Solved Trojan Occamy

TSemp · May 5, 2019

Windows defender found Trojan:win32/Occamy.C in a dll file in the System32 folder. It tries to remove it, but just restarts my pc and then tells me the trojan is still there.

I installed Malwarebytes but when running a scan on it it finds nothing. After searching online, someone suggested using Sophos Virus Removal Tool - it detects the trojan and cleans it, but scanning again with it still finds said trojan, in the same place.

I have no idea how to get rid of it anymore. I ran a FRST scan as suggested in the Malware Removal Instructions, but the forum gives me an error when trying to paste the logs, even in chunks (too spam-like or contains inappropriate elements, apparently?)

Edit: should I have deleted something from the logs to be able to paste them here? Let me know and I'll do it

Broni · May 6, 2019

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

Can you tell me the name and a location of that infected "file"?

TSemp · May 6, 2019

Thanks for the answer, Broni!

The file detected by Windows Defender was called tlpless.dll found in C:\Windows\System32\

The weird thing is now, after stating my pc for the first time today, it's not there anymore. I had to check Windows Defender's threat history just to remember what it was called. The file appears 4 times in its Quarantined Threats. But it always appeared there before popping up in System32 again, so not sure what's going on. The last quarantine timestamp is from a couple of hours before closing the pc.

Should I be worried? Malwarebytes has 0 threats detected during scans or with real-time protection, so I don't think it had any part in it, and Windows Defender turned off its own real-time scans after I installed Malwarebytes yesterday.

Broni · May 6, 2019

You should be fine. FRST logs are clean.
If anything happens, please post back here.

TSemp · May 15, 2019

Windows Defender just notified me that it found the same threat, in the same location, tlpless.dll found in C:\Windows\System32\ For some reason it seems it did a scan when I started my PC before Malwarebytes kicked in. The scan from Malwarebytes once again came up with nothing.

I'm not sure what to think of anymore. I checked in System32, and the .dll in question is there, with a Created, Modified and Accessed timestamp the same as the Windows Defender scan (when I started my PC)

Should I do anything about it?

Broni · May 15, 2019

If your spelling is correct that file looks suspicious.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

TSemp · May 15, 2019

I ran the programs, neither detected anything. AdwCleaner, after scanning, offered me the option to Run Basic Repair or Skip Basic Repair. Wasn't sure what to do so I just skipped it. Here are the logs:

RogueKiller Anti-Malware V13.2.0.0 (x64) [May 14 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : Bogdan Placintescu [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190515_113532, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/05/15 21:43:01 (Duration : 00:05:22)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/15/19
Scan Time: 9:50 PM
Log File: 4d8c7674-7742-11e9-abcc-4ccc6a4c3fbd.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10616
License: Trial

-System Information-
OS: Windows 10 (Build 17763.475)
CPU: x64
File System: NTFS
User: bogdanPC\Bogdan Placintescu

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 371324
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 11 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-15-2019
# Duration: 00:00:09
# OS: Windows 10 Pro
# Scanned: 27335
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Broni · May 15, 2019

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

TSemp · May 15, 2019

I'll have to split them, they're too long for one post:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05.2019 01
Ran by Bogdan Placintescu (administrator) on BOGDANPC (MSI MS-7978) (15-05-2019 23:00:50)
Running from C:\Users\Bogdan Placintescu\Desktop
Loaded Profiles: Bogdan Placintescu (Available Profiles: Bogdan Placintescu & DefaultAppPool)
Platform: Windows 10 Pro Version 1809 17763.475 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19041.481.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Windows\Temp\AdAppMgrUpdater.exe
(Electronic Arts, Inc. -> Electronic Arts) E:\Origin\OriginWebHelperService.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\ntsync.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\snmp.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-20] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9280848 2018-06-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942936 2018-11-02] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => E:\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [4810288 2019-03-26] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [OGMgmmouseRun] => E:\Program Files (x86)\VENUS Gaming Mouse\ogmmon.exe [3386880 2014-05-19] () [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [636712 2018-12-01] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26183352 2018-08-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [598200 2018-06-06] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [ElectraV2Helper] => C:\Program Files (x86)\Razer\Razer_ElectraV2_Driver\Drivers\SysAudio\ElectraV2Helper.exe [1598920 2017-09-06] (Razer USA Ltd. -> Razer Inc)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Bogdan Placintescu\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5933616 2019-03-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.157\Installer\chrmstp.exe [2019-05-14] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2018-09-19]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {049DB89C-BED6-440F-8D97-D1E19234E289} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197088 2019-05-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {0749FAB6-4D8F-4F67-9D68-362E95032A8A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0CA9D8A3-F45A-4668-89F8-56AA69E97E4A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {117FDA22-E32C-49E6-80DE-85CF33023755} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {11D6B867-12FD-4901-B62D-DA99BE179FCC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728752 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {137C7004-DDBA-4866-A8C7-29D2ACA89E9E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [814872 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {1C50C723-B142-474A-BAF4-4192658E0EF2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {1CDB4668-AFD2-4617-ADA9-E4B0A0C71A2D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-24] (Google Inc -> Google Inc.)
Task: {23219ADF-2F5F-4205-A96C-D7E40BCBA44D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {2992B113-725D-42FC-A539-2D148E1AA721} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194568 2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {344DD59A-C6D1-4F8B-859D-E1E65A59621A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {37D143A1-2D8E-4C47-B853-78AC768D6990} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648048 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3BF8EB1E-E448-4257-8CFD-D3540AB41E53} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe
Task: {4067028E-DDD1-49CD-A70F-FDC67EE09019} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {441924ED-E9F9-446E-83DA-3F4676BB99B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {48800CE1-2DD6-4B0D-A620-067713456718} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194568 2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {4FE8007D-4740-4176-87B1-1C1AD8420766} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149456 2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {5024A0C1-4D2C-4872-84B9-86CA6C2D044C} - System32\Tasks\AdobeAAMUpdater-1.0-bogdanPC-Bogdan Placintescu => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {52227192-6BFA-4F16-969C-71E025C38BB3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {540D33E0-999D-45B7-B9CE-19A685E7AC0F} - System32\Tasks\{6C2DAB19-5AE6-4CF2-ACE0-D9ACD5B7025B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.27.0.101/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {568A6EC2-D584-408A-A51C-A4AF1FC068D4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {56E7B2CB-4840-4B7E-A51A-FD5FFC79CA40} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe
Task: {58FBE838-DD1F-4945-A4A8-EAE0A5C82A51} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
Task: {5F560878-9FE7-4AF5-82D0-83021B3AE699} - System32\Tasks\AdobeGCInvoker-1.0-bogdanPC-Bogdan Placintescu => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {610CBD23-0965-4265-BFBF-3B0C68145A3E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {682081D8-468C-4ECB-81C4-9DFCCAFAA93C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {6B4CA342-1A05-4C92-8972-6F6CE7750032} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6C976C65-8DA2-4A59-9812-C6439A28E5FA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6F93F102-4493-4137-AEB6-8B6E70B35543} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
Task: {711214B8-2308-4A64-8C25-7DC5994328E0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6204768 2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {7703603A-EAF8-4D41-BC5A-02DEBC7BAC16} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149456 2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {7837183E-7A6B-4836-9C93-09BCFCD25C05} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {785A71E0-8465-4233-9550-9702335CC148} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {79DC6E9E-3670-404D-AD61-30C879584E32} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7B6B3B6A-E477-401A-B645-7497FD8C8D39} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7D52F601-9495-4FAD-920F-FC2932BCE113} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7F400141-E03A-4E7E-A982-D7125A7DEFF1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {80EEE903-282E-4A31-8BB0-7DEEE764B3D5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {82C041E8-23B9-4C85-AECE-CFB4D2349241} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {87FB8B61-BF99-4D34-B0AF-19A4D0EFC6A0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {9D80578F-07B6-43E6-91E4-A9FD8A484B7F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197088 2019-05-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FA8B9F6-1B53-4CDC-9BB0-02E0EA0EFBC3} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A7126541-41B8-4D26-9CA2-805B50027D62} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AD52B244-82CB-46BD-87B7-82B96827A67A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4D01540-5D9A-4446-88E4-2E20BD53A078} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe
Task: {B6EB18B9-A3D3-489E-9D6D-186BA5835879} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {B9B3CAB9-5824-42E7-988A-2005F2E5CDFE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB7BB22A-4C82-4702-B23F-8F03FBBF621C} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe
Task: {BCC3BC14-12CD-4D0B-B9C6-289DCD711174} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6204768 2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {BEF266CB-3C4D-4EA9-A212-9758C567ACED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D0774F15-C380-483C-9D0B-0E44AC0439F4} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
Task: {DAD33619-2A1D-40A2-BBAF-93BA9B44D816} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-24] (Google Inc -> Google Inc.)
Task: {DDE04B2C-4CCE-49F7-855D-E017E31FD553} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E5E4E6C3-3F12-438D-A71D-253A3530894C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {E767AFBE-E2EC-4B5D-AEA4-1F3A867C1A5E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E955FE48-C989-4340-BB03-0082F5A24AA4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-14] (Adobe Inc. -> Adobe)
Task: {EE7BE730-A3B3-46D6-996C-B9B1F2D5AC2C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EFBF5E6B-A844-493C-9E3C-E16CC1CC66AB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EFF6A01B-018D-468F-B604-1FD29F173A93} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F13DD3C8-E7B5-4B1C-B548-754EBB210B12} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F26BFF45-13BA-4796-A7A7-D8BC3CFD8B7E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F506FF40-FC82-4E4F-95A0-6F66B5A2F1AA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FA625662-B852-4517-99CB-9B918776684C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{45fa98a1-19e2-4c6d-9215-399000172cfc}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-08-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-08-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-08-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-08-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-08-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-08-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-11] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1985958338-2759964917-1504332263-1000 -> hxxp://www.google.com/

FireFox:
========
FF DefaultProfile: aa1prl4p.default
FF ProfilePath: C:\Users\Bogdan Placintescu\AppData\Roaming\Mozilla\Firefox\Profiles\aa1prl4p.default [2019-05-15]
FF Session Restore: Mozilla\Firefox\Profiles\aa1prl4p.default -> is enabled.
FF Extension: (BetterTTV) - C:\Users\Bogdan Placintescu\AppData\Roaming\Mozilla\Firefox\Profiles\aa1prl4p.default\Extensions\firefox@betterttv.net.xpi [2018-02-27] [UpdateUrl:hxxps://nightdev.com/betterttv/firefox/updates.json]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\Bogdan Placintescu\AppData\Roaming\Mozilla\Firefox\Profiles\aa1prl4p.default\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-15]
FF Extension: (No Name) - C:\Users\Bogdan Placintescu\AppData\Roaming\Mozilla\Firefox\Profiles\aa1prl4p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-20]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-09-20]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2019-03-26] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-26] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default [2019-04-25]
CHR Extension: (Slides) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-10]
CHR Extension: (Docs) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-10]
CHR Extension: (Google Drive) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-24]
CHR Extension: (YouTube) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-24]
CHR Extension: (Adobe Acrobat) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-25]
CHR Extension: (Sheets) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-10]
CHR Extension: (Google Docs Offline) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-10]
CHR Extension: (Just Proxy VPN = hide IP + security + unblock) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojedkepkekklpjcgdfiahladdbopbooh [2019-02-27]
CHR Extension: (Gmail) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1162616 2018-12-01] (Autodesk, Inc. -> Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-03-31] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11147264 2019-05-07] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-03-31] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [758552 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [719640 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-20] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2315960 2018-08-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2298688 2019-03-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [3171144 2019-03-12] (Electronic Arts, Inc. -> Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189776 2018-03-14] (Razer USA Ltd. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SNMP; C:\WINDOWS\System32\snmp.exe [53248 2018-12-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2252232 2018-09-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

TSemp · May 15, 2019

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 hidkmdf; C:\WINDOWS\System32\drivers\hidkmdf.sys [23784 2016-10-07] (Wacom Technology Corporation -> Windows (R) Win 7 DDK provider)
S3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-09-15] (Microsoft Windows -> Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2016-08-30] (Logitech Inc -> Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-08-30] (Logitech Inc -> Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-05-06] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-05-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-05-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-05-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [117344 2019-05-15] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bfe69934a6b764ef\nvlddmkm.sys [21672560 2019-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2016-11-30] (PAIPTAC Driver -> )
S1 qflzbsnv; C:\WINDOWS\system32\drivers\qflzbsnv.sys [72816 2019-05-15] (Microsoft Corporation -> Microsoft Corporation)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44160 2018-03-14] (Razer USA Ltd. -> Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [140040 2018-03-20] (Razer USA Ltd. -> Razer, Inc.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 usbglcs1100302; C:\WINDOWS\system32\drivers\usbglcs1100302.sys [25600 2014-06-11] (Windows (R) Win 7 DDK provider) [File not signed]
S3 VaneFltr; C:\WINDOWS\system32\drivers\Lachesis.sys [30336 2007-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Razer (Asia-Pacific) Pte Ltd)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
S1 xgctaxzu; C:\WINDOWS\system32\drivers\xgctaxzu.sys [72816 2019-05-15] (Microsoft Corporation -> Microsoft Corporation)
S3 asmthub3; \SystemRoot\System32\drivers\asmthub3.sys [X]
S3 asmtxhci; \SystemRoot\System32\drivers\asmtxhci.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-15 23:00 - 2019-05-15 23:01 - 000044585 _____ C:\Users\Bogdan Placintescu\Desktop\FRST.txt
2019-05-15 22:59 - 2019-05-15 23:00 - 002434560 _____ (Farbar) C:\Users\Bogdan Placintescu\Desktop\FRST64.exe
2019-05-15 21:57 - 2019-05-15 21:57 - 000001249 _____ C:\Users\Bogdan Placintescu\Desktop\AdwCleaner[S00].txt
2019-05-15 21:53 - 2019-05-15 21:53 - 007025360 _____ (Malwarebytes) C:\Users\Bogdan Placintescu\Desktop\AdwCleaner.exe
2019-05-15 21:52 - 2019-05-15 21:52 - 000001238 _____ C:\Users\Bogdan Placintescu\Desktop\MBreport.txt
2019-05-15 21:49 - 2019-05-15 21:49 - 000002126 _____ C:\Users\Bogdan Placintescu\Desktop\RKreport.txt
2019-05-15 21:42 - 2019-05-15 22:02 - 000000000 ____D C:\ProgramData\RogueKiller
2019-05-15 21:42 - 2019-05-15 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-05-15 21:42 - 2019-05-15 21:42 - 000000000 ____D C:\Program Files\RogueKiller
2019-05-15 17:55 - 2019-05-15 17:55 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\qflzbsnv.sys
2019-05-15 17:48 - 2019-05-15 17:48 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xgctaxzu.sys
2019-05-15 17:46 - 2019-05-15 17:46 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-05-15 17:46 - 2019-05-15 17:46 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-05-15 17:46 - 2019-05-15 17:46 - 000117344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-05-15 17:46 - 2019-05-15 17:46 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-05-15 17:46 - 2019-05-15 17:46 - 000015360 _____ () C:\WINDOWS\system32\tlpless.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 011051912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 009486536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 000552328 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 000457096 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-05-11 21:36 - 2019-05-07 22:56 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-05-11 21:36 - 2019-05-07 22:56 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-05-11 21:36 - 2019-05-07 22:56 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-05-11 21:36 - 2019-05-07 22:55 - 002039688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-05-11 21:36 - 2019-05-07 22:55 - 001470856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-05-11 21:36 - 2019-05-07 22:55 - 001134016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-05-11 21:36 - 2019-05-07 22:55 - 000821152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-05-11 21:36 - 2019-05-07 22:55 - 000675416 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-05-11 21:36 - 2019-05-07 22:55 - 000631232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-05-11 21:36 - 2019-05-07 22:55 - 000541656 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-05-11 21:36 - 2019-05-07 22:55 - 000521472 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 040412760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 035270232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 020187904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 017465512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 005421960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 004758728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 001721600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443064.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 001540488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 001467648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443064.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 001162448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 000911616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 000808840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 000654080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-05-08 18:37 - 2019-05-15 17:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-05-07 00:27 - 2019-05-07 22:23 - 000000000 ____D C:\Users\Bogdan Placintescu\Desktop\Crest
2019-05-06 01:13 - 2019-05-15 23:00 - 000000000 ____D C:\FRST
2019-05-06 00:40 - 2019-05-06 00:40 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-05-06 00:40 - 2019-05-06 00:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-06 00:40 - 2019-05-06 00:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-06 00:40 - 2019-05-06 00:40 - 000000000 ____D C:\Program Files\Malwarebytes
2019-05-06 00:40 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-05-06 00:40 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-05 18:35 - 2019-05-05 18:35 - 000000000 ____D C:\WINDOWS\Panther
2019-05-05 16:00 - 2019-05-05 16:00 - 000000000 ____D C:\ProgramData\Sophos
2019-05-05 16:00 - 2019-05-05 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2019-05-05 16:00 - 2019-05-05 16:00 - 000000000 ____D C:\Program Files (x86)\Sophos
2019-05-05 14:53 - 2019-05-05 14:54 - 000000000 ____D C:\AdwCleaner
2019-05-05 13:16 - 2019-05-05 13:16 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\mbamtray
2019-05-05 13:16 - 2019-05-05 13:16 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\mbam
2019-05-04 15:22 - 2019-05-04 15:22 - 026810880 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 023441920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 020815360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 019025408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 012844032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 012140032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 009683472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 007645632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 006544256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 005296640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 003657728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-04 15:22 - 2019-05-04 15:22 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 003406848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 002777224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 002720256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-04 15:22 - 2019-05-04 15:22 - 002701512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 002469376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-04 15:22 - 2019-05-04 15:22 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 002275888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 002205184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001697960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-04 15:22 - 2019-05-04 15:22 - 001674696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001653760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001469168 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 001467552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001253904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 001219640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 001044520 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000806600 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-04 15:22 - 2019-05-04 15:22 - 000806600 _____ C:\WINDOWS\system32\locale.nls
2019-05-04 15:22 - 2019-05-04 15:22 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000780632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000757664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000725696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2019-05-04 15:22 - 2019-05-04 15:22 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000676256 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000638376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2019-05-04 15:22 - 2019-05-04 15:22 - 000553656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-05-04 15:22 - 2019-05-04 15:22 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000514632 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000454160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-05-04 15:22 - 2019-05-04 15:22 - 000451080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-05-04 15:22 - 2019-05-04 15:22 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000280592 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000157200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000146744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqmigplugin.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000129848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000109568 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000090640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000086960 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-05-04 15:22 - 2019-05-04 15:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-05-04 15:22 - 2019-05-04 15:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-05-04 15:22 - 2019-05-04 15:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-05-04 15:22 - 2019-05-04 15:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-05-04 15:22 - 2019-05-04 15:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-05-04 15:22 - 2019-05-04 15:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-05-04 15:22 - 2019-05-04 15:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-04-24 21:45 - 2019-05-07 22:51 - 004340120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-04-24 21:45 - 2019-04-18 20:02 - 001722064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443039.dll
2019-04-24 21:45 - 2019-04-18 20:02 - 001467648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443039.dll
2019-04-24 21:45 - 2019-04-18 02:25 - 000046848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-04-23 05:19 - 2019-04-10 17:52 - 001734288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6442531.dll
2019-04-23 05:19 - 2019-04-10 17:52 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6442531.dll
2019-04-21 03:05 - 2019-04-21 03:06 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Skyrim

