180.74 GB) NTFS
Drive i: (SSD2) (Fixed) (Total:238.47 GB) (Free:2.97 GB) NTFS
Drive j: (3D) (Fixed) (Total:931.51 GB) (Free:188.99 GB) NTFS
Drive k: (New Volume) (Fixed) (Total:465.76 GB) (Free:40.58 GB) NTFS
Drive l: (SSD) (Fixed) (Total:465.75 GB) (Free:29.59 GB) NTFS
\\?\Volume{ba5010ff-39fe-444d-8841-ffa18404b5e9}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{f03c246c-0beb-4eb9-900f-4bd5699014ae}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 3777085E)
Partition: GPT.
========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: E3932D60)
Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=659.6 GB) - (Type=0F Extended)
========================================================
Disk: 2 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 1430CFF6)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: AD7287B9)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (Size: 1863 GB) (Disk ID: 416BC4E5)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: E4B6D691)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
_
CONCLUSION
_
Your system appears to be having trouble handling real-time audio and other tasks. You are likely to experience buffer underruns appearing as drop outs, clicks or pops. One or more DPC routines that belong to a driver running in your system appear to be executing for too long. At least one detected problem appears to be network related. In case you are using a WLAN adapter, try disabling it to get better results. One problem may be related to power management, disable CPU throttling settings in Control Panel and BIOS setup. Check for BIOS updates.
LatencyMon has been analyzing your system for 0:22:43 (h
ss) on processors 0,1,2,3,4,5,6,7,8,9,10 and 11._
SYSTEM INFORMATION
_
Computer name: ADON
OS version: Windows 10 , 10.0, build: 17134 (x64)
Hardware: ASRock, Z390 Taichi
CPU: GenuineIntel Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz
Logical processors: 16
Processor groups: 1
RAM: 32703 MB total
_
CPU SPEED
_
Reported CPU speed: 360 MHz
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
WARNING: the CPU speed that was measured is only a fraction of the CPU speed reported. Your CPUs may be throttled back due to variable speed settings and thermal issues. It is suggested that you run a utility which reports your actual CPU frequency and temperature.
_
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
Highest measured interrupt to process latency (µs): 58564.299983
Average measured interrupt to process latency (µs): 6.708411
Highest measured interrupt to DPC latency (µs): 58559.464425
Average measured interrupt to DPC latency (µs): 5.167176
_
REPORTED ISRs
_
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
Highest ISR routine execution time (µs): 134.885556
Driver with highest ISR routine execution time: dxgkrnl.sys - DirectX Graphics Kernel, Microsoft Corporation
Highest reported total ISR routine time (%): 0.045903
Driver with highest ISR total time: dxgkrnl.sys - DirectX Graphics Kernel, Microsoft Corporation
Total time spent in ISRs (%) 0.058991
ISR count (execution time <250 µs): 1671551
ISR count (execution time 250-500 µs): 0
ISR count (execution time 500-999 µs): 0
ISR count (execution time 1000-1999 µs): 0
ISR count (execution time 2000-3999 µs): 0
ISR count (execution time >=4000 µs): 0
_
REPORTED DPCs
_
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
Highest DPC routine execution time (µs): 49372.588889
Driver with highest DPC routine execution time: ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
Highest reported total DPC routine time (%): 0.034417
Driver with highest DPC total execution time: tcpip.sys - TCP/IP Driver, Microsoft Corporation
Total time spent in DPCs (%) 0.110449