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-15 22:57 - 2018-09-15 10:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-15 21:42 - 2016-11-18 23:48 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\LocalLow\Mozilla
2019-05-15 21:39 - 2018-12-31 00:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-15 21:39 - 2016-10-30 20:59 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\WTablet
2019-05-15 18:05 - 2016-09-22 21:24 - 000000000 ____D C:\ProgramData\Autodesk
2019-05-15 18:00 - 2018-12-31 00:39 - 000003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 18:00 - 2018-12-31 00:39 - 000003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-15 17:54 - 2018-09-15 09:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-05-15 17:52 - 2018-12-31 00:43 - 000972156 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-15 17:52 - 2018-09-15 10:31 - 000000000 ____D C:\WINDOWS\INF
2019-05-15 17:50 - 2018-09-15 10:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-15 17:50 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-15 17:49 - 2017-08-06 10:51 - 000000000 ____D C:\ProgramData\NVIDIA
2019-05-15 17:46 - 2019-04-02 00:09 - 000006144 _____ () C:\WINDOWS\system32\libntsc1.dll
2019-05-15 17:46 - 2018-12-31 00:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-15 17:46 - 2016-09-22 19:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-15 01:36 - 2018-09-15 09:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-05-15 01:32 - 2016-09-22 21:51 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Battle.net
2019-05-14 23:32 - 2018-09-15 10:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-14 23:32 - 2016-09-24 12:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 23:30 - 2016-09-24 12:43 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-14 23:26 - 2016-10-24 12:43 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-14 23:25 - 2018-12-31 00:39 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-05-14 23:25 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-05-14 23:25 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-05-14 00:23 - 2018-09-15 10:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-14 00:23 - 2018-09-15 10:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-11 21:38 - 2016-09-22 22:04 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\NVIDIA
2019-05-11 01:13 - 2017-03-26 12:58 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\discord
2019-05-11 00:01 - 2018-09-15 10:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-05-11 00:00 - 2016-09-30 16:12 - 000000000 ____D C:\Program Files\Microsoft Office
2019-05-10 20:35 - 2018-05-13 21:36 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\D3DSCache
2019-05-10 20:35 - 2018-01-26 16:10 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Personify
2019-05-09 21:15 - 2016-09-25 12:13 - 000000000 ____D C:\Program Files (x86)\Overwatch
2019-05-08 19:00 - 2016-09-22 19:08 - 000001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-07 22:51 - 2018-12-14 20:44 - 005085152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-05-07 22:47 - 2016-09-22 21:51 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-05-06 22:16 - 2016-09-23 01:01 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\CrashDumps
2019-05-06 08:35 - 2018-12-14 20:44 - 000052319 _____ C:\WINDOWS\system32\nvinfo.pb
2019-05-06 05:43 - 2017-08-06 10:51 - 005432176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-05-06 05:43 - 2017-08-06 10:51 - 002637808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-05-06 05:43 - 2017-08-06 10:51 - 001767736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-05-06 05:43 - 2017-08-06 10:51 - 000651248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-05-06 05:43 - 2017-08-06 10:51 - 000450416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-05-06 05:43 - 2017-08-06 10:51 - 000125424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-05-06 05:43 - 2017-08-06 10:51 - 000082984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-05-06 00:40 - 2018-09-15 10:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-06 00:03 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-05-05 20:13 - 2016-09-22 23:41 - 000000000 ___RD C:\Users\Bogdan Placintescu\OneDrive
2019-05-05 20:12 - 2016-09-30 17:38 - 000000000 ____D C:\ProgramData\Apple
2019-05-05 20:12 - 2016-09-30 17:38 - 000000000 ____D C:\Program Files\Common Files\Apple
2019-05-05 15:25 - 2017-12-11 14:02 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Packages
2019-05-05 15:25 - 2016-12-25 13:50 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\Samsung
2019-05-05 15:25 - 2016-12-25 13:50 - 000000000 ____D C:\Program Files (x86)\Samsung
2019-05-05 15:25 - 2016-09-22 22:08 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-05-05 15:23 - 2017-10-19 16:36 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\Visual Studio Setup
2019-05-05 15:23 - 2017-10-19 16:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-05-05 15:22 - 2018-12-31 10:15 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-05-05 14:49 - 2016-09-22 17:34 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\ElevatedDiagnostics
2019-05-05 12:53 - 2018-12-31 00:25 - 000495976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-05 12:53 - 2017-08-06 10:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-05-04 23:01 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-04 23:01 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-04 23:01 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-05-04 23:01 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-27 18:54 - 2019-03-31 21:44 - 000000000 ____D C:\Users\Bogdan Placintescu\Documents\Gaem 2.0
2019-04-27 18:54 - 2019-03-31 21:38 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Unity
2019-04-27 18:53 - 2019-03-31 21:38 - 000000000 ____D C:\ProgramData\Unity
2019-04-25 22:45 - 2017-08-06 10:51 - 008571382 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-04-25 22:03 - 2019-04-13 14:48 - 000000000 ____D C:\Users\Bogdan Placintescu\Documents\BotaniculaSaves
2019-04-25 00:11 - 2017-08-06 10:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-04-24 21:45 - 2016-09-22 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-04-23 22:04 - 2018-02-25 04:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-23 21:28 - 2016-09-22 21:51 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Blizzard Entertainment
2019-04-23 05:15 - 2018-12-31 00:39 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2017-08-06 10:50 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-04-21 03:05 - 2016-10-06 15:04 - 000000000 ____D C:\Users\Bogdan Placintescu\Documents\My Games
2019-04-21 01:48 - 2017-12-13 22:38 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\obs-studio
2019-04-21 01:47 - 2019-01-17 09:54 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\vlc
2019-04-18 23:59 - 2017-09-14 16:55 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2019-04-18 23:59 - 2017-09-14 16:55 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2019-04-18 02:25 - 2018-12-14 20:44 - 001682368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2019-04-18 02:25 - 2018-12-14 20:44 - 000228608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2019-04-17 22:43 - 2017-07-21 14:20 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Ubisoft Game Launcher

==================== Files in the root of some directories =======

2018-10-03 18:26 - 2018-10-03 18:26 - 000000033 _____ () C:\Users\Bogdan Placintescu\AppData\Roaming\AdobeWLCMCache.dat
2016-12-10 18:42 - 2019-04-08 02:06 - 000003607 _____ () C:\Users\Bogdan Placintescu\AppData\Roaming\SpeedRunnersLog.txt
2016-10-02 16:01 - 2018-06-15 18:13 - 000001456 _____ () C:\Users\Bogdan Placintescu\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-09-29 00:30 - 2018-09-29 00:30 - 000000000 _____ () C:\Users\Bogdan Placintescu\AppData\Local\oobelibMkey.log
2016-09-22 19:20 - 2018-09-23 18:04 - 000007610 _____ () C:\Users\Bogdan Placintescu\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

TSemp · May 15, 2019

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05.2019 01
Ran by Bogdan Placintescu (15-05-2019 23:01:47)
Running from C:\Users\Bogdan Placintescu\Desktop
Windows 10 Pro Version 1809 17763.475 (X64) (2018-12-30 21:39:31)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1985958338-2759964917-1504332263-500 - Administrator - Disabled)
Bogdan Placintescu (S-1-5-21-1985958338-2759964917-1504332263-1000 - Administrator - Enabled) => C:\Users\Bogdan Placintescu
DefaultAccount (S-1-5-21-1985958338-2759964917-1504332263-503 - Limited - Disabled)
Guest (S-1-5-21-1985958338-2759964917-1504332263-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1985958338-2759964917-1504332263-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\uTorrent) (Version: 3.5.3.44428 - BitTorrent Inc.)
1310 (HKLM-x32\...\{76A9FB3A-D7AB-4C8C-8C49-3CFDBF2D6C2D}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
1310_Help (HKLM-x32\...\{6D4553DF-2095-4D10-92C0-17934733B51D}) (Version: 82.0.58.000 - Hewlett-Packard) Hidden
1310Trb (HKLM-x32\...\{6D7E031C-4C05-4265-854A-FE9FDEA9984D}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.010.20100 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe Audition CC 2019 (HKLM-x32\...\AUDT_12_0_1) (Version: 12.0.1 - Adobe Systems Incorporated)
Adobe Bridge CC 2019 (HKLM-x32\...\KBRG_9_0_2) (Version: 9.0.2 - Adobe Systems Incorporated)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_6) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.1.435 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.192 - Adobe)
Adobe Illustrator CC 2019 (HKLM-x32\...\ILST_23_0_2) (Version: 23.0.2 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_8_2) (Version: 8.2 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2019 (HKLM-x32\...\AME_13_0_2) (Version: 13.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_3) (Version: 20.0.3 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2019 (HKLM-x32\...\PPRO_13_0_3) (Version: 13.0.3 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (HKLM-x32\...\{D5045A94-1D46-44A7-9C4F-7D05B40D82EC}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM-x32\...\{2DFDE21D-AFFE-4CDD-BBD4-3B7832BEC036}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Allegorithmic Substance Painter 2018.1.2 (HKLM\...\{33C3E9E2-0675-4196-9019-28AB9C5E9BB0}_is1) (Version: 2018.1.2 - Allegorithmic)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Autodesk Certificate Package (x64) - 5.1.4 (HKLM\...\{79D5E475-5EAB-4474-84F5-BD612337A175}) (Version: 5.1.4.100 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.12.84 - Autodesk)
Autodesk License Service (x64) - 5.1.5 (HKLM\...\{3609A8D9-FC0C-4C9B-9F58-0B1D1A4FE556}) (Version: 5.1.5.0 - Autodesk)
Autodesk Maya 2018 (HKLM\...\{8502EAAD-CC62-498D-9C8D-CB5632762A61}) (Version: 18.5.0.7880 - Autodesk) Hidden
Autodesk Maya 2018 (HKLM\...\Autodesk Maya 2018) (Version: 18.5.0.7880 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bifrost for Maya 2018 (HKLM\...\{2CA9DC72-AB13-4FCE-ADE1-B20DED59D7FA}) (Version: 1.5.5.0 - Autodesk)
Bifrost for Maya 2018 1.5.5.0 (HKLM\...\Bifrost for Maya 2018) (Version: - )
Bifrost to Arnold for Maya 2018 1.5.0 Arnold-5.0.0.0 (HKLM\...\BifrostToArnold for Maya 2018 1.5.0 Arnold-5.0.0.0) (Version: 0.3.0.0 - Autodesk)
BifrostToArnold for Maya 2018 1.5.0 Arnold-5.0.0.0 (HKLM\...\{23779D18-6AD1-449E-AC36-F16D501230FE}) (Version: 0.3.0.0 - Autodesk) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
ChromaCam (remove only) (HKLM-x32\...\ChromaCam) (Version: 2.2.1.14 - Personify, Inc.)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Destiny 2 (HKLM-x32\...\Destiny 2) (Version: - Blizzard Entertainment)
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Discord (HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 425.31 - NVIDIA Corporation) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.157 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1068 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
iTunes (HKLM\...\{0019B70B-02B6-486A-A582-A99AB68F6C9D}) (Version: 12.9.3.3 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11601.20178 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - ro-ro (HKLM\...\ProPlusRetail - ro-ro) (Version: 16.0.11601.20178 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 66.0.5 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.5 (x64 en-US)) (Version: 66.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 66.0.5.7066 - Mozilla)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.39 - MSI)
MtoA for Maya 2018 (HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\MtoA2018) (Version: 3.1.1.1 - Solid Angle)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.18.0.102 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.18.0.102 - NVIDIA Corporation)
NVIDIA Graphics Driver 430.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 430.64 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11601.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11601.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11601.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0418-1000-0000000FF1CE}) (Version: 16.0.11601.20178 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.36.23506 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{2f92ca61-4ea7-462a-a74d-831fab9238e8}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.20.606 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8470 - Realtek Semiconductor Corp.)
RogueKiller version 13.2.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.0.0 - Adlice Software)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype version 8.42 (HKLM-x32\...\Skype_is1) (Version: 8.42 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
SPORE™ Creepy & Cute Parts Pack (HKLM-x32\...\{4BDCC41C-FFE7-40a4-BCB6-B558916868F7}_SPORE(TM) Creepy & Cute Parts Pack) (Version: 1.0.0.0 - Electronic Arts)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Twitch (HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Unity (HKLM-x32\...\Unity) (Version: 2018.3.12f1 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
UtechSmart 16400DPI VENUS Gaming Mouse version 1.1 (HKLM-x32\...\{5A0E98CD-3E42-4FA9-BA70-3EEFA31F67CE}_is1) (Version: 1.1 - UtechSmart)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.31-4 - Wacom Technology Corp.)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-01-17] (Adobe Systems Incorporated)
Adobe XD CC -> C:\Program Files\WindowsApps\Adobe.CC.XD_16.0.2.8_x64__adky2gkssdxte [2019-02-23] (Adobe Systems Incorporated)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_95.1.531.0_x64__v10z8vjag6ke6 [2019-03-19] (HP Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1985958338-2759964917-1504332263-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-2AC715432C9E} -> [Creative Cloud Files] => C:\Users\Bogdan Placintescu\Creative Cloud Files [2016-12-08 21:44]
CustomCLSID: HKU\S-1-5-21-1985958338-2759964917-1504332263-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Bogdan Placintescu\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985958338-2759964917-1504332263-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Bogdan Placintescu\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985958338-2759964917-1504332263-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Bogdan Placintescu\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985958338-2759964917-1504332263-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-08-20 18:55 - 2005-07-18 13:43 - 000160256 _____ () [File not signed] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2019-05-15 17:46 - 2019-05-15 17:46 - 000015360 _____ () [File not signed] C:\WINDOWS\System32\tlpless.dll
2019-04-01 23:58 - 2019-04-01 23:58 - 000586752 _____ (DRM Technologies) [File not signed] C:\WINDOWS\Microsoft.NET\Framework\VERSION.dll
2019-04-01 23:58 - 2019-04-01 23:58 - 000586752 _____ (DRM Technologies) [File not signed] C:\WINDOWS\System32\msfte.dll
2011-08-18 01:29 - 2011-08-18 01:29 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
2017-07-17 12:42 - 2017-08-23 17:48 - 001548288 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] E:\Origin\LIBEAY32.dll
2017-07-17 12:42 - 2017-08-23 17:49 - 000395776 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] E:\Origin\ssleay32.dll
2017-07-17 12:42 - 2018-04-10 16:01 - 001611264 _____ (The Qt Company Ltd) [File not signed] E:\Origin\platforms\qwindows.dll
2017-07-17 12:42 - 2018-04-10 16:02 - 005487104 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Core.dll
2017-07-17 12:42 - 2018-04-10 16:02 - 005841920 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Gui.dll
2017-07-17 12:42 - 2018-04-10 16:02 - 001177600 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Network.dll
2017-07-17 12:42 - 2018-04-10 16:02 - 005089792 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Widgets.dll
2017-07-17 12:42 - 2018-04-10 16:02 - 000184832 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\qflzbsnv.sys:changelist [562]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xgctaxzu.sys:changelist [562]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\CV stuff:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\Diploma SAE anul 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [97]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\Diploma SAE anul 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\Gaem:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\Hop!_NEW:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\Safari Bookmarks.html:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\Safari Bookmarks.html:com.apple.metadata_kMDItemUserTags [86]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\safari reading list.html:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\safari reading list.html:com.apple.metadata_kMDItemUserTags [86]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Public\AppData:CSM [470]
AlternateDataStreams: C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo [122]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-11-03 20:45 - 2016-12-08 21:47 - 000000959 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1
127.0.0.1
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc64"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc32"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "ElectraV2Helper"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "T1gmmouseRun"
HKLM\...\StartupApproved\Run32: => "OGMgmmouseRun"
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{E5C0101A-38E8-4211-AECE-63ED873D7C73}C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{2CE5288E-BB97-4ED9-BF80-CE305BF7D1B3}C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{FD74DFC6-A2D4-4014-B23A-5DE9E966ECDE}E:\allegorithmic\substance painter\substance painter.exe] => (Allow) E:\allegorithmic\substance painter\substance painter.exe (Allegorithmic -> Allegorithmic) [File not signed]
FirewallRules: [TCP Query User{3957E0C4-666B-4047-85D3-B78457658D33}E:\allegorithmic\substance painter\substance painter.exe] => (Allow) E:\allegorithmic\substance painter\substance painter.exe (Allegorithmic -> Allegorithmic) [File not signed]
FirewallRules: [UDP Query User{9C4D7925-BE60-40ED-9253-4D9090F4E585}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{1DD80A04-5450-4A51-9DFD-75907B800A9A}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{D966DE68-C7E4-47B8-8E11-99E9AA106928}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{5DEE59AB-D1F9-48EE-AAB9-52D96B7241AF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{4907D086-2533-4261-9F8D-BC4AD0D4652A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C87BFE46-265D-4582-A83D-23D6EC35E4FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{ED60CE49-98D6-4FAA-A6C5-406714C6F198}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{CC8F8BC4-46BD-4080-911A-0298198AC4B0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{481C136F-A521-4FA7-81C5-346FA17B0615}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{068134BE-4A61-4D3B-BBDB-15B5F754AD9C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{2945187A-2ED8-48D7-A9D4-BFB39FC7EA33}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{7AFC3AF4-F185-4489-BF38-4C85915E2363}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{53053F5E-6CCC-4695-A6B7-363EBC08DD03}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{6E938C60-989A-4235-8A04-EC064B0C216C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{0B1E12F7-A1EC-4ED5-B0FD-769A4FEDD963}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{0029C7D3-FC75-40E9-B215-CAE110018903}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{695FF91B-BD81-40D2-A872-10DC29667EC5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9990B512-9033-4632-962B-9E6F0FF9B62F}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A71B3A14-D9EE-417D-9F9A-F76D97237122}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{8B2587DE-1F13-40C9-9E6F-E8567FC7D9CC}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe No File
FirewallRules: [TCP Query User{454DAF59-8610-4077-9350-F2D918F9FB84}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe No File
FirewallRules: [UDP Query User{6882A908-E6E0-4FCD-BF3E-E8E632408748}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe No File
FirewallRules: [TCP Query User{8BAA4360-DB55-4394-A1B5-05D442A3A1FF}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe No File
FirewallRules: [UDP Query User{ECF3A544-D274-46D2-8F9F-B3D463C148E5}E:\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [TCP Query User{86C54DC8-8370-4C9F-9F01-6726A94E9883}E:\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{F99A2CE3-FCC6-4B73-AD59-7A8EA5E65249}C:\users\bogdan placintescu\appdata\roaming\curse client\bin\electron\twitchui.exe] => (Allow) C:\users\bogdan placintescu\appdata\roaming\curse client\bin\electron\twitchui.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
FirewallRules: [TCP Query User{5D9DAE3E-5AFD-43F4-B795-1189C4A58F4B}C:\users\bogdan placintescu\appdata\roaming\curse client\bin\electron\twitchui.exe] => (Allow) C:\users\bogdan placintescu\appdata\roaming\curse client\bin\electron\twitchui.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
FirewallRules: [{E4E70CA4-79AE-444D-872B-185233AEF637}] => (Allow) E:\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{01ACA498-42FE-4B6E-A6B5-28B083059BFC}] => (Allow) E:\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{FBE47FAB-BF29-4DA2-AC96-AB571DF722C6}] => (Allow) E:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{8C9E912F-ED6A-4ABD-A8C4-6AB3307F76AF}] => (Allow) E:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{DA4B9BB6-B5BC-4052-B58B-AE24B46834DC}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games) [File not signed]
FirewallRules: [{1F119452-E557-4445-AADC-DB4D7AB6D0FD}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games) [File not signed]
FirewallRules: [{1952CCE2-F0E4-4479-AD90-DB5BE1E060BC}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games) [File not signed]
FirewallRules: [{3082CAAF-25FD-49C4-89D9-1C1BC1E1826E}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games) [File not signed]
FirewallRules: [{936D8974-7DBC-4C35-8998-F8175679F357}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0B92DCAA-4F9A-4695-BF59-7A3773C9CDC2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{A3D554A6-B6EB-4BA0-8D81-4351CACDA310}E:\allegorithmic\substance painter\substance painter.exe] => (Allow) E:\allegorithmic\substance painter\substance painter.exe (Allegorithmic -> Allegorithmic) [File not signed]
FirewallRules: [TCP Query User{80888C66-AF42-4799-9512-66ADEBB887CD}E:\allegorithmic\substance painter\substance painter.exe] => (Allow) E:\allegorithmic\substance painter\substance painter.exe (Allegorithmic -> Allegorithmic) [File not signed]
FirewallRules: [{9952BCF0-541F-46C5-BFD1-A92EB03D4746}] => (Allow) C:\Users\Bogdan Placintescu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CC61D9BD-667F-4F68-B606-700EED46CF60}] => (Allow) C:\Users\Bogdan Placintescu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{DC8C7E3C-63F8-4FAC-9907-3FE424E373BE}] => (Allow) E:\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe (Arkane Studios) [File not signed]
FirewallRules: [{900E8856-8C4C-4A6D-87BA-A8F4440DE3E4}] => (Allow) E:\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe (Arkane Studios) [File not signed]
FirewallRules: [{24896A34-B233-48AC-BAF3-8203A0F4D79B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A5AA78BA-A7F5-48DC-BD9F-AA26CCA58F8B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{6C683BD8-F22E-4E71-8DB6-D0A3C4182E93}C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [TCP Query User{66D2AB2B-C928-47A7-A54A-E6CC71429F51}C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [{4E60C5B0-D6D4-4AF7-88F8-EF70749DB68E}] => (Allow) LPort=5000
FirewallRules: [{E57768F3-6BEA-4CE5-BE54-3FDB436B596F}] => (Allow) LPort=59586
FirewallRules: [UDP Query User{71B7B179-D440-4B6C-A6C2-A806069EDC18}C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [TCP Query User{9A2A79B0-A8C8-40B7-9CF4-8494C17E1639}C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [{54A0141E-FF31-4B54-B524-1E5B8185EBD2}] => (Block) E:\steam\steamapps\common\assassin's creed revelations\acrpr.exe No File
FirewallRules: [{2803DD31-5551-420F-8F52-C98CBE4805CB}] => (Block) E:\steam\steamapps\common\assassin's creed revelations\acrpr.exe No File
FirewallRules: [UDP Query User{B9EE3591-5FCC-4EC7-84E4-C6277AADCC70}E:\steam\steamapps\common\assassin's creed revelations\acrpr.exe] => (Allow) E:\steam\steamapps\common\assassin's creed revelations\acrpr.exe No File
FirewallRules: [TCP Query User{A8FB5909-AAE6-49B8-B001-02BC2F856BBE}E:\steam\steamapps\common\assassin's creed revelations\acrpr.exe] => (Allow) E:\steam\steamapps\common\assassin's creed revelations\acrpr.exe No File
FirewallRules: [{54A79771-E54F-4C63-A24E-FC81DA932320}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe No File
FirewallRules: [{08CD9225-8547-4DAC-932E-7D47516B1DE1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe No File
FirewallRules: [{FBE4B4C7-6D43-4815-95E1-7EC467ED3089}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe No File
FirewallRules: [{F9AA57F8-9DD4-4FBD-9C3D-4D4EE85502F5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe No File
FirewallRules: [{96FE9F4A-8F1F-483C-B71B-A4193DE37F1C}] => (Block) C:\program files (x86)\battle.net\battle.net.9397\battle.net.exe No File
FirewallRules: [{F9BE8509-78B3-43C8-AA29-690750DA9183}] => (Block) C:\program files (x86)\battle.net\battle.net.9397\battle.net.exe No File
FirewallRules: [UDP Query User{94FCB05F-3F37-4AF9-866E-4D45A7DC9295}C:\program files (x86)\battle.net\battle.net.9397\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9397\battle.net.exe No File
FirewallRules: [TCP Query User{F531EE0C-5CF6-47C9-BB70-970291FA1C36}C:\program files (x86)\battle.net\battle.net.9397\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9397\battle.net.exe No File
FirewallRules: [{E323831F-CB3A-4EDF-86C2-861F85A8A3C0}] => (Allow) E:\Steam\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe No File
FirewallRules: [{C96C25DB-8C84-44CC-A3D1-1421189969A3}] => (Allow) E:\Steam\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe No File
FirewallRules: [{D21F9DB0-305A-4AD9-9758-FBA2CFD70338}] => (Block) E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [{7FD2E22D-6233-43C2-93C3-69C7A977A7BF}] => (Block) E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{BF00E262-176A-4B19-A44F-DBBE1499F6C7}E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{C47C2FE7-7B14-47DE-B5AF-43ABAACB6692}E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [{AE0866A2-080E-4DF6-8444-89F88FEBA27E}] => (Block) E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [{55FCCBCD-931E-4E3C-BD9F-49D30129E108}] => (Block) E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{B7C6093B-0735-4B1B-85BB-130B7E53492F}E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{8BDF8220-8EE2-4FB2-A458-88B9CF6B2BEE}E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [{E0F90972-3518-49ED-9EE0-5B9C6967A7CC}] => (Allow) LPort=1688
FirewallRules: [{5E62B46B-596C-4D98-9C20-E5239FF8609A}] => (Block) E:\starcraft\starcraft.exe No File
FirewallRules: [{C117EB6E-26F2-42FF-8779-9757850D1762}] => (Block) E:\starcraft\starcraft.exe No File
FirewallRules: [UDP Query User{5353A3A1-5743-4E03-9215-422E0BD4C2DE}E:\starcraft\starcraft.exe] => (Allow) E:\starcraft\starcraft.exe No File
FirewallRules: [TCP Query User{D621DBC1-20C7-4254-B6AC-590610DA8A50}E:\starcraft\starcraft.exe] => (Allow) E:\starcraft\starcraft.exe No File
FirewallRules: [{6A8EA5E6-632B-4C8B-A87F-364E73FF9298}] => (Block) C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe No File
FirewallRules: [{AB1ADBC2-7DC9-4B8D-A520-CD8B4E09E4E9}] => (Block) C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe No File
FirewallRules: [UDP Query User{D4F4F150-A07C-4960-B9E7-4DC922949FAB}C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe No File
FirewallRules: [TCP Query User{226E3527-8E2D-4781-B43E-7C48EBEC3AD6}C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe No File
FirewallRules: [{0884F2C9-18F8-40D3-94D9-A9D12A85ADE8}] => (Block) E:\starcraft ii\versions\base55958\sc2_x64.exe No File
FirewallRules: [{43152848-AE89-434F-9D57-6D5A119292E6}] => (Block) E:\starcraft ii\versions\base55958\sc2_x64.exe No File
FirewallRules: [UDP Query User{4C743791-075C-4D93-9E50-82868E1C0DA7}E:\starcraft ii\versions\base55958\sc2_x64.exe] => (Allow) E:\starcraft ii\versions\base55958\sc2_x64.exe No File
FirewallRules: [TCP Query User{E62B02E9-87C1-47F7-A2E3-5EB66C147655}E:\starcraft ii\versions\base55958\sc2_x64.exe] => (Allow) E:\starcraft ii\versions\base55958\sc2_x64.exe No File
FirewallRules: [UDP Query User{EEEFD632-D5B4-4836-92CE-C0C811783D50}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe No File
FirewallRules: [TCP Query User{B06973BC-8437-4F71-9178-5987E2B3EE1C}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe No File
FirewallRules: [{1770A958-2276-4276-9B07-C2A0AC009F72}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe No File
FirewallRules: [{ECDAAF6F-0DA3-4EEC-B7D5-868D99C28E06}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe No File
FirewallRules: [{5E9977E2-FD73-4331-BB75-42C9EC71F68C}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe No File
FirewallRules: [{1164B80C-134A-46F2-90D3-85F4B0493303}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe No File
FirewallRules: [{1EA56F08-4BA0-4704-A7BF-3E2533A50F7B}] => (Allow) E:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe No File
FirewallRules: [{D0D14898-01D5-48E9-83D5-6CAB8408C659}] => (Allow) E:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe No File
FirewallRules: [UDP Query User{8D4E3803-0276-4B3E-BE62-9F670DB170C6}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{FF1846EF-3B7B-4B6F-B5B8-2D60171C9811}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{59DCFC2A-2D8F-49E1-A7DE-42CC69474DEF}] => (Allow) E:\Steam\steamapps\common\SunlessSea\Sunless Sea.exe () [File not signed]
FirewallRules: [{BB8B0F52-9E5A-4896-B1C2-98DFFFC6A49B}] => (Allow) E:\Steam\steamapps\common\SunlessSea\Sunless Sea.exe () [File not signed]
FirewallRules: [{9DC32FCD-7E69-4A9B-9EBD-D97CA5F19956}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FC8D9118-5615-4281-AF76-8013F0AE2904}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A0468DAA-07B3-45B7-ABC8-24CD6D6E5152}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1559B79B-484E-4E2E-92AE-54208A476BB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{9D61AE8C-4AF1-4555-BBED-29F5668210C3}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{3C8D00F2-898D-42A0-B861-51A3F5F57552}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{F145B7B7-30AC-4BBD-989D-B22CA4F8B266}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{2CC356DB-914A-41AB-A2A4-856146BAC8BC}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)