DPC count (execution time <250 µs): 5272120
DPC count (execution time 250-500 µs): 0
DPC count (execution time 500-999 µs): 128
DPC count (execution time 1000-1999 µs): 642
DPC count (execution time 2000-3999 µs): 1888
DPC count (execution time >=4000 µs): 0
_
REPORTED HARD PAGEFAULTS
_
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
Process with highest pagefault count: teamviewer.exe
Total number of hard pagefaults 1054
Hard pagefault count of hardest hit process: 754
Number of processes hit: 18
_
PER CPU DATA
_
CPU 0 Interrupt cycle time (s): 50.134034
CPU 0 ISR highest execution time (µs): 134.885556
CPU 0 ISR total execution time (s): 12.863622
CPU 0 ISR count: 1670649
CPU 0 DPC highest execution time (µs): 49372.588889
CPU 0 DPC total execution time (s): 17.360242
CPU 0 DPC count: 5176245
_
CPU 1 Interrupt cycle time (s): 5.227976
CPU 1 ISR highest execution time (µs): 9.361667
CPU 1 ISR total execution time (s): 0.002182
CPU 1 ISR count: 888
CPU 1 DPC highest execution time (µs): 6936.255556
CPU 1 DPC total execution time (s): 0.116603
CPU 1 DPC count: 6747
_
CPU 2 Interrupt cycle time (s): 6.820183
CPU 2 ISR highest execution time (µs): 7.699444
CPU 2 ISR total execution time (s): 0.000072
CPU 2 ISR count: 14
CPU 2 DPC highest execution time (µs): 15212.242222
CPU 2 DPC total execution time (s): 0.373179
CPU 2 DPC count: 53805
_
CPU 3 Interrupt cycle time (s): 4.838249
CPU 3 ISR highest execution time (µs): 0.0
CPU 3 ISR total execution time (s): 0.0
CPU 3 ISR count: 0
CPU 3 DPC highest execution time (µs): 6745.501667
CPU 3 DPC total execution time (s): 0.016481
CPU 3 DPC count: 707
_
CPU 4 Interrupt cycle time (s): 5.066911
CPU 4 ISR highest execution time (µs): 0.0
CPU 4 ISR total execution time (s): 0.0
CPU 4 ISR count: 0
CPU 4 DPC highest execution time (µs): 14542.7150
CPU 4 DPC total execution time (s): 0.035755
CPU 4 DPC count: 4469
_
CPU 5 Interrupt cycle time (s): 5.225426
CPU 5 ISR highest execution time (µs): 0.0
CPU 5 ISR total execution time (s): 0.0
CPU 5 ISR count: 0
CPU 5 DPC highest execution time (µs): 5929.847778
CPU 5 DPC total execution time (s): 0.018526
CPU 5 DPC count: 455
_
CPU 6 Interrupt cycle time (s): 58.587495
CPU 6 ISR highest execution time (µs): 0.0
CPU 6 ISR total execution time (s): 0.0
CPU 6 ISR count: 0
CPU 6 DPC highest execution time (µs): 36574.144444
CPU 6 DPC total execution time (s): 5.874004
CPU 6 DPC count: 15182
_
CPU 7 Interrupt cycle time (s): 4.783220
CPU 7 ISR highest execution time (µs): 0.0
CPU 7 ISR total execution time (s): 0.0
CPU 7 ISR count: 0
CPU 7 DPC highest execution time (µs): 10518.358333
CPU 7 DPC total execution time (s): 0.048631
CPU 7 DPC count: 6287
_
CPU 8 Interrupt cycle time (s): 5.449508
CPU 8 ISR highest execution time (µs): 0.0
CPU 8 ISR total execution time (s): 0.0
CPU 8 ISR count: 0
CPU 8 DPC highest execution time (µs): 24466.187778
CPU 8 DPC total execution time (s): 0.095333
CPU 8 DPC count: 6268
_
CPU 9 Interrupt cycle time (s): 5.117948
CPU 9 ISR highest execution time (µs): 0.0
CPU 9 ISR total execution time (s): 0.0
CPU 9 ISR count: 0
CPU 9 DPC highest execution time (µs): 13165.2350
CPU 9 DPC total execution time (s): 0.035371
CPU 9 DPC count: 1761
_
CPU 10 Interrupt cycle time (s): 5.750938
CPU 10 ISR highest execution time (µs): 0.0
CPU 10 ISR total execution time (s): 0.0
CPU 10 ISR count: 0
CPU 10 DPC highest execution time (µs): 11868.700556
CPU 10 DPC total execution time (s): 0.068160
CPU 10 DPC count: 2840
_
CPU 11 Interrupt cycle time (s): 4.827582
CPU 11 ISR highest execution time (µs): 0.0
CPU 11 ISR total execution time (s): 0.0
CPU 11 ISR count: 0
CPU 11 DPC highest execution time (µs): 20526.306667
CPU 11 DPC total execution time (s): 0.046445
CPU 11 DPC count: 790
_