TSemp · May 15, 2019

FirewallRules: [{1AAC8385-A436-4925-AAFE-05465E6CC250}] => (Allow) LPort=26789
FirewallRules: [{19FCCD91-9284-43E7-B2AF-620E32C1DD75}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E5498088-46AE-4E84-A627-EC0C5FA949AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File
FirewallRules: [{06BD4593-FDDE-4BD9-8302-202A18045465}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5E16FF0C-0EDF-4622-B2A5-2101E0228593}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7609B846-BBE6-4715-9E61-666EE3E815DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{76E51E45-2754-4024-9D46-1F580539CE52}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{890A1116-5FD0-4B26-9EBC-E2011384D357}] => (Allow) E:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{492BCAF6-351D-474F-82D3-5F0D931FE66E}] => (Allow) E:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{DA02844D-E46B-48E9-B88E-E777DD994E30}] => (Allow) E:\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{7C8A772F-066B-4B90-AF65-141DBA765C3B}] => (Allow) E:\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{E6638D4B-88E8-4C06-ACCF-7F716E7312DB}] => (Allow) C:\Users\Bogdan Placintescu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{DCE10A1A-9848-4A34-98F4-84C2B8557C4B}] => (Allow) C:\Users\Bogdan Placintescu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BC49470B-7C7B-409B-BABA-824145009F18}] => (Allow) C:\Users\Bogdan Placintescu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{60B48FF1-C0EA-4EE6-B83F-3DC2E0E1D1B8}] => (Allow) C:\Users\Bogdan Placintescu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E9487C1B-7085-432E-9E38-549F4DD9FA8A}] => (Allow) C:\Users\Bogdan Placintescu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{42B0B290-E2AD-4A8D-BFB7-8AD2C604B41B}] => (Allow) C:\Users\Bogdan Placintescu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{C1CD9C8D-9D1D-4030-BA12-D437D3764D19}E:\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{704878BB-0CCF-4AF5-85F6-7336131588AB}E:\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{380624EE-5F19-42BC-9C21-7A1A77CE6AE5}E:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) E:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe No File
FirewallRules: [UDP Query User{1352C6F3-7DBA-48BD-9830-7381C5FFAD49}E:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) E:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe No File
FirewallRules: [{9640246B-2365-43B7-B35A-2732E13EDB1F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{E079391A-14FD-4D2A-804B-82D42E1F27C1}C:\program files (x86)\battle.net\battle.net.8179\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8179\battle.net.exe No File
FirewallRules: [UDP Query User{9CB719BD-1748-4BCD-8477-D1B0747F465C}C:\program files (x86)\battle.net\battle.net.8179\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8179\battle.net.exe No File
FirewallRules: [TCP Query User{1D442CE6-9F27-4CE5-916B-69B52E87578D}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe No File
FirewallRules: [UDP Query User{4C18A832-A1BB-4D53-8AD9-638F2DF43101}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe No File
FirewallRules: [TCP Query User{F6EACE3C-A87A-4D51-B741-A146E49159FB}E:\java\bin\javaw.exe] => (Allow) E:\java\bin\javaw.exe No File
FirewallRules: [UDP Query User{B3B1F287-A239-44DF-9F15-33501514A32D}E:\java\bin\javaw.exe] => (Allow) E:\java\bin\javaw.exe No File
FirewallRules: [{F3B3E749-F016-446E-8669-FED400175F32}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{D4AF9839-5005-4CA2-8E02-54F98395DA29}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{78BE07C8-B023-4B5A-9B23-8C82E23E63F9}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe No File
FirewallRules: [{4FBC982F-3E79-46C9-B467-0341B9675A36}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe No File
FirewallRules: [{D580EA31-BE6B-4F5B-831C-E9C577FF3509}] => (Allow) E:\World_of_Tanks\worldoftanks.exe No File
FirewallRules: [{59BE79C4-E34E-4AA5-B1C7-373C357E1589}] => (Allow) E:\World_of_Tanks\worldoftanks.exe No File
FirewallRules: [TCP Query User{D8A0EE7C-C56C-4433-89AF-69D8C03C1A43}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe No File
FirewallRules: [UDP Query User{4B159242-0532-46F2-AC85-E07060CF0C38}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe No File
FirewallRules: [TCP Query User{5852E325-E350-438A-A2ED-CBA75055AECB}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe No File
FirewallRules: [UDP Query User{FB9B89EB-4EBF-4A95-9D65-64FE3232C61C}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe No File
FirewallRules: [{A3F9FB2B-5DBF-48B1-93B1-AF290FDF575B}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{2A9D11FF-A7D6-4916-80F7-49B20FEB7ACB}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe No File
FirewallRules: [{3066BC8D-9ED9-4671-BB3C-65E6A26F3E9D}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{7E52E35C-4686-477F-A3CD-30E63081DB30}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe No File
FirewallRules: [{205647DE-64FE-4C3C-B15C-17AC62AB9AE8}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe No File
FirewallRules: [{42AFB113-5996-4568-B7AD-44B716C1BE24}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe No File
FirewallRules: [{E4DDB62A-4F45-419F-969C-FD5AC78507CA}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{A17B13A1-5DB4-43A3-8D76-FCD04910124E}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe No File
FirewallRules: [{2071C076-2154-4ACA-ACDC-BADE5EA0D0F5}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{315F8541-FBFC-40BB-80AA-922C5EEAB7E1}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe No File
FirewallRules: [{F08905BC-8625-4B66-9BD4-9E183322727C}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe No File
FirewallRules: [{F811E9F0-8435-4F0B-A1B8-671AA1C1B120}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe No File
FirewallRules: [TCP Query User{B36A46F2-77CB-4CDF-BAAC-BCD4CFD85AB3}C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe No File
FirewallRules: [UDP Query User{E12865EB-9B62-41CD-94E7-69B2BECB6C06}C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe No File
FirewallRules: [{830857BA-74F1-43B9-8F42-B7C06CD44A83}] => (Block) C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe No File
FirewallRules: [{04A3E4C4-FC9C-4749-800B-EA8FFEBE7356}] => (Block) C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe No File
FirewallRules: [TCP Query User{AD0D251F-CD1F-48B4-8696-4E2AEF1B24FF}C:\program files (x86)\battle.net\battle.net.8554\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8554\battle.net.exe No File
FirewallRules: [UDP Query User{F211542D-B01B-498F-B89E-21D868B0C363}C:\program files (x86)\battle.net\battle.net.8554\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8554\battle.net.exe No File
FirewallRules: [TCP Query User{31DE13CC-068F-4170-8B7F-1EC4CDBEBE23}C:\program files (x86)\battle.net\battle.net.8657\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8657\battle.net.exe No File
FirewallRules: [UDP Query User{680905A7-F213-4525-ABA9-2AD306D4D8C6}C:\program files (x86)\battle.net\battle.net.8657\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8657\battle.net.exe No File
FirewallRules: [TCP Query User{9C41C891-7649-4C68-AB94-BE28CF5C7583}E:\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{AC16B1A1-24F5-44B1-913A-57A3947F6E05}E:\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{20652102-5F54-49E1-B4DD-6CC46EA184DA}E:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) E:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe No File
FirewallRules: [UDP Query User{914B4287-7AE5-4B5A-83B0-7976A34E71AD}E:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) E:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe No File
FirewallRules: [{4D4A2ED3-EDA4-4D0D-B4D2-E565999D9FC7}] => (Block) E:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe No File
FirewallRules: [{02ACC6B7-F2AA-498D-AB94-00449F685214}] => (Block) E:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe No File
FirewallRules: [TCP Query User{912F1D3B-F1A9-403C-AC49-6CF9285803DA}E:\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{30D763C2-DCD9-43B9-97F4-A3634CBC5C9C}E:\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe No File
FirewallRules: [{2455D623-5A3A-4362-94A2-DC503FC1C86D}] => (Block) E:\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe No File
FirewallRules: [{24F3F68F-26C2-4B02-9962-48166D177E3C}] => (Block) E:\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{95B2E954-4C6B-47E9-AC9E-7A2F566171BC}E:\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{8E851BA2-7CAC-4922-9446-4BFBE6CF6A44}E:\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe No File
FirewallRules: [{5E54F3F3-4080-485C-A388-B797BA021A7A}] => (Block) E:\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe No File
FirewallRules: [{997AE383-2B72-4909-BA0F-AF6001D1E531}] => (Block) E:\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{D69F3DA6-368F-4716-9D8A-8ABFDA34CD28}E:\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) E:\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe () [File not signed]
FirewallRules: [UDP Query User{10F50A44-94F4-4C44-85E8-530B3907495C}E:\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) E:\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe () [File not signed]
FirewallRules: [TCP Query User{928EA6DB-F4FF-4350-8B44-EB7298AD002B}E:\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{98542EE1-D763-4AA2-A239-0711A3C0E571}E:\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [TCP Query User{7A9D3BBF-1EE5-427E-A6B0-4C6BF054F794}C:\program files (x86)\battle.net\battle.net.8965\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8965\battle.net.exe No File
FirewallRules: [UDP Query User{71247883-1205-4D8E-8D2C-63C1CDE6B5B0}C:\program files (x86)\battle.net\battle.net.8965\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8965\battle.net.exe No File
FirewallRules: [{A0DF97F1-F173-4A18-B6E5-B8150F67CE5C}] => (Allow) E:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe No File
FirewallRules: [{BC61F8AC-6C91-4B4B-AC87-D09E6272417B}] => (Allow) E:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe No File
FirewallRules: [TCP Query User{41C468A1-5EB4-4EEC-9C01-3B29A4634502}E:\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe] => (Allow) E:\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe No File
FirewallRules: [UDP Query User{35536E2C-DE95-4AA7-86C8-67C6A6C19B37}E:\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe] => (Allow) E:\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe No File
FirewallRules: [TCP Query User{F1389B01-600E-4562-B325-BCA15ADCE073}E:\overwatch test\overwatch.exe] => (Allow) E:\overwatch test\overwatch.exe No File
FirewallRules: [UDP Query User{557547E9-7106-410F-BE6B-19400530228D}E:\overwatch test\overwatch.exe] => (Allow) E:\overwatch test\overwatch.exe No File
FirewallRules: [{73A8ACCD-AF33-4A0A-A902-42DAC0D1D189}] => (Allow) E:\Program Files (x86)\Origin Games\Spore\Sporebin\SporeApp.exe (Electronic Arts -> Maxis, a division of Electronic Arts Inc.)
FirewallRules: [{76DF158C-D7CD-45B8-893D-2B3536E6E2AA}] => (Allow) E:\Program Files (x86)\Origin Games\Spore\Sporebin\SporeApp.exe (Electronic Arts -> Maxis, a division of Electronic Arts Inc.)
FirewallRules: [TCP Query User{CD9A031F-D150-4807-AD49-E64CF3B03675}E:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) E:\steam\steamapps\common\paladins\binaries\win32\paladins.exe No File
FirewallRules: [UDP Query User{E43C9AB6-A237-44C9-B226-C3B9ACFC6183}E:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) E:\steam\steamapps\common\paladins\binaries\win32\paladins.exe No File
FirewallRules: [{57EE87AD-7463-4510-9D60-FEEDC0661E2D}] => (Allow) E:\Steam\steamapps\common\Pyre\x64\Pyre.exe (Supergiant Games, LLC) [File not signed]
FirewallRules: [{70CB7038-842A-4350-B9B4-A974F4712BF3}] => (Allow) E:\Steam\steamapps\common\Pyre\x64\Pyre.exe (Supergiant Games, LLC) [File not signed]
FirewallRules: [{3F9ECFE0-0452-4BE8-9FDD-68970A4D9858}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{BFF0AEA2-542C-47F6-9083-868EBA67C083}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [TCP Query User{6F13301B-A116-4266-9B25-9F9F9601B47F}E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{B6EE94DE-BBA4-4C46-B1EE-70EA472B92F0}E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{6AC7E872-90D8-48B4-B60C-AADA6EEC24AB}C:\program files (x86)\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files (x86)\obs-studio\bin\64bit\obs64.exe (Open Source Developer, Hugh Bailey -> )
FirewallRules: [UDP Query User{D883269A-3442-4AE7-882A-E47BFAF896C0}C:\program files (x86)\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files (x86)\obs-studio\bin\64bit\obs64.exe (Open Source Developer, Hugh Bailey -> )
FirewallRules: [TCP Query User{C32AE7C3-253A-4C95-9852-A2365FF9F860}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.300\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.300\discord.exe No File
FirewallRules: [UDP Query User{4DC408C5-4B80-4CA4-B7AD-39C7AEFCD6C1}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.300\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.300\discord.exe No File
FirewallRules: [TCP Query User{049D4D41-1EE2-47E3-9C5A-8C2392366AF7}C:\users\bogdan placintescu\appdata\roaming\curse client\bin\electron\twitchui.exe] => (Allow) C:\users\bogdan placintescu\appdata\roaming\curse client\bin\electron\twitchui.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
FirewallRules: [UDP Query User{E3A13891-1733-4D5B-85EB-DBDA7D565D69}C:\users\bogdan placintescu\appdata\roaming\curse client\bin\electron\twitchui.exe] => (Allow) C:\users\bogdan placintescu\appdata\roaming\curse client\bin\electron\twitchui.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
FirewallRules: [TCP Query User{FF150C06-F4C2-4159-9C78-127E6D1BE07B}C:\program files\adobe\adobe premiere pro cc 2018\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2018\adobe premiere pro.exe No File
FirewallRules: [UDP Query User{94A84E5B-7EC1-4084-85D3-AB62FCA24E1E}C:\program files\adobe\adobe premiere pro cc 2018\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2018\adobe premiere pro.exe No File
FirewallRules: [TCP Query User{6C2845E5-BB8D-443F-BBF5-126C73651C7E}E:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) E:\steam\steamapps\common\awesomenauts\awesomenauts.exe No File
FirewallRules: [UDP Query User{34C2EE1B-7430-4B5A-8E58-1A57248F86C5}E:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) E:\steam\steamapps\common\awesomenauts\awesomenauts.exe No File
FirewallRules: [{A86ECD43-F62E-4942-A473-47DD495EBF8E}] => (Allow) C:\Users\Bogdan Placintescu\Desktop\KMSpico\Service_KMS.exe No File
FirewallRules: [{FF640321-3BC0-4F62-94F1-51970578699E}] => (Allow) C:\Users\Bogdan Placintescu\Desktop\KMSpico\Service_KMS.exe No File
FirewallRules: [TCP Query User{D7ADBA16-7425-480F-BC3D-3B2B374FFD90}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe No File
FirewallRules: [UDP Query User{2F6626A0-57CE-42FF-BFA4-706DBD1CD749}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe No File
FirewallRules: [{B6C54721-004D-4B49-869F-3C55FA46E6ED}] => (Allow) E:\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe (DoubleDutch Games) [File not signed]
FirewallRules: [{A8DE337F-60FB-40A7-97D4-23965DF620AB}] => (Allow) E:\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe (DoubleDutch Games) [File not signed]
FirewallRules: [{A58CE737-0A1D-405A-BDD2-435CB91B6CF9}] => (Allow) E:\Steam\steamapps\common\SpaceChem\SpaceChem.exe (Zachtronics Industries) [File not signed]
FirewallRules: [{15E339B0-6723-486B-A4A7-4600A892A611}] => (Allow) E:\Steam\steamapps\common\SpaceChem\SpaceChem.exe (Zachtronics Industries) [File not signed]
FirewallRules: [TCP Query User{C5627A92-75C6-41D6-9C41-071FB029B00E}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.304\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.304\discord.exe (Discord Inc. -> Discord Inc.)
FirewallRules: [UDP Query User{7FA54D8B-0DBB-4E91-99BF-C99869A991A9}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.304\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.304\discord.exe (Discord Inc. -> Discord Inc.)
FirewallRules: [{CDA9BD85-7908-401F-8C37-31FA0AF75CE3}] => (Allow) E:\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{873DB2B0-9710-4C11-BDA6-229B3FA9C22E}] => (Allow) E:\Steam\steamapps\common\Aseprite\Aseprite.exe (David Capello -> )
FirewallRules: [{02F947AB-AFA7-40F7-9B5C-8E99FC007F4F}] => (Allow) E:\Steam\steamapps\common\Aseprite\Aseprite.exe (David Capello -> )
FirewallRules: [{64FF1E53-93B6-4B26-AE2C-528F1B3F81EF}] => (Allow) E:\Steam\steamapps\common\Reigns\Reigns.exe () [File not signed]
FirewallRules: [{64C4B4D8-FDB2-49E9-AEBA-27FCB2B2030C}] => (Allow) E:\Steam\steamapps\common\Reigns\Reigns.exe () [File not signed]
FirewallRules: [{4AA002D8-248C-4FC7-8CB1-CBF24B55A023}] => (Allow) E:\Steam\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{437AEFAC-F645-43C6-87B0-F01F22C0FBD8}] => (Allow) E:\Steam\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [TCP Query User{01CC4CD7-CACE-426D-9841-6A5F920B05D7}E:\adobe\adobe premiere pro cc 2019\adobe premiere pro.exe] => (Allow) E:\adobe\adobe premiere pro cc 2019\adobe premiere pro.exe (Adobe Systems Incorporated -> Adobe)
FirewallRules: [UDP Query User{87BCDA4E-D43B-4EFA-B0C4-159EFBF83A2B}E:\adobe\adobe premiere pro cc 2019\adobe premiere pro.exe] => (Allow) E:\adobe\adobe premiere pro cc 2019\adobe premiere pro.exe (Adobe Systems Incorporated -> Adobe)
FirewallRules: [{567A14E9-4CC3-4A42-8AC1-68A0F7DD76A4}] => (Allow) E:\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe No File
FirewallRules: [{BBE83E14-697A-4F52-AB49-FBB832449FDD}] => (Allow) E:\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe No File
FirewallRules: [TCP Query User{2AC23F67-340E-4477-9C8D-581B89656034}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.305\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.305\discord.exe (Discord Inc. -> Discord Inc.)
FirewallRules: [UDP Query User{979AB804-A5DC-4AE9-8624-BC199C0D8D38}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.305\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.305\discord.exe (Discord Inc. -> Discord Inc.)
FirewallRules: [{20E3FF01-D0F9-4F9D-82F1-3B9DAFA9CCF6}] => (Allow) E:\Steam\steamapps\common\ibbandobb\ibbobb.exe () [File not signed]
FirewallRules: [{09E7E88F-CED9-4990-8F14-8C13113FCA5F}] => (Allow) E:\Steam\steamapps\common\ibbandobb\ibbobb.exe () [File not signed]
FirewallRules: [{9C74858B-AF70-46E4-8A61-93A375549A65}] => (Allow) E:\Steam\steamapps\common\Guacamelee\Guac.exe () [File not signed]
FirewallRules: [{CFFE749A-B95C-45D8-B88A-6FC747A51D8C}] => (Allow) E:\Steam\steamapps\common\Guacamelee\Guac.exe () [File not signed]
FirewallRules: [{07A1C087-659D-45F6-BA77-51564926760C}] => (Allow) E:\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe () [File not signed]
FirewallRules: [{8F51FC62-09C6-463A-8364-351963AB5C53}] => (Allow) E:\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe () [File not signed]
FirewallRules: [{98669DE5-4BDA-4CCA-81D1-516ED404AE63}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8054C34F-F6EB-434B-9F1F-FE93189BC846}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C6BBA658-E130-497F-82FF-8539D56D5E32}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6D31E3FC-663B-47C7-80D0-468BEDC33ABC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{66B3C2A6-B4BF-4E08-A876-4796B7CF70EE}] => (Allow) E:\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{EE72DFB2-D1B8-4EC4-953A-25876DF814C7}] => (Block) E:\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{AF286E45-934F-4B53-AB11-70CD2B021262}] => (Allow) E:\Steam\steamapps\common\Child of Light\ChildofLight.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{B890D5AB-B554-40CE-87B7-1A655FC4A6B5}] => (Allow) E:\Steam\steamapps\common\Child of Light\ChildofLight.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{F17467CC-A914-4D66-A360-73939502FC1C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5AB35389-AAB5-4BCA-8BC9-5E19CF2038A2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{ACEB98C9-8784-4E18-BC62-C62E00EAF7CF}E:\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) E:\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe () [File not signed]
FirewallRules: [UDP Query User{51E6FF5D-A122-48A5-A8C7-C848C47BB5FA}E:\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) E:\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe () [File not signed]
FirewallRules: [{9EB7CE78-1B94-4FB0-84A3-E297946B7190}] => (Allow) E:\Steam\steamapps\common\Deponia\deponia.exe (Daedalic Entertainment GmbH) [File not signed]
FirewallRules: [{0157CC16-039B-4461-A28C-432765C6FB76}] => (Allow) E:\Steam\steamapps\common\Deponia\deponia.exe (Daedalic Entertainment GmbH) [File not signed]
FirewallRules: [{2D9A7ADB-5598-49D8-98F7-42EE24BC88DA}] => (Allow) E:\Steam\steamapps\common\Deponia\VisionaireConfigurationTool.exe (Daedalic Entertainment) [File not signed]
FirewallRules: [{E88AAFB9-9FCF-439D-A64B-D87CAEA910EC}] => (Allow) E:\Steam\steamapps\common\Deponia\VisionaireConfigurationTool.exe (Daedalic Entertainment) [File not signed]
FirewallRules: [{E27F34AE-421D-40EC-A4F0-DDA70C6FF628}] => (Allow) E:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe No File
FirewallRules: [{56487A4B-477F-4398-9189-BA5A7796B6F9}] => (Allow) E:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe No File
FirewallRules: [{2F986C5B-CB17-464D-9F64-FA939F49D090}] => (Allow) E:\Steam\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe () [File not signed]
FirewallRules: [{F1A8A532-43B6-4D4A-B6FD-B88734709D62}] => (Allow) E:\Steam\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe () [File not signed]
FirewallRules: [{9E0B1846-4C8C-457D-8A3F-948C8E0EAF77}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{B38E3E65-E480-4467-9B4F-39564337C895}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{FC5032AB-EC52-4286-BAC5-59A061DDD4F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{76DA694B-4868-471E-9A37-4B2F926A74B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D76868FA-47CE-45FF-9DE9-A550ABA86DA9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{32E9CA96-E805-4024-AAC4-50DB958BBFD5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{000DE515-C6A3-4ADA-B2B9-1D1595542F28}] => (Allow) E:\Steam\steamapps\common\Skyrim\skse_steam_boot.exe () [File not signed]
FirewallRules: [{BFDC95AD-DF34-4E1E-87D4-1D1A2DC105A5}] => (Allow) E:\Steam\steamapps\common\Skyrim\skse_steam_boot.exe () [File not signed]
FirewallRules: [{E4550871-ECD7-4AF4-9D0E-0D6606A0BBEE}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{05875AEF-6A46-41AE-B495-448318154C41}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{4DAA759F-C0A9-4C2E-9DBE-3787DFC450F7}] => (Allow) E:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{63C2F30F-C6B9-4D4F-8975-E103B5045C8C}] => (Allow) E:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{8470BA63-0B04-4AE0-BC44-C427DCE1554F}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD) [File not signed]
FirewallRules: [{8B143DAD-0925-48BC-BF04-91F582C82887}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD) [File not signed]
FirewallRules: [{5F0846C4-B7D0-4D08-BF33-C561BBE2C200}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound_server.exe () [File not signed]
FirewallRules: [{96F07E20-8A39-49E2-BDF9-C01EA90BB308}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound_server.exe () [File not signed]
FirewallRules: [{7B31649E-8EA8-4576-9A1C-948C20D77423}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe () [File not signed]
FirewallRules: [{5E7CB9BA-D76B-4858-8FF9-D51E6C964EC3}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe () [File not signed]
FirewallRules: [{898A0B0C-11F7-4352-938A-94D21F85A9EB}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD) [File not signed]
FirewallRules: [{8B9DC9A1-C638-4D20-8F1E-0ACAAEE0947E}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD) [File not signed]
FirewallRules: [{981821F2-3668-433B-B016-B636B7A73A86}] => (Allow) E:\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{8EF3E6D6-39C1-4369-9329-34347D432845}] => (Allow) E:\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{2A6E7C3F-A7E9-4AA5-B9F5-891B447026D4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{07500A28-5FCA-4869-AB52-3667FB4F9089}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2A32FC19-18FD-4A0C-864B-7909CBDFE2D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

09-05-2019 19:57:05 Scheduled Checkpoint
14-05-2019 23:30:02 Windows Update

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2019 09:38:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5969

Error: (05/15/2019 09:38:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5969

Error: (05/15/2019 09:38:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2019 09:38:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3969

Error: (05/15/2019 09:38:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3969

Error: (05/15/2019 09:38:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2019 09:38:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1984

Error: (05/15/2019 09:38:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1984

System errors:
=============
Error: (05/15/2019 06:51:00 PM) (Source: DCOM) (EventID: 10016) (User: bogdanPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user bogdanPC\Bogdan Placintescu SID (S-1-5-21-1985958338-2759964917-1504332263-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/15/2019 06:50:21 PM) (Source: DCOM) (EventID: 10016) (User: bogdanPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user bogdanPC\Bogdan Placintescu SID (S-1-5-21-1985958338-2759964917-1504332263-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/15/2019 06:50:21 PM) (Source: DCOM) (EventID: 10016) (User: bogdanPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user bogdanPC\Bogdan Placintescu SID (S-1-5-21-1985958338-2759964917-1504332263-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/15/2019 05:48:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/15/2019 05:48:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/15/2019 05:46:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

Error: (05/15/2019 05:46:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/15/2019 05:46:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Windows Defender:
===================================
Date: 2019-05-15 17:55:37.717
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...n32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\WINDOWS\System32\tlpless.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.1657.0, AS: 1.293.1657.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 0.0.0.0

Date: 2019-05-15 17:55:19.904
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...n32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\WINDOWS\System32\tlpless.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.1657.0, AS: 1.293.1657.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 0.0.0.0

Date: 2019-05-15 17:54:56.333
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...n32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\tlpless.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.1593.0, AS: 1.293.1593.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 0.0.0.0

Date: 2019-05-15 17:48:21.629
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...n32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\tlpless.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.1593.0, AS: 1.293.1593.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 0.0.0.0

Date: 2019-05-15 17:47:38.395
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...n32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\tlpless.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.1593.0, AS: 1.293.1593.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 0.0.0.0

==================== Memory info ===========================

BIOS: American Megatrends Inc. A.70 07/24/2016
Motherboard: MSI Z170A GAMING M3 (MS-7978)
Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 33%
Total physical RAM: 16343.7 MB
Available physical RAM: 10921.03 MB
Total Virtual: 32727.7 MB
Available Virtual: 26732.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.97 GB) (Free:20.86 GB) NTFS
Drive e: (docs) (Fixed) (Total:465.56 GB) (Free:87.44 GB) NTFS
Drive f: (External HDD) (Fixed) (Total:931.48 GB) (Free:370.17 GB) NTFS

\\?\Volume{0b0b1f86-80f5-11e6-9eaf-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{b8f57f55-0000-0000-0000-a0c437000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{f64b6e0d-6061-4478-9504-b6e3c22eadef}\ () (Fixed) (Total:0.2 GB) (Free:0.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: B8F57F55)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=509 MB) - (Type=27)

========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · May 15, 2019

I actually found three bad entries, so we'll fix them right now.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

TSemp · May 15, 2019

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-05.2019 01
Ran by Bogdan Placintescu (15-05-2019 23:56:57) Run:1
Running from C:\Users\Bogdan Placintescu\Desktop
Loaded Profiles: Bogdan Placintescu (Available Profiles: Bogdan Placintescu & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\Run: [AdobeBridge] => [X]
Task: {F13DD3C8-E7B5-4B1C-B548-754EBB210B12} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
S1 xgctaxzu; C:\WINDOWS\system32\drivers\xgctaxzu.sys [72816 2019-05-15] (Microsoft Corporation -> Microsoft Corporation)
S3 asmthub3; \SystemRoot\System32\drivers\asmthub3.sys [X]
S3 asmtxhci; \SystemRoot\System32\drivers\asmtxhci.sys [X]
U3 idsvc; no ImagePath
C:\WINDOWS\system32\drivers\xgctaxzu.sys
2019-05-15 17:46 - 2019-05-15 17:46 - 000015360 _____ () C:\WINDOWS\system32\tlpless.dll
2018-10-03 18:26 - 2018-10-03 18:26 - 000000033 _____ () C:\Users\Bogdan Placintescu\AppData\Roaming\AdobeWLCMCache.dat
2016-12-10 18:42 - 2019-04-08 02:06 - 000003607 _____ () C:\Users\Bogdan Placintescu\AppData\Roaming\SpeedRunnersLog.txt
2016-10-02 16:01 - 2018-06-15 18:13 - 000001456 _____ () C:\Users\Bogdan Placintescu\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-09-29 00:30 - 2018-09-29 00:30 - 000000000 _____ () C:\Users\Bogdan Placintescu\AppData\Local\oobelibMkey.log
2016-09-22 19:20 - 2018-09-23 18:04 - 000007610 _____ () C:\Users\Bogdan Placintescu\AppData\Local\resmon.resmoncfg
CustomCLSID: HKU\S-1-5-21-1985958338-2759964917-1504332263-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Bogdan Placintescu\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985958338-2759964917-1504332263-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Bogdan Placintescu\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985958338-2759964917-1504332263-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Bogdan Placintescu\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\amd64\FileSyncShell64.dll => No File
2019-05-15 17:46 - 2019-05-15 17:46 - 000015360 _____ () [File not signed] C:\WINDOWS\System32\tlpless.dll
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qflzbsnv.sys:changelist [562]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xgctaxzu.sys:changelist [562]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\CV stuff:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\Diploma SAE anul 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [97]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\Diploma SAE anul 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\Gaem:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\Hop!_NEW:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\Safari Bookmarks.html:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\Safari Bookmarks.html:com.apple.metadata_kMDItemUserTags [86]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\safari reading list.html:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\safari reading list.html:com.apple.metadata_kMDItemUserTags [86]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Public\AppData:CSM [470]
AlternateDataStreams: C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo [122]
2019-05-15 17:55 - 2019-05-15 17:55 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\qflzbsnv.sys
S1 qflzbsnv; C:\WINDOWS\system32\drivers\qflzbsnv.sys [72816 2019-05-15] (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{8B2587DE-1F13-40C9-9E6F-E8567FC7D9CC}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe No File
FirewallRules: [TCP Query User{454DAF59-8610-4077-9350-F2D918F9FB84}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe No File
FirewallRules: [UDP Query User{6882A908-E6E0-4FCD-BF3E-E8E632408748}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe No File
FirewallRules: [TCP Query User{8BAA4360-DB55-4394-A1B5-05D442A3A1FF}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe No File
FirewallRules: [UDP Query User{6C683BD8-F22E-4E71-8DB6-D0A3C4182E93}C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [TCP Query User{66D2AB2B-C928-47A7-A54A-E6CC71429F51}C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [UDP Query User{71B7B179-D440-4B6C-A6C2-A806069EDC18}C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [TCP Query User{9A2A79B0-A8C8-40B7-9CF4-8494C17E1639}C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [{54A0141E-FF31-4B54-B524-1E5B8185EBD2}] => (Block) E:\steam\steamapps\common\assassin's creed revelations\acrpr.exe No File
FirewallRules: [{2803DD31-5551-420F-8F52-C98CBE4805CB}] => (Block) E:\steam\steamapps\common\assassin's creed revelations\acrpr.exe No File
FirewallRules: [UDP Query User{B9EE3591-5FCC-4EC7-84E4-C6277AADCC70}E:\steam\steamapps\common\assassin's creed revelations\acrpr.exe] => (Allow) E:\steam\steamapps\common\assassin's creed revelations\acrpr.exe No File
FirewallRules: [TCP Query User{A8FB5909-AAE6-49B8-B001-02BC2F856BBE}E:\steam\steamapps\common\assassin's creed revelations\acrpr.exe] => (Allow) E:\steam\steamapps\common\assassin's creed revelations\acrpr.exe No File
FirewallRules: [{54A79771-E54F-4C63-A24E-FC81DA932320}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe No File
FirewallRules: [{08CD9225-8547-4DAC-932E-7D47516B1DE1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe No File
FirewallRules: [{FBE4B4C7-6D43-4815-95E1-7EC467ED3089}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe No File
FirewallRules: [{F9AA57F8-9DD4-4FBD-9C3D-4D4EE85502F5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe No File
FirewallRules: [{96FE9F4A-8F1F-483C-B71B-A4193DE37F1C}] => (Block) C:\program files (x86)\battle.net\battle.net.9397\battle.net.exe No File
FirewallRules: [{F9BE8509-78B3-43C8-AA29-690750DA9183}] => (Block) C:\program files (x86)\battle.net\battle.net.9397\battle.net.exe No File
FirewallRules: [UDP Query User{94FCB05F-3F37-4AF9-866E-4D45A7DC9295}C:\program files (x86)\battle.net\battle.net.9397\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9397\battle.net.exe No File
FirewallRules: [TCP Query User{F531EE0C-5CF6-47C9-BB70-970291FA1C36}C:\program files (x86)\battle.net\battle.net.9397\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9397\battle.net.exe No File
FirewallRules: [{E323831F-CB3A-4EDF-86C2-861F85A8A3C0}] => (Allow) E:\Steam\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe No File
FirewallRules: [{C96C25DB-8C84-44CC-A3D1-1421189969A3}] => (Allow) E:\Steam\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe No File
FirewallRules: [{D21F9DB0-305A-4AD9-9758-FBA2CFD70338}] => (Block) E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [{7FD2E22D-6233-43C2-93C3-69C7A977A7BF}] => (Block) E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{BF00E262-176A-4B19-A44F-DBBE1499F6C7}E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{C47C2FE7-7B14-47DE-B5AF-43ABAACB6692}E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [{AE0866A2-080E-4DF6-8444-89F88FEBA27E}] => (Block) E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [{55FCCBCD-931E-4E3C-BD9F-49D30129E108}] => (Block) E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{B7C6093B-0735-4B1B-85BB-130B7E53492F}E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{8BDF8220-8EE2-4FB2-A458-88B9CF6B2BEE}E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [{5E62B46B-596C-4D98-9C20-E5239FF8609A}] => (Block) E:\starcraft\starcraft.exe No File
FirewallRules: [{C117EB6E-26F2-42FF-8779-9757850D1762}] => (Block) E:\starcraft\starcraft.exe No File
FirewallRules: [UDP Query User{5353A3A1-5743-4E03-9215-422E0BD4C2DE}E:\starcraft\starcraft.exe] => (Allow) E:\starcraft\starcraft.exe No File
FirewallRules: [TCP Query User{D621DBC1-20C7-4254-B6AC-590610DA8A50}E:\starcraft\starcraft.exe] => (Allow) E:\starcraft\starcraft.exe No File
FirewallRules: [{6A8EA5E6-632B-4C8B-A87F-364E73FF9298}] => (Block) C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe No File
FirewallRules: [{AB1ADBC2-7DC9-4B8D-A520-CD8B4E09E4E9}] => (Block) C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe No File
FirewallRules: [UDP Query User{D4F4F150-A07C-4960-B9E7-4DC922949FAB}C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe No File
FirewallRules: [TCP Query User{226E3527-8E2D-4781-B43E-7C48EBEC3AD6}C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe No File
FirewallRules: [{0884F2C9-18F8-40D3-94D9-A9D12A85ADE8}] => (Block) E:\starcraft ii\versions\base55958\sc2_x64.exe No File
FirewallRules: [{43152848-AE89-434F-9D57-6D5A119292E6}] => (Block) E:\starcraft ii\versions\base55958\sc2_x64.exe No File
FirewallRules: [UDP Query User{4C743791-075C-4D93-9E50-82868E1C0DA7}E:\starcraft ii\versions\base55958\sc2_x64.exe] => (Allow) E:\starcraft ii\versions\base55958\sc2_x64.exe No File
FirewallRules: [TCP Query User{E62B02E9-87C1-47F7-A2E3-5EB66C147655}E:\starcraft ii\versions\base55958\sc2_x64.exe] => (Allow) E:\starcraft ii\versions\base55958\sc2_x64.exe No File
FirewallRules: [UDP Query User{EEEFD632-D5B4-4836-92CE-C0C811783D50}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe No File
FirewallRules: [TCP Query User{B06973BC-8437-4F71-9178-5987E2B3EE1C}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe No File
FirewallRules: [{1770A958-2276-4276-9B07-C2A0AC009F72}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe No File
FirewallRules: [{ECDAAF6F-0DA3-4EEC-B7D5-868D99C28E06}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe No File
FirewallRules: [{5E9977E2-FD73-4331-BB75-42C9EC71F68C}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe No File
FirewallRules: [{1164B80C-134A-46F2-90D3-85F4B0493303}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe No File
FirewallRules: [{1EA56F08-4BA0-4704-A7BF-3E2533A50F7B}] => (Allow) E:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe No File
FirewallRules: [{D0D14898-01D5-48E9-83D5-6CAB8408C659}] => (Allow) E:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe No File
FirewallRules: [{E5498088-46AE-4E84-A627-EC0C5FA949AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File
FirewallRules: [{DA02844D-E46B-48E9-B88E-E777DD994E30}] => (Allow) E:\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{7C8A772F-066B-4B90-AF65-141DBA765C3B}] => (Allow) E:\Steam\bin\steamwebhelper.exe No File
FirewallRules: [TCP Query User{C1CD9C8D-9D1D-4030-BA12-D437D3764D19}E:\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{704878BB-0CCF-4AF5-85F6-7336131588AB}E:\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{380624EE-5F19-42BC-9C21-7A1A77CE6AE5}E:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) E:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe No File
FirewallRules: [UDP Query User{1352C6F3-7DBA-48BD-9830-7381C5FFAD49}E:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) E:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe No File
FirewallRules: [TCP Query User{E079391A-14FD-4D2A-804B-82D42E1F27C1}C:\program files (x86)\battle.net\battle.net.8179\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8179\battle.net.exe No File
FirewallRules: [UDP Query User{9CB719BD-1748-4BCD-8477-D1B0747F465C}C:\program files (x86)\battle.net\battle.net.8179\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8179\battle.net.exe No File
FirewallRules: [TCP Query User{1D442CE6-9F27-4CE5-916B-69B52E87578D}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe No File
FirewallRules: [UDP Query User{4C18A832-A1BB-4D53-8AD9-638F2DF43101}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe No File
FirewallRules: [TCP Query User{F6EACE3C-A87A-4D51-B741-A146E49159FB}E:\java\bin\javaw.exe] => (Allow) E:\java\bin\javaw.exe No File
FirewallRules: [UDP Query User{B3B1F287-A239-44DF-9F15-33501514A32D}E:\java\bin\javaw.exe] => (Allow) E:\java\bin\javaw.exe No File
FirewallRules: [{F3B3E749-F016-446E-8669-FED400175F32}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{D4AF9839-5005-4CA2-8E02-54F98395DA29}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{78BE07C8-B023-4B5A-9B23-8C82E23E63F9}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe No File
FirewallRules: [{4FBC982F-3E79-46C9-B467-0341B9675A36}] => (Allow) E:\World_of_Tanks\WoTLauncher.exe No File
FirewallRules: [{D580EA31-BE6B-4F5B-831C-E9C577FF3509}] => (Allow) E:\World_of_Tanks\worldoftanks.exe No File
FirewallRules: [{59BE79C4-E34E-4AA5-B1C7-373C357E1589}] => (Allow) E:\World_of_Tanks\worldoftanks.exe No File
FirewallRules: [TCP Query User{D8A0EE7C-C56C-4433-89AF-69D8C03C1A43}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe No File
FirewallRules: [UDP Query User{4B159242-0532-46F2-AC85-E07060CF0C38}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe No File
FirewallRules: [TCP Query User{5852E325-E350-438A-A2ED-CBA75055AECB}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe No File
FirewallRules: [UDP Query User{FB9B89EB-4EBF-4A95-9D65-64FE3232C61C}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe No File
FirewallRules: [{A3F9FB2B-5DBF-48B1-93B1-AF290FDF575B}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{2A9D11FF-A7D6-4916-80F7-49B20FEB7ACB}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe No File
FirewallRules: [{3066BC8D-9ED9-4671-BB3C-65E6A26F3E9D}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{7E52E35C-4686-477F-A3CD-30E63081DB30}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe No File
FirewallRules: [{205647DE-64FE-4C3C-B15C-17AC62AB9AE8}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe No File
FirewallRules: [{42AFB113-5996-4568-B7AD-44B716C1BE24}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe No File
FirewallRules: [{E4DDB62A-4F45-419F-969C-FD5AC78507CA}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{A17B13A1-5DB4-43A3-8D76-FCD04910124E}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe No File
FirewallRules: [{2071C076-2154-4ACA-ACDC-BADE5EA0D0F5}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{315F8541-FBFC-40BB-80AA-922C5EEAB7E1}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe No File
FirewallRules: [{F08905BC-8625-4B66-9BD4-9E183322727C}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe No File
FirewallRules: [{F811E9F0-8435-4F0B-A1B8-671AA1C1B120}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe No File
FirewallRules: [TCP Query User{B36A46F2-77CB-4CDF-BAAC-BCD4CFD85AB3}C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe No File
FirewallRules: [UDP Query User{E12865EB-9B62-41CD-94E7-69B2BECB6C06}C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe No File
FirewallRules: [{830857BA-74F1-43B9-8F42-B7C06CD44A83}] => (Block) C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe No File
FirewallRules: [{04A3E4C4-FC9C-4749-800B-EA8FFEBE7356}] => (Block) C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe No File
FirewallRules: [TCP Query User{AD0D251F-CD1F-48B4-8696-4E2AEF1B24FF}C:\program files (x86)\battle.net\battle.net.8554\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8554\battle.net.exe No File
FirewallRules: [UDP Query User{F211542D-B01B-498F-B89E-21D868B0C363}C:\program files (x86)\battle.net\battle.net.8554\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8554\battle.net.exe No File
FirewallRules: [TCP Query User{31DE13CC-068F-4170-8B7F-1EC4CDBEBE23}C:\program files (x86)\battle.net\battle.net.8657\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8657\battle.net.exe No File
FirewallRules: [UDP Query User{680905A7-F213-4525-ABA9-2AD306D4D8C6}C:\program files (x86)\battle.net\battle.net.8657\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8657\battle.net.exe No File
FirewallRules: [TCP Query User{9C41C891-7649-4C68-AB94-BE28CF5C7583}E:\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{AC16B1A1-24F5-44B1-913A-57A3947F6E05}E:\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{20652102-5F54-49E1-B4DD-6CC46EA184DA}E:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) E:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe No File
FirewallRules: [UDP Query User{914B4287-7AE5-4B5A-83B0-7976A34E71AD}E:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) E:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe No File
FirewallRules: [{4D4A2ED3-EDA4-4D0D-B4D2-E565999D9FC7}] => (Block) E:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe No File
FirewallRules: [{02ACC6B7-F2AA-498D-AB94-00449F685214}] => (Block) E:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe No File
FirewallRules: [TCP Query User{912F1D3B-F1A9-403C-AC49-6CF9285803DA}E:\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{30D763C2-DCD9-43B9-97F4-A3634CBC5C9C}E:\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe No File
FirewallRules: [{2455D623-5A3A-4362-94A2-DC503FC1C86D}] => (Block) E:\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe No File
FirewallRules: [{24F3F68F-26C2-4B02-9962-48166D177E3C}] => (Block) E:\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{95B2E954-4C6B-47E9-AC9E-7A2F566171BC}E:\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{8E851BA2-7CAC-4922-9446-4BFBE6CF6A44}E:\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe No File
FirewallRules: [{5E54F3F3-4080-485C-A388-B797BA021A7A}] => (Block) E:\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe No File
FirewallRules: [{997AE383-2B72-4909-BA0F-AF6001D1E531}] => (Block) E:\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{7A9D3BBF-1EE5-427E-A6B0-4C6BF054F794}C:\program files (x86)\battle.net\battle.net.8965\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8965\battle.net.exe No File
FirewallRules: [UDP Query User{71247883-1205-4D8E-8D2C-63C1CDE6B5B0}C:\program files (x86)\battle.net\battle.net.8965\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8965\battle.net.exe No File
FirewallRules: [{A0DF97F1-F173-4A18-B6E5-B8150F67CE5C}] => (Allow) E:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe No File
FirewallRules: [{BC61F8AC-6C91-4B4B-AC87-D09E6272417B}] => (Allow) E:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe No File
FirewallRules: [TCP Query User{41C468A1-5EB4-4EEC-9C01-3B29A4634502}E:\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe] => (Allow) E:\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe No File
FirewallRules: [UDP Query User{35536E2C-DE95-4AA7-86C8-67C6A6C19B37}E:\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe] => (Allow) E:\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe No File
FirewallRules: [TCP Query User{F1389B01-600E-4562-B325-BCA15ADCE073}E:\overwatch test\overwatch.exe] => (Allow) E:\overwatch test\overwatch.exe No File
FirewallRules: [UDP Query User{557547E9-7106-410F-BE6B-19400530228D}E:\overwatch test\overwatch.exe] => (Allow) E:\overwatch test\overwatch.exe No File
FirewallRules: [TCP Query User{CD9A031F-D150-4807-AD49-E64CF3B03675}E:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) E:\steam\steamapps\common\paladins\binaries\win32\paladins.exe No File
FirewallRules: [UDP Query User{E43C9AB6-A237-44C9-B226-C3B9ACFC6183}E:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) E:\steam\steamapps\common\paladins\binaries\win32\paladins.exe No File
FirewallRules: [TCP Query User{6F13301B-A116-4266-9B25-9F9F9601B47F}E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{B6EE94DE-BBA4-4C46-B1EE-70EA472B92F0}E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{C32AE7C3-253A-4C95-9852-A2365FF9F860}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.300\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.300\discord.exe No File
FirewallRules: [UDP Query User{4DC408C5-4B80-4CA4-B7AD-39C7AEFCD6C1}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.300\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.300\discord.exe No File
FirewallRules: [TCP Query User{FF150C06-F4C2-4159-9C78-127E6D1BE07B}C:\program files\adobe\adobe premiere pro cc 2018\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2018\adobe premiere pro.exe No File
FirewallRules: [UDP Query User{94A84E5B-7EC1-4084-85D3-AB62FCA24E1E}C:\program files\adobe\adobe premiere pro cc 2018\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2018\adobe premiere pro.exe No File
FirewallRules: [TCP Query User{6C2845E5-BB8D-443F-BBF5-126C73651C7E}E:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) E:\steam\steamapps\common\awesomenauts\awesomenauts.exe No File
FirewallRules: [UDP Query User{34C2EE1B-7430-4B5A-8E58-1A57248F86C5}E:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) E:\steam\steamapps\common\awesomenauts\awesomenauts.exe No File
FirewallRules: [{A86ECD43-F62E-4942-A473-47DD495EBF8E}] => (Allow) C:\Users\Bogdan Placintescu\Desktop\KMSpico\Service_KMS.exe No File
FirewallRules: [{FF640321-3BC0-4F62-94F1-51970578699E}] => (Allow) C:\Users\Bogdan Placintescu\Desktop\KMSpico\Service_KMS.exe No File
FirewallRules: [TCP Query User{D7ADBA16-7425-480F-BC3D-3B2B374FFD90}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe No File
FirewallRules: [UDP Query User{2F6626A0-57CE-42FF-BFA4-706DBD1CD749}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe] => (Allow) C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe No File
FirewallRules: [{567A14E9-4CC3-4A42-8AC1-68A0F7DD76A4}] => (Allow) E:\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe No File
FirewallRules: [{BBE83E14-697A-4F52-AB49-FBB832449FDD}] => (Allow) E:\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe No File
FirewallRules: [{E27F34AE-421D-40EC-A4F0-DDA70C6FF628}] => (Allow) E:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe No File
FirewallRules: [{56487A4B-477F-4398-9189-BA5A7796B6F9}] => (Allow) E:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe No File

*****************

TSemp · May 15, 2019

"HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F13DD3C8-E7B5-4B1C-B548-754EBB210B12}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F13DD3C8-E7B5-4B1C-B548-754EBB210B12}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin => removed successfully
HKLM\System\CurrentControlSet\Services\xgctaxzu => removed successfully
xgctaxzu => service removed successfully
HKLM\System\CurrentControlSet\Services\asmthub3 => removed successfully
asmthub3 => service removed successfully
HKLM\System\CurrentControlSet\Services\asmtxhci => removed successfully
asmtxhci => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
C:\WINDOWS\system32\drivers\xgctaxzu.sys => moved successfully
C:\WINDOWS\system32\tlpless.dll => moved successfully
C:\Users\Bogdan Placintescu\AppData\Roaming\AdobeWLCMCache.dat => moved successfully
C:\Users\Bogdan Placintescu\AppData\Roaming\SpeedRunnersLog.txt => moved successfully
C:\Users\Bogdan Placintescu\AppData\Local\Adobe Save for Web 13.0 Prefs => moved successfully
C:\Users\Bogdan Placintescu\AppData\Local\oobelibMkey.log => moved successfully
C:\Users\Bogdan Placintescu\AppData\Local\resmon.resmoncfg => moved successfully
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
"C:\WINDOWS\System32\tlpless.dll" => not found
C:\WINDOWS\system32\Drivers\qflzbsnv.sys => ":changelist" ADS removed successfully
"C:\WINDOWS\system32\Drivers\xgctaxzu.sys" => ":changelist" ADS not found.
C:\Users\Bogdan Placintescu\Desktop\CV stuff => ":AFP_AfpInfo" ADS removed successfully
C:\Users\Bogdan Placintescu\Desktop\Diploma SAE anul 2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Bogdan Placintescu\Desktop\Diploma SAE anul 2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Bogdan Placintescu\Desktop\Gaem => ":AFP_AfpInfo" ADS removed successfully
C:\Users\Bogdan Placintescu\Desktop\Hop!_NEW => ":AFP_AfpInfo" ADS removed successfully
C:\Users\Bogdan Placintescu\Desktop\Safari Bookmarks.html => ":AFP_AfpInfo" ADS removed successfully
C:\Users\Bogdan Placintescu\Desktop\Safari Bookmarks.html => ":com.apple.metadata_kMDItemUserTags" ADS removed successfully
C:\Users\Bogdan Placintescu\Desktop\safari reading list.html => ":AFP_AfpInfo" ADS removed successfully
C:\Users\Bogdan Placintescu\Desktop\safari reading list.html => ":com.apple.metadata_kMDItemUserTags" ADS removed successfully
C:\Users\Public\.DS_Store => ":AFP_AfpInfo" ADS removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Public\Documents\.DS_Store => ":AFP_AfpInfo" ADS removed successfully
C:\WINDOWS\system32\Drivers\qflzbsnv.sys => moved successfully
HKLM\System\CurrentControlSet\Services\qflzbsnv => removed successfully
qflzbsnv => service removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8B2587DE-1F13-40C9-9E6F-E8567FC7D9CC}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{454DAF59-8610-4077-9350-F2D918F9FB84}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6882A908-E6E0-4FCD-BF3E-E8E632408748}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8BAA4360-DB55-4394-A1B5-05D442A3A1FF}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6C683BD8-F22E-4E71-8DB6-D0A3C4182E93}C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{66D2AB2B-C928-47A7-A54A-E6CC71429F51}C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{71B7B179-D440-4B6C-A6C2-A806069EDC18}C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9A2A79B0-A8C8-40B7-9CF4-8494C17E1639}C:\users\bogdan placintescu\appdata\local\akamai\netsession_win.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{54A0141E-FF31-4B54-B524-1E5B8185EBD2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2803DD31-5551-420F-8F52-C98CBE4805CB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B9EE3591-5FCC-4EC7-84E4-C6277AADCC70}E:\steam\steamapps\common\assassin's creed revelations\acrpr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A8FB5909-AAE6-49B8-B001-02BC2F856BBE}E:\steam\steamapps\common\assassin's creed revelations\acrpr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{54A79771-E54F-4C63-A24E-FC81DA932320}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{08CD9225-8547-4DAC-932E-7D47516B1DE1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FBE4B4C7-6D43-4815-95E1-7EC467ED3089}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9AA57F8-9DD4-4FBD-9C3D-4D4EE85502F5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96FE9F4A-8F1F-483C-B71B-A4193DE37F1C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9BE8509-78B3-43C8-AA29-690750DA9183}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{94FCB05F-3F37-4AF9-866E-4D45A7DC9295}C:\program files (x86)\battle.net\battle.net.9397\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F531EE0C-5CF6-47C9-BB70-970291FA1C36}C:\program files (x86)\battle.net\battle.net.9397\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E323831F-CB3A-4EDF-86C2-861F85A8A3C0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C96C25DB-8C84-44CC-A3D1-1421189969A3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D21F9DB0-305A-4AD9-9758-FBA2CFD70338}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FD2E22D-6233-43C2-93C3-69C7A977A7BF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BF00E262-176A-4B19-A44F-DBBE1499F6C7}E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C47C2FE7-7B14-47DE-B5AF-43ABAACB6692}E:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE0866A2-080E-4DF6-8444-89F88FEBA27E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{55FCCBCD-931E-4E3C-BD9F-49D30129E108}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B7C6093B-0735-4B1B-85BB-130B7E53492F}E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8BDF8220-8EE2-4FB2-A458-88B9CF6B2BEE}E:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E62B46B-596C-4D98-9C20-E5239FF8609A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C117EB6E-26F2-42FF-8779-9757850D1762}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5353A3A1-5743-4E03-9215-422E0BD4C2DE}E:\starcraft\starcraft.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D621DBC1-20C7-4254-B6AC-590610DA8A50}E:\starcraft\starcraft.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A8EA5E6-632B-4C8B-A87F-364E73FF9298}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB1ADBC2-7DC9-4B8D-A520-CD8B4E09E4E9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D4F4F150-A07C-4960-B9E7-4DC922949FAB}C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{226E3527-8E2D-4781-B43E-7C48EBEC3AD6}C:\program files (x86)\battle.net\battle.net.9262\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0884F2C9-18F8-40D3-94D9-A9D12A85ADE8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43152848-AE89-434F-9D57-6D5A119292E6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4C743791-075C-4D93-9E50-82868E1C0DA7}E:\starcraft ii\versions\base55958\sc2_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E62B02E9-87C1-47F7-A2E3-5EB66C147655}E:\starcraft ii\versions\base55958\sc2_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EEEFD632-D5B4-4836-92CE-C0C811783D50}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B06973BC-8437-4F71-9178-5987E2B3EE1C}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1770A958-2276-4276-9B07-C2A0AC009F72}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECDAAF6F-0DA3-4EEC-B7D5-868D99C28E06}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E9977E2-FD73-4331-BB75-42C9EC71F68C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1164B80C-134A-46F2-90D3-85F4B0493303}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1EA56F08-4BA0-4704-A7BF-3E2533A50F7B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0D14898-01D5-48E9-83D5-6CAB8408C659}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E5498088-46AE-4E84-A627-EC0C5FA949AF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA02844D-E46B-48E9-B88E-E777DD994E30}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C8A772F-066B-4B90-AF65-141DBA765C3B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C1CD9C8D-9D1D-4030-BA12-D437D3764D19}E:\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{704878BB-0CCF-4AF5-85F6-7336131588AB}E:\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{380624EE-5F19-42BC-9C21-7A1A77CE6AE5}E:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1352C6F3-7DBA-48BD-9830-7381C5FFAD49}E:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E079391A-14FD-4D2A-804B-82D42E1F27C1}C:\program files (x86)\battle.net\battle.net.8179\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9CB719BD-1748-4BCD-8477-D1B0747F465C}C:\program files (x86)\battle.net\battle.net.8179\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1D442CE6-9F27-4CE5-916B-69B52E87578D}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4C18A832-A1BB-4D53-8AD9-638F2DF43101}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F6EACE3C-A87A-4D51-B741-A146E49159FB}E:\java\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B3B1F287-A239-44DF-9F15-33501514A32D}E:\java\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3B3E749-F016-446E-8669-FED400175F32}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4AF9839-5005-4CA2-8E02-54F98395DA29}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{78BE07C8-B023-4B5A-9B23-8C82E23E63F9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4FBC982F-3E79-46C9-B467-0341B9675A36}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D580EA31-BE6B-4F5B-831C-E9C577FF3509}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{59BE79C4-E34E-4AA5-B1C7-373C357E1589}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D8A0EE7C-C56C-4433-89AF-69D8C03C1A43}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4B159242-0532-46F2-AC85-E07060CF0C38}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5852E325-E350-438A-A2ED-CBA75055AECB}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FB9B89EB-4EBF-4A95-9D65-64FE3232C61C}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A3F9FB2B-5DBF-48B1-93B1-AF290FDF575B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A9D11FF-A7D6-4916-80F7-49B20FEB7ACB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3066BC8D-9ED9-4671-BB3C-65E6A26F3E9D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E52E35C-4686-477F-A3CD-30E63081DB30}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{205647DE-64FE-4C3C-B15C-17AC62AB9AE8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{42AFB113-5996-4568-B7AD-44B716C1BE24}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4DDB62A-4F45-419F-969C-FD5AC78507CA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A17B13A1-5DB4-43A3-8D76-FCD04910124E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2071C076-2154-4ACA-ACDC-BADE5EA0D0F5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{315F8541-FBFC-40BB-80AA-922C5EEAB7E1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F08905BC-8625-4B66-9BD4-9E183322727C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F811E9F0-8435-4F0B-A1B8-671AA1C1B120}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B36A46F2-77CB-4CDF-BAAC-BCD4CFD85AB3}C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E12865EB-9B62-41CD-94E7-69B2BECB6C06}C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{830857BA-74F1-43B9-8F42-B7C06CD44A83}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{04A3E4C4-FC9C-4749-800B-EA8FFEBE7356}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AD0D251F-CD1F-48B4-8696-4E2AEF1B24FF}C:\program files (x86)\battle.net\battle.net.8554\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F211542D-B01B-498F-B89E-21D868B0C363}C:\program files (x86)\battle.net\battle.net.8554\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{31DE13CC-068F-4170-8B7F-1EC4CDBEBE23}C:\program files (x86)\battle.net\battle.net.8657\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{680905A7-F213-4525-ABA9-2AD306D4D8C6}C:\program files (x86)\battle.net\battle.net.8657\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9C41C891-7649-4C68-AB94-BE28CF5C7583}E:\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AC16B1A1-24F5-44B1-913A-57A3947F6E05}E:\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{20652102-5F54-49E1-B4DD-6CC46EA184DA}E:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{914B4287-7AE5-4B5A-83B0-7976A34E71AD}E:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4D4A2ED3-EDA4-4D0D-B4D2-E565999D9FC7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02ACC6B7-F2AA-498D-AB94-00449F685214}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{912F1D3B-F1A9-403C-AC49-6CF9285803DA}E:\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{30D763C2-DCD9-43B9-97F4-A3634CBC5C9C}E:\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2455D623-5A3A-4362-94A2-DC503FC1C86D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24F3F68F-26C2-4B02-9962-48166D177E3C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{95B2E954-4C6B-47E9-AC9E-7A2F566171BC}E:\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8E851BA2-7CAC-4922-9446-4BFBE6CF6A44}E:\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E54F3F3-4080-485C-A388-B797BA021A7A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{997AE383-2B72-4909-BA0F-AF6001D1E531}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7A9D3BBF-1EE5-427E-A6B0-4C6BF054F794}C:\program files (x86)\battle.net\battle.net.8965\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{71247883-1205-4D8E-8D2C-63C1CDE6B5B0}C:\program files (x86)\battle.net\battle.net.8965\battle.net.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A0DF97F1-F173-4A18-B6E5-B8150F67CE5C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC61F8AC-6C91-4B4B-AC87-D09E6272417B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{41C468A1-5EB4-4EEC-9C01-3B29A4634502}E:\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{35536E2C-DE95-4AA7-86C8-67C6A6C19B37}E:\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F1389B01-600E-4562-B325-BCA15ADCE073}E:\overwatch test\overwatch.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{557547E9-7106-410F-BE6B-19400530228D}E:\overwatch test\overwatch.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CD9A031F-D150-4807-AD49-E64CF3B03675}E:\steam\steamapps\common\paladins\binaries\win32\paladins.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E43C9AB6-A237-44C9-B226-C3B9ACFC6183}E:\steam\steamapps\common\paladins\binaries\win32\paladins.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6F13301B-A116-4266-9B25-9F9F9601B47F}E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B6EE94DE-BBA4-4C46-B1EE-70EA472B92F0}E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C32AE7C3-253A-4C95-9852-A2365FF9F860}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.300\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4DC408C5-4B80-4CA4-B7AD-39C7AEFCD6C1}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.300\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FF150C06-F4C2-4159-9C78-127E6D1BE07B}C:\program files\adobe\adobe premiere pro cc 2018\adobe premiere pro.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{94A84E5B-7EC1-4084-85D3-AB62FCA24E1E}C:\program files\adobe\adobe premiere pro cc 2018\adobe premiere pro.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6C2845E5-BB8D-443F-BBF5-126C73651C7E}E:\steam\steamapps\common\awesomenauts\awesomenauts.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{34C2EE1B-7430-4B5A-8E58-1A57248F86C5}E:\steam\steamapps\common\awesomenauts\awesomenauts.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A86ECD43-F62E-4942-A473-47DD495EBF8E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF640321-3BC0-4F62-94F1-51970578699E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D7ADBA16-7425-480F-BC3D-3B2B374FFD90}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2F6626A0-57CE-42FF-BFA4-706DBD1CD749}C:\users\bogdan placintescu\appdata\local\discord\app-0.0.301\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{567A14E9-4CC3-4A42-8AC1-68A0F7DD76A4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BBE83E14-697A-4F52-AB49-FBB832449FDD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E27F34AE-421D-40EC-A4F0-DDA70C6FF628}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56487A4B-477F-4398-9189-BA5A7796B6F9}" => removed successfully

==== End of Fixlog 23:56:58 ====

Broni · May 15, 2019

Good.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

TSemp · May 15, 2019

Did all the steps, logs incoming:

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 171
Java version 32-bit out of Date!
Adobe Flash Player 32.0.0.192
Google Chrome (74.0.3729.157)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

TSemp · May 15, 2019

Farbar Service Scanner Version: 27-01-2016
Ran by Bogdan Placintescu (administrator) on 16-05-2019 at 00:10:21
Running from "C:\Users\Bogdan Placintescu\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

TSemp · May 15, 2019

2019-05-15 21:17:22.830 Sophos Virus Removal Tool version 2.7.0
2019-05-15 21:17:22.831 Copyright (c) 2009-2018 Sophos Limited. All rights reserved.

2019-05-15 21:17:22.831 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2019-05-15 21:17:22.831 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
2019-05-15 21:17:22.831 Checking for updates...
2019-05-15 21:17:22.848 Update progress: proxy server not available
2019-05-15 21:17:25.434 Downloading updates...
2019-05-15 21:17:25.436 Update progress: [I96736] sdds.svrt_v1.10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2019-05-15 21:17:25.436 Update progress: [I95020] sdds.svrt_v1.10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2019-05-15 21:17:25.436 Update progress: [I22529] sdds.svrt_v1.10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2019-05-15 21:17:25.436 Update progress: [V81533] SU::createCachedPackageSource creating cached package source for http://d2.sophosupd.com/update-B: url=SOPHOS
2019-05-15 21:17:25.436 Update progress: [V81533] SU::createCachedPackageSource creating http_source_specific_data to download customer file
2019-05-15 21:17:25.436 Update progress: [V81533] SU::createCachedPackageSource creating package source to download customer file
2019-05-15 21:17:25.436 Update progress: [V81533] SU::createCachedPackageSource creating cached package source
2019-05-15 21:17:25.436 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: catalogue/sdds.data0910.xml
2019-05-15 21:17:25.436 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: catalogue/sdds.data0910.xml: 15 ms
2019-05-15 21:17:25.436 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9e87d293bd1946d8365019b0f10d501ax000.xml: 4251 bytes
2019-05-15 21:17:25.436 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9e87d293bd1946d8365019b0f10d501ax000.xml: 0 ms
2019-05-15 21:17:25.436 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 43ea19a9727f2666a4a816aec3233d86x000.xml: 8673 bytes
2019-05-15 21:17:25.436 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 43ea19a9727f2666a4a816aec3233d86x000.xml: 16 ms
2019-05-15 21:17:25.436 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE566/4ad40e58516e70b0a5f2c4a6d32b53a4x000.xml: 590 bytes
2019-05-15 21:17:25.436 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE566/4ad40e58516e70b0a5f2c4a6d32b53a4x000.xml: 15 ms
2019-05-15 21:17:25.436 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE564/9f6e398a20843f35f578681b997a722cx000.xml: 3061 bytes
2019-05-15 21:17:25.436 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE564/9f6e398a20843f35f578681b997a722cx000.xml: 0 ms
2019-05-15 21:17:25.436 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE565/8c99f26ae68942e4fa9b2352c0913128x000.xml: 14294 bytes
2019-05-15 21:17:25.436 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE565/8c99f26ae68942e4fa9b2352c0913128x000.xml: 16 ms
2019-05-15 21:17:25.436 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 25cfc449275a67ffa876561eb4447650x000.xml: 615 bytes
2019-05-15 21:17:25.436 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 25cfc449275a67ffa876561eb4447650x000.xml: 0 ms
2019-05-15 21:17:25.436 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c1939ceacb06dd1e766a94e547bb53d2x000.xml: 320 bytes
2019-05-15 21:17:25.436 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c1939ceacb06dd1e766a94e547bb53d2x000.xml: 16 ms
2019-05-15 21:17:25.436 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 744245923511e3efb608ce7bad5c0420x000.xml: 877 bytes
2019-05-15 21:17:25.436 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 744245923511e3efb608ce7bad5c0420x000.xml: 46 ms
2019-05-15 21:17:25.436 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8babe81e549c603620219a4b18881322x000.xml: 338 bytes
2019-05-15 21:17:25.436 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8babe81e549c603620219a4b18881322x000.xml: 0 ms
2019-05-15 21:17:25.436 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c6ea5848bc6bd062b73453e973a12b54x000.xml: 877 bytes
2019-05-15 21:17:25.436 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c6ea5848bc6bd062b73453e973a12b54x000.xml: 47 ms
2019-05-15 21:17:25.436 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7ed9eb6c62af9815db4eadd0fdc22bb4x000.xml: 338 bytes
2019-05-15 21:17:25.436 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7ed9eb6c62af9815db4eadd0fdc22bb4x000.xml: 0 ms
2019-05-15 21:17:25.436 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b39ddcd43758c217dd2c403f42c9f37fx000.xml: 877 bytes
2019-05-15 21:17:25.436 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b39ddcd43758c217dd2c403f42c9f37fx000.xml: 47 ms
2019-05-15 21:17:25.436 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ca2e23947a98fd303972603936adfb1ax000.xml: 338 bytes
2019-05-15 21:17:25.436 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ca2e23947a98fd303972603936adfb1ax000.xml: 0 ms
2019-05-15 21:17:25.436 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 064fb4ba7f6d66fc8cab7fbb5a137ca4x000.xml: 877 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 064fb4ba7f6d66fc8cab7fbb5a137ca4x000.xml: 47 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: baf31f03c6f3cfa4a64b0f43b35b824fx000.xml: 338 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: baf31f03c6f3cfa4a64b0f43b35b824fx000.xml: 31 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: bfe916462518598e345093c5f0195c26x000.xml: 877 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: bfe916462518598e345093c5f0195c26x000.xml: 31 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: fce91422277d8417d3375dbd1cc39d0bx000.xml: 338 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: fce91422277d8417d3375dbd1cc39d0bx000.xml: 31 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2c9f2b4a3bd9b8aa278af484075cffbbx000.xml: 1027 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2c9f2b4a3bd9b8aa278af484075cffbbx000.xml: 47 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 542303d59e10e8dcd6b025d5e810d68dx000.xml: 338 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 542303d59e10e8dcd6b025d5e810d68dx000.xml: 63 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 069747a8dceefb9eadf1987424bab98dx000.xml: 877 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 069747a8dceefb9eadf1987424bab98dx000.xml: 0 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6beec25c0724ee551c6ab49dfe044f4ax000.xml: 877 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6beec25c0724ee551c6ab49dfe044f4ax000.xml: 32 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b561abc9f801df3682fffffc14b72bcdx000.xml: 332 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b561abc9f801df3682fffffc14b72bcdx000.xml: 0 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2a52b64506d5cc33f7a12ed452b2be28x000.xml: 877 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2a52b64506d5cc33f7a12ed452b2be28x000.xml: 15 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 944bbab143561d5f4bc4327a0b54bf76x000.xml: 332 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 944bbab143561d5f4bc4327a0b54bf76x000.xml: 0 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 54c0a6c9bddddb2e578b3c88d1802880x000.xml: 877 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 54c0a6c9bddddb2e578b3c88d1802880x000.xml: 16 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ab4e727f11743361da7f8e058792b347x000.xml: 332 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ab4e727f11743361da7f8e058792b347x000.xml: 47 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b257ef5497f1f83bfc634940d8dc9a0ax000.xml: 877 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b257ef5497f1f83bfc634940d8dc9a0ax000.xml: 31 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a5722dedccf04fa4d0a664c6a08b9171x000.xml: 333 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a5722dedccf04fa4d0a664c6a08b9171x000.xml: 63 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 22690a4bdcd5273de3eede649ad8a581x000.xml: 877 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 22690a4bdcd5273de3eede649ad8a581x000.xml: 78 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5b09452f31fc67a6ea01b77307bee21fx000.xml: 333 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5b09452f31fc67a6ea01b77307bee21fx000.xml: 47 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 43d21ccd7cb1c7e9f7196fb10e12dd20x000.xml: 877 bytes
2019-05-15 21:17:25.437 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 43d21ccd7cb1c7e9f7196fb10e12dd20x000.xml: 140 ms
2019-05-15 21:17:25.437 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 58193dacbd522f77edc300a295876800x000.xml: 333 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 58193dacbd522f77edc300a295876800x000.xml: 31 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f5d8ab92d7ce4b4fcc9042bd1ec49187x000.xml: 877 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f5d8ab92d7ce4b4fcc9042bd1ec49187x000.xml: 47 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ee763cc40cbab4ff881cccb18182adf4x000.xml: 333 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ee763cc40cbab4ff881cccb18182adf4x000.xml: 32 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e5f3c243bea398f38e966ffcfbe65df6x000.xml: 877 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e5f3c243bea398f38e966ffcfbe65df6x000.xml: 46 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0e0432096ed0da758838d77ab6bcab58x000.xml: 333 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0e0432096ed0da758838d77ab6bcab58x000.xml: 0 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9caee9c3b311505691e4ca72ce1bc43ex000.xml: 877 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9caee9c3b311505691e4ca72ce1bc43ex000.xml: 16 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: de2691fc2ca833ab3cbb434ce1d71a85x000.xml: 333 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: de2691fc2ca833ab3cbb434ce1d71a85x000.xml: 47 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c95fcad568ef78468596a2e31a2d579bx000.xml: 877 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c95fcad568ef78468596a2e31a2d579bx000.xml: 0 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 58aa04f9a8ea41acc487f7a3daec054cx000.xml: 335 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 58aa04f9a8ea41acc487f7a3daec054cx000.xml: 16 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 27f8d3e71d567f91e46a54abcb91efabx000.xml: 877 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 27f8d3e71d567f91e46a54abcb91efabx000.xml: 15 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1c560d5f29b71d0399b163ac84ebc299x000.xml: 335 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1c560d5f29b71d0399b163ac84ebc299x000.xml: 0 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 31a90023865482c0088b67ef45b66dfdx000.xml: 877 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 31a90023865482c0088b67ef45b66dfdx000.xml: 16 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 3be36919cd4fc6eab9fb3d66d7d6bc56x000.xml: 335 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 3be36919cd4fc6eab9fb3d66d7d6bc56x000.xml: 0 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 48422b8db7b5e4af6b52ed7276f3a407x000.xml: 877 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 48422b8db7b5e4af6b52ed7276f3a407x000.xml: 0 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c9f7212dc84c741e682847127905c2a3x000.xml: 335 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c9f7212dc84c741e682847127905c2a3x000.xml: 47 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a090b25724fbe150f6f4116f0c13ec05x000.xml: 877 bytes
2019-05-15 21:17:25.438 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a090b25724fbe150f6f4116f0c13ec05x000.xml: 16 ms
2019-05-15 21:17:25.438 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2eb34b757db1758283d8a8e078ff1fbdx000.xml: 335 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2eb34b757db1758283d8a8e078ff1fbdx000.xml: 16 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d7923627c8a1e9f9a838f249ea16f83bx000.xml: 877 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d7923627c8a1e9f9a838f249ea16f83bx000.xml: 0 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7896b1927d3347a0a1c267f3b4df4744x000.xml: 335 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7896b1927d3347a0a1c267f3b4df4744x000.xml: 15 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ea043f70ab57b9c2ff2e55169b305cb8x000.xml: 877 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ea043f70ab57b9c2ff2e55169b305cb8x000.xml: 110 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1ded965fc851c5b9c3be6ad592d6a9f2x000.xml: 335 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1ded965fc851c5b9c3be6ad592d6a9f2x000.xml: 0 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d6ecf2e87485e62282bd7227ace4d49bx000.xml: 877 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d6ecf2e87485e62282bd7227ace4d49bx000.xml: 15 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a393bba75f19b9c48e77cc27e131f5dfx000.xml: 335 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a393bba75f19b9c48e77cc27e131f5dfx000.xml: 31 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a1626873a5cd4c6f54d7076bf7c70301x000.xml: 877 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a1626873a5cd4c6f54d7076bf7c70301x000.xml: 79 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 009c7a6779b436c6741c449b247a2c15x000.xml: 335 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 009c7a6779b436c6741c449b247a2c15x000.xml: 31 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5647bd7c0b6195c6635bacab7924f25bx000.xml: 877 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5647bd7c0b6195c6635bacab7924f25bx000.xml: 15 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4804553e416b89c715faeb14a1d63abbx000.xml: 335 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4804553e416b89c715faeb14a1d63abbx000.xml: 32 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e05f881cb833c3a76dcd906827ddc08fx000.xml: 877 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e05f881cb833c3a76dcd906827ddc08fx000.xml: 16 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5c4c3aeb6d2bb327d5fd26d184e084cdx000.xml: 335 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5c4c3aeb6d2bb327d5fd26d184e084cdx000.xml: 0 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e6e0828be96963c31066923ad3e1e6f0x000.xml: 877 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e6e0828be96963c31066923ad3e1e6f0x000.xml: 16 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ff18d3b5b4f9ec42aed51f2765a4e13ax000.xml: 335 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ff18d3b5b4f9ec42aed51f2765a4e13ax000.xml: 15 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f4e5b80ff00fcd7e9ceb0d12140935b0x000.xml: 877 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f4e5b80ff00fcd7e9ceb0d12140935b0x000.xml: 16 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 09c43cec239089edcb89ed0d6c7c9a6bx000.xml: 335 bytes
2019-05-15 21:17:25.439 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 09c43cec239089edcb89ed0d6c7c9a6bx000.xml: 0 ms
2019-05-15 21:17:25.439 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b702cca816fda0dbc3541d3a3b2c3f96x000.xml: 877 bytes
2019-05-15 21:17:25.440 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b702cca816fda0dbc3541d3a3b2c3f96x000.xml: 15 ms
2019-05-15 21:17:25.440 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f552b9ef34a8694404d8f0db7010a167x000.xml: 335 bytes
2019-05-15 21:17:25.440 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f552b9ef34a8694404d8f0db7010a167x000.xml: 16 ms
2019-05-15 21:17:25.440 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9ebfc0a03a7b50e16f5a8fe65d1aadfdx000.xml: 877 bytes
2019-05-15 21:17:25.440 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9ebfc0a03a7b50e16f5a8fe65d1aadfdx000.xml: 0 ms
2019-05-15 21:17:25.440 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 11d54888611bdb662c55d88a26460a85x000.xml: 335 bytes
2019-05-15 21:17:25.440 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 11d54888611bdb662c55d88a26460a85x000.xml: 16 ms
2019-05-15 21:17:25.440 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7ffd1070325fab26f9a72eaf02043ee6x000.xml: 877 bytes
2019-05-15 21:17:25.440 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7ffd1070325fab26f9a72eaf02043ee6x000.xml: 0 ms
2019-05-15 21:17:25.440 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7fd5952de70d85a02105925f888a1a9fx000.xml: 335 bytes
2019-05-15 21:17:25.440 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7fd5952de70d85a02105925f888a1a9fx000.xml: 15 ms
2019-05-15 21:17:25.440 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f5f58cb7c33d06107786f4c390cda929x000.xml: 877 bytes
2019-05-15 21:17:25.440 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f5f58cb7c33d06107786f4c390cda929x000.xml: 0 ms
2019-05-15 21:17:25.440 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 278dbb97f551d06abee7314cd3906a9fx000.xml: 335 bytes
2019-05-15 21:17:25.440 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 278dbb97f551d06abee7314cd3906a9fx000.xml: 0 ms
2019-05-15 21:17:25.440 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 58855f17019f91022f8d716cd918fb64x000.xml: 877 bytes
2019-05-15 21:17:25.440 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 58855f17019f91022f8d716cd918fb64x000.xml: 16 ms
2019-05-15 21:17:25.440 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a13f5076a4f33a098d089ba2ab1a2e5cx000.xml: 335 bytes
2019-05-15 21:17:25.440 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a13f5076a4f33a098d089ba2ab1a2e5cx000.xml: 0 ms
2019-05-15 21:17:25.440 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6233b53b4dabb2ffde70b1f5905dc631x000.xml: 1027 bytes
2019-05-15 21:17:25.440 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6233b53b4dabb2ffde70b1f5905dc631x000.xml: 15 ms
2019-05-15 21:17:25.440 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: de8f78e954eb1a358c7d67b705b29686x000.xml: 335 bytes
2019-05-15 21:17:25.440 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: de8f78e954eb1a358c7d67b705b29686x000.xml: 0 ms
2019-05-15 21:17:25.440 Update progress: [I49502] sdds.data0910.xml: found supplement IDE562 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2019-05-15 21:17:25.440 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE562 LATEST path=
2019-05-15 21:17:25.440 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE562 LATEST path=
2019-05-15 21:17:25.440 Update progress: [I49502] sdds.data0910.xml: found supplement IDE563 LATEST path= baseVersion= [included from product IDE562 LATEST path=]
2019-05-15 21:17:25.440 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE563 LATEST path=
2019-05-15 21:17:25.440 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE563 LATEST path=
2019-05-15 21:17:25.440 Update progress: [I49502] sdds.data0910.xml: found supplement IDE564 LATEST path= baseVersion= [included from product IDE563 LATEST path=]
2019-05-15 21:17:25.440 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE564 LATEST path=
2019-05-15 21:17:25.440 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE564 LATEST path=
2019-05-15 21:17:25.440 Update progress: [I49502] sdds.data0910.xml: found supplement IDE565 LATEST path= baseVersion= [included from product IDE564 LATEST path=]
2019-05-15 21:17:25.440 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE565 LATEST path=
2019-05-15 21:17:25.440 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE565 LATEST path=
2019-05-15 21:17:25.440 Update progress: [I49502] sdds.data0910.xml: found supplement IDE566 LATEST path= baseVersion= [included from product IDE565 LATEST path=]
2019-05-15 21:17:25.440 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE566 LATEST path=
2019-05-15 21:17:25.440 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE566 LATEST path=
2019-05-15 21:17:25.440 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2019-05-15 21:17:25.474 Update progress: [I19463] Syncing product IDE562 LATEST path=
2019-05-15 21:17:25.475 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a1f29c9e692d3e9cab78a5ab9449e92cx000.xml: 397 bytes
2019-05-15 21:17:25.475 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a1f29c9e692d3e9cab78a5ab9449e92cx000.xml: 0 ms
2019-05-15 21:17:25.475 Update progress: [I19463] Product download size 7625 bytes
2019-05-15 21:17:25.485 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 72a13e07455878239ab47d3a9bdc39e6x000.xml: 7625 bytes
2019-05-15 21:17:25.485 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 72a13e07455878239ab47d3a9bdc39e6x000.xml: 0 ms
2019-05-15 21:17:25.511 Update progress: [I19463] Syncing product IDE563 LATEST path=
2019-05-15 21:17:25.578 Update progress: [I19463] Syncing product IDE564 LATEST path=
2019-05-15 21:17:25.578 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b31805dbf2a988abbc4a8c67da695c53x000.xml: 29226 bytes
2019-05-15 21:17:25.578 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b31805dbf2a988abbc4a8c67da695c53x000.xml: 47 ms
2019-05-15 21:17:25.578 Update progress: [I19463] Product download size 129129 bytes
2019-05-15 21:17:26.354 Update progress: [I19463] Syncing product IDE565 LATEST path=
2019-05-15 21:17:26.354 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 56203ed619c02c52578174f4165c565dx000.xml: 7096 bytes
2019-05-15 21:17:26.354 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 56203ed619c02c52578174f4165c565dx000.xml: 16 ms
2019-05-15 21:17:26.354 Update progress: [I19463] Product download size 497699 bytes
2019-05-15 21:17:28.316 Update progress: [I19463] Syncing product IDE566 LATEST path=
2019-05-15 21:17:28.346 Installing updates...
2019-05-15 21:17:35.143 Option all = no
2019-05-15 21:17:35.745 Option recurse = yes
2019-05-15 21:17:35.745 Option archive = no
2019-05-15 21:17:35.745 Option service = yes
2019-05-15 21:17:35.745 Option confirm = yes
2019-05-15 21:17:35.745 Option sxl = yes
2019-05-15 21:17:35.745 Option max-data-age = 35
2019-05-15 21:17:35.745 Option vdl-logging = yes
2019-05-15 21:17:35.745 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2019-05-15 21:17:35.745 Machine ID: 2cee29ccb1314218b0ca3f544d02bcf0
2019-05-15 21:17:35.745 Component SVRTcli.exe version 2.7.0
2019-05-15 21:17:35.745 Component control.dll version 2.7.0
2019-05-15 21:17:35.745 Component SVRTservice.exe version 2.7.0
2019-05-15 21:17:35.745 Component engine\osdp.dll version 1.44.1.2443
2019-05-15 21:17:35.745 Component engine\veex.dll version 3.75.0.2443
2019-05-15 21:17:35.745 Component engine\savi.dll version 9.0.13.2443
2019-05-15 21:17:35.745 Component rkdisk.dll version 1.5.33.1
2019-05-15 21:17:35.745 Version info: Product version 2.7.0
2019-05-15 21:17:35.745 Version info: Detection engine 3.75.0
2019-05-15 21:17:35.745 Version info: Detection data 5.61
2019-05-15 21:17:35.745 Version info: Build date 12.03.2019
2019-05-15 21:17:35.745 Version info: Data files added 329
2019-05-15 21:17:35.745 Version info: Last successful update 06.05.2019 20:50:06
2019-05-15 21:17:35.745 Error level 1
2019-05-15 21:17:36.927 Update successful
2019-05-15 21:17:48.077 Option all = no
2019-05-15 21:17:48.077 Option recurse = yes
2019-05-15 21:17:48.077 Option archive = no
2019-05-15 21:17:48.077 Option service = yes
2019-05-15 21:17:48.077 Option confirm = yes
2019-05-15 21:17:48.077 Option sxl = yes
2019-05-15 21:17:48.080 Option max-data-age = 35
2019-05-15 21:17:48.080 Option vdl-logging = yes
2019-05-15 21:17:48.084 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2019-05-15 21:17:48.084 Machine ID: 2cee29ccb1314218b0ca3f544d02bcf0
2019-05-15 21:17:48.090 Component SVRTcli.exe version 2.7.0
2019-05-15 21:17:48.090 Component control.dll version 2.7.0
2019-05-15 21:17:48.090 Component SVRTservice.exe version 2.7.0
2019-05-15 21:17:48.090 Component engine\osdp.dll version 1.44.1.2443
2019-05-15 21:17:48.090 Component engine\veex.dll version 3.75.0.2443
2019-05-15 21:17:48.090 Component engine\savi.dll version 9.0.13.2443
2019-05-15 21:17:48.090 Component rkdisk.dll version 1.5.33.1
2019-05-15 21:17:48.090 Version info: Product version 2.7.0
2019-05-15 21:17:48.091 Version info: Detection engine 3.75.0
2019-05-15 21:17:48.091 Version info: Detection data 5.61
2019-05-15 21:17:48.091 Version info: Build date 12.03.2019
2019-05-15 21:17:48.091 Version info: Data files added 364
2019-05-15 21:17:48.091 Version info: Last successful update 16.05.2019 00:17:36

2019-05-15 21:27:21.689 Could not open C:\hiberfil.sys
2019-05-15 21:29:13.551 Could not open C:\Program Files\Microsoft Office\root\client\AppvIsvStream32.dll
2019-05-15 21:29:13.552 Could not open C:\Program Files\Microsoft Office\root\client\AppvIsvStream64.dll
2019-05-15 21:29:15.817 Could not open C:\Program Files\Microsoft Office\root\Flattener\AppvIsvStream32.dll
2019-05-15 21:29:15.817 Could not open C:\Program Files\Microsoft Office\root\Flattener\AppvIsvStream64.dll
2019-05-15 21:29:16.418 Could not open C:\Program Files\Microsoft Office\root\Integration\AppvIsvStream32.dll
2019-05-15 21:29:16.419 Could not open C:\Program Files\Microsoft Office\root\Integration\AppvIsvStream64.dll
2019-05-15 21:29:20.764 Could not open C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\AppvIsvStream32.dll
2019-05-15 21:29:20.765 Could not open C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\AppvIsvStream64.dll
2019-05-15 21:29:28.479 Could not open C:\Program Files\Microsoft Office\root\Office16\AppvIsvStream32.dll
2019-05-15 21:29:28.480 Could not open C:\Program Files\Microsoft Office\root\Office16\AppvIsvStream64.dll
2019-05-15 21:29:41.194 Could not open C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW\AppvIsvStream64.dll
2019-05-15 21:29:41.310 Could not open C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\AppvIsvStream32.dll
2019-05-15 21:29:44.208 Could not open C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvStream64.dll
2019-05-15 21:29:48.656 Could not open C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\AppvIsvStream64.dll
2019-05-15 21:29:48.746 Could not open C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Source Engine\AppvIsvStream64.dll
2019-05-15 21:29:49.337 Could not open C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\EQUATION\AppvIsvStream32.dll
2019-05-15 21:30:01.078 Could not open C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\130\AppvIsvStream64.dll
2019-05-15 21:30:02.081 Could not open C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\130\AppvIsvStream32.dll
2019-05-15 21:30:04.624 Could not open C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\AppvIsvStream32.dll
2019-05-15 21:30:04.662 Could not open C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\DCF\AppvIsvStream32.dll
2019-05-15 21:35:40.105 Could not open C:\swapfile.sys
2019-05-15 21:35:40.144 Could not open C:\System Volume Information\{2896acc3-744d-11e9-b1a9-4ccc6a4c3fbd}{3808876b-c176-4e48-b7ae-04046e6cc752}
2019-05-15 21:35:40.144 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2019-05-15 21:36:00.498 Could not open C:\Users\Bogdan Placintescu\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2019-05-15 21:36:00.499 Could not open C:\Users\Bogdan Placintescu\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe
2019-05-15 21:40:17.790 >>> Virus 'Mal/Generic-S' found in file C:\Windows\Microsoft.NET\Framework\version.dll\FILE:0001
2019-05-15 21:40:17.790 Disinfection not offered
2019-05-15 21:40:25.157 >>> Virus 'Mal/Generic-S' found in file C:\Windows\Microsoft.NET\Framework\version.dll
2019-05-15 21:40:25.157 >>> Virus 'Mal/Generic-S' found in file C:\Windows\Microsoft.NET\Framework\version.dll
2019-05-15 21:41:41.698 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2019-05-15 21:41:41.700 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2019-05-15 21:41:43.248 Could not open C:\Windows\System32\config\BBI
2019-05-15 21:43:57.585 >>> Virus 'Mal/Generic-S' found in file C:\Windows\System32\msfte.dll\FILE:0001
2019-05-15 21:43:57.585 Disinfection not offered
2019-05-15 21:44:04.703 >>> Virus 'Mal/Generic-S' found in file C:\Windows\System32\msfte.dll
2019-05-15 21:44:04.703 >>> Virus 'Mal/Generic-S' found in file C:\Windows\System32\msfte.dll
2019-05-15 21:44:30.574 >>> Virus 'Mal/Generic-S' found in file C:\Windows\System32\SppExtComObjHook.dll
2019-05-15 21:44:35.001 >>> Virus 'Mal/Generic-S' found in file C:\Windows\System32\TSMSISrv.dll\FILE:0001
2019-05-15 21:44:35.001 Disinfection not offered
2019-05-15 21:44:41.986 >>> Virus 'Mal/Generic-S' found in file C:\Windows\System32\TSMSISrv.dll
2019-05-15 21:44:41.986 >>> Virus 'Mal/Generic-S' found in file C:\Windows\System32\TSMSISrv.dll
2019-05-15 21:50:37.909 Could not open LOGICAL:0003:00000000
2019-05-15 21:50:37.929 Could not open D:\
2019-05-15 22:01:34.111 Could not open E:\pagefile.sys
2019-05-15 22:21:43.857 The following items will be cleaned up:
2019-05-15 22:21:43.857 Mal/Generic-S

Broni · May 16, 2019

Update your Java version here: https://www.java.com/en/download/manual.jsp
Alternate download: https://www.filehippo.com/search?q=java

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

=======================================

Your computer is clean https://www.bleepstatic.com/fhost/uploads/6/snag-0004.jpg[/URL]]

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.

TSemp · May 16, 2019

Updated Java, ran DelFix and then did the windows updates. But after restarting my pc for the updates, on start-up Windows Defender once again detected the same threat in the same file.

What's more, when starting Firefox (I checked for updates like you said in point 4, it seems everything's up to date) Malwarebytes real-time protection detected something. If it helps, this is what it found:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/16/19
Protection Event Time: 6:20 PM
Log File: 1be4caca-77ee-11e9-a4b8-4ccc6a4c3fbd.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10626
License: Trial

-System Information-
OS: Windows 10 (Build 17763.503)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain:
IP Address: 213.32.29.143
Port: [49845]
Type: Outbound
File: C:\Windows\Microsoft.NET\Framework\ntsync.exe

(end)

Broni · May 16, 2019

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

TSemp · May 16, 2019

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05.2019 01
Ran by Bogdan Placintescu (administrator) on BOGDANPC (MSI MS-7978) (16-05-2019 22:11:40)
Running from C:\Users\Bogdan Placintescu\Desktop
Loaded Profiles: Bogdan Placintescu (Available Profiles: Bogdan Placintescu & DefaultAppPool)
Platform: Windows 10 Pro Version 1809 17763.503 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19041.481.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Windows\Temp\AdAppMgrUpdater.exe
(Electronic Arts, Inc. -> Electronic Arts) E:\Origin\OriginWebHelperService.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\ntsync.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\snmp.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-20] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9280848 2018-06-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942936 2018-11-02] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => E:\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [4810288 2019-03-26] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [OGMgmmouseRun] => E:\Program Files (x86)\VENUS Gaming Mouse\ogmmon.exe [3386880 2014-05-19] () [File not signed]
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [636712 2018-12-01] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26183352 2018-08-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [598200 2018-06-06] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [ElectraV2Helper] => C:\Program Files (x86)\Razer\Razer_ElectraV2_Driver\Drivers\SysAudio\ElectraV2Helper.exe [1598920 2017-09-06] (Razer USA Ltd. -> Razer Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Bogdan Placintescu\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5933616 2019-03-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.157\Installer\chrmstp.exe [2019-05-14] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2018-09-19]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {049DB89C-BED6-440F-8D97-D1E19234E289} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197088 2019-05-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {0749FAB6-4D8F-4F67-9D68-362E95032A8A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0CA9D8A3-F45A-4668-89F8-56AA69E97E4A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {117FDA22-E32C-49E6-80DE-85CF33023755} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {11D6B867-12FD-4901-B62D-DA99BE179FCC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728752 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {137C7004-DDBA-4866-A8C7-29D2ACA89E9E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [814872 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {1B2867BE-A1AE-47E1-80CF-AE0710C7DA42} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {1C50C723-B142-474A-BAF4-4192658E0EF2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {1CDB4668-AFD2-4617-ADA9-E4B0A0C71A2D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-24] (Google Inc -> Google Inc.)
Task: {23219ADF-2F5F-4205-A96C-D7E40BCBA44D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {2992B113-725D-42FC-A539-2D148E1AA721} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194568 2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {344DD59A-C6D1-4F8B-859D-E1E65A59621A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {37D143A1-2D8E-4C47-B853-78AC768D6990} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648048 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3BF8EB1E-E448-4257-8CFD-D3540AB41E53} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe
Task: {441924ED-E9F9-446E-83DA-3F4676BB99B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {48800CE1-2DD6-4B0D-A620-067713456718} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194568 2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {4FE8007D-4740-4176-87B1-1C1AD8420766} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149456 2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {5024A0C1-4D2C-4872-84B9-86CA6C2D044C} - System32\Tasks\AdobeAAMUpdater-1.0-bogdanPC-Bogdan Placintescu => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {52227192-6BFA-4F16-969C-71E025C38BB3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {540D33E0-999D-45B7-B9CE-19A685E7AC0F} - System32\Tasks\{6C2DAB19-5AE6-4CF2-ACE0-D9ACD5B7025B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.27.0.101/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {56E7B2CB-4840-4B7E-A51A-FD5FFC79CA40} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe
Task: {58FBE838-DD1F-4945-A4A8-EAE0A5C82A51} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
Task: {5F560878-9FE7-4AF5-82D0-83021B3AE699} - System32\Tasks\AdobeGCInvoker-1.0-bogdanPC-Bogdan Placintescu => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {610CBD23-0965-4265-BFBF-3B0C68145A3E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {682081D8-468C-4ECB-81C4-9DFCCAFAA93C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {6B4CA342-1A05-4C92-8972-6F6CE7750032} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6C976C65-8DA2-4A59-9812-C6439A28E5FA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6F93F102-4493-4137-AEB6-8B6E70B35543} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
Task: {711214B8-2308-4A64-8C25-7DC5994328E0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6204768 2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {7703603A-EAF8-4D41-BC5A-02DEBC7BAC16} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149456 2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {7837183E-7A6B-4836-9C93-09BCFCD25C05} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {785A71E0-8465-4233-9550-9702335CC148} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {79DC6E9E-3670-404D-AD61-30C879584E32} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7B6B3B6A-E477-401A-B645-7497FD8C8D39} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7D52F601-9495-4FAD-920F-FC2932BCE113} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7F400141-E03A-4E7E-A982-D7125A7DEFF1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {80EEE903-282E-4A31-8BB0-7DEEE764B3D5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {82C041E8-23B9-4C85-AECE-CFB4D2349241} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {87FB8B61-BF99-4D34-B0AF-19A4D0EFC6A0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {9D80578F-07B6-43E6-91E4-A9FD8A484B7F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197088 2019-05-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FA8B9F6-1B53-4CDC-9BB0-02E0EA0EFBC3} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A7126541-41B8-4D26-9CA2-805B50027D62} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B4D01540-5D9A-4446-88E4-2E20BD53A078} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe
Task: {B6EB18B9-A3D3-489E-9D6D-186BA5835879} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {B9B3CAB9-5824-42E7-988A-2005F2E5CDFE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB7BB22A-4C82-4702-B23F-8F03FBBF621C} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe
Task: {BCC3BC14-12CD-4D0B-B9C6-289DCD711174} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6204768 2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {D0774F15-C380-483C-9D0B-0E44AC0439F4} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
Task: {DAD33619-2A1D-40A2-BBAF-93BA9B44D816} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-24] (Google Inc -> Google Inc.)
Task: {DDE04B2C-4CCE-49F7-855D-E017E31FD553} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E5E4E6C3-3F12-438D-A71D-253A3530894C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {E767AFBE-E2EC-4B5D-AEA4-1F3A867C1A5E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E955FE48-C989-4340-BB03-0082F5A24AA4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-14] (Adobe Inc. -> Adobe)
Task: {EE7BE730-A3B3-46D6-996C-B9B1F2D5AC2C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EFBF5E6B-A844-493C-9E3C-E16CC1CC66AB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EFF6A01B-018D-468F-B604-1FD29F173A93} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F26BFF45-13BA-4796-A7A7-D8BC3CFD8B7E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F506FF40-FC82-4E4F-95A0-6F66B5A2F1AA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FA625662-B852-4517-99CB-9B918776684C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{45fa98a1-19e2-4c6d-9215-399000172cfc}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-05-16] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-08-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-16] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-08-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-05-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-08-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-08-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-08-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-08-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-11] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1985958338-2759964917-1504332263-1000 -> hxxp://www.google.com/

FireFox:
========
FF DefaultProfile: aa1prl4p.default
FF ProfilePath: C:\Users\Bogdan Placintescu\AppData\Roaming\Mozilla\Firefox\Profiles\aa1prl4p.default [2019-05-16]
FF Session Restore: Mozilla\Firefox\Profiles\aa1prl4p.default -> is enabled.
FF Extension: (BetterTTV) - C:\Users\Bogdan Placintescu\AppData\Roaming\Mozilla\Firefox\Profiles\aa1prl4p.default\Extensions\firefox@betterttv.net.xpi [2018-02-27] [UpdateUrl:hxxps://nightdev.com/betterttv/firefox/updates.json]
FF Extension: (No Name) - C:\Users\Bogdan Placintescu\AppData\Roaming\Mozilla\Firefox\Profiles\aa1prl4p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-20]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-09-20]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2019-03-26] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-26] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default [2019-04-25]
CHR Extension: (Slides) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-10]
CHR Extension: (Docs) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-10]
CHR Extension: (Google Drive) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-24]
CHR Extension: (YouTube) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-24]
CHR Extension: (Adobe Acrobat) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-25]
CHR Extension: (Sheets) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-10]
CHR Extension: (Google Docs Offline) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-10]
CHR Extension: (Just Proxy VPN = hide IP + security + unblock) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojedkepkekklpjcgdfiahladdbopbooh [2019-02-27]
CHR Extension: (Gmail) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Bogdan Placintescu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1162616 2018-12-01] (Autodesk, Inc. -> Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-03-31] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11147264 2019-05-07] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-03-31] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [758552 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [719640 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-20] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2315960 2018-08-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2298688 2019-03-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [3171144 2019-03-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189776 2018-03-14] (Razer USA Ltd. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SNMP; C:\WINDOWS\System32\snmp.exe [53248 2018-12-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2252232 2018-09-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 hidkmdf; C:\WINDOWS\System32\drivers\hidkmdf.sys [23784 2016-10-07] (Wacom Technology Corporation -> Windows (R) Win 7 DDK provider)
S3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-09-15] (Microsoft Windows -> Qualcomm Atheros, Inc.)
S1 ldmdxsga; C:\WINDOWS\system32\drivers\ldmdxsga.sys [72816 2019-05-16] (Microsoft Corporation -> Microsoft Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2016-08-30] (Logitech Inc -> Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-08-30] (Logitech Inc -> Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-05-06] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-05-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-05-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-05-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [117344 2019-05-16] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bfe69934a6b764ef\nvlddmkm.sys [21672560 2019-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2016-11-30] (PAIPTAC Driver -> )
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44160 2018-03-14] (Razer USA Ltd. -> Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [140040 2018-03-20] (Razer USA Ltd. -> Razer, Inc.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 usbglcs1100302; C:\WINDOWS\system32\drivers\usbglcs1100302.sys [25600 2014-06-11] (Windows (R) Win 7 DDK provider) [File not signed]
S3 VaneFltr; C:\WINDOWS\system32\drivers\Lachesis.sys [30336 2007-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Razer (Asia-Pacific) Pte Ltd)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-04-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344544 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

TSemp · May 16, 2019

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-16 22:11 - 2019-05-16 22:12 - 000042035 _____ C:\Users\Bogdan Placintescu\Desktop\FRST.txt
2019-05-16 22:11 - 2019-05-16 22:11 - 002434560 _____ (Farbar) C:\Users\Bogdan Placintescu\Desktop\FRST64.exe
2019-05-16 18:20 - 2019-05-16 18:20 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ldmdxsga.sys
2019-05-16 18:19 - 2019-05-16 18:19 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-05-16 18:19 - 2019-05-16 18:19 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-05-16 18:19 - 2019-05-16 18:19 - 000117344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-05-16 18:19 - 2019-05-16 18:19 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-05-16 18:19 - 2019-05-16 18:19 - 000015360 _____ () C:\WINDOWS\system32\tlpless.dll
2019-05-16 18:17 - 2019-05-16 18:17 - 000003668 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2019-05-16 18:16 - 2019-05-16 18:17 - 000001281 _____ C:\DelFix.txt
2019-05-16 18:16 - 2019-05-16 18:16 - 000000000 ____D C:\WINDOWS\ERUNT
2019-05-16 18:14 - 2019-05-16 18:14 - 026807808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 023438848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 020814848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 019022336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 007879680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 007645384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 006440960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 006309040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 006072320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 005498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 004660736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 003905536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-16 18:14 - 2019-05-16 18:14 - 003602944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 003557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 003363856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-16 18:14 - 2019-05-16 18:14 - 002780000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 002708480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-16 18:14 - 2019-05-16 18:14 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-16 18:14 - 2019-05-16 18:14 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 001860096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 001760768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 001699496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-16 18:14 - 2019-05-16 18:14 - 001641616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 001470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 001395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 001342608 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-16 18:14 - 2019-05-16 18:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 001290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 001253904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 001225728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-16 18:14 - 2019-05-16 18:14 - 001179680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 001062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 001048376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000895792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000807464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000660992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000586280 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-05-16 18:14 - 2019-05-16 18:14 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 000508432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000449376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000444944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000317240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-05-16 18:14 - 2019-05-16 18:14 - 000254952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-16 18:14 - 2019-05-16 18:14 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-16 18:14 - 2019-05-16 18:14 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-16 18:14 - 2019-05-16 18:14 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000202768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-16 18:14 - 2019-05-16 18:14 - 000201016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-16 18:14 - 2019-05-16 18:14 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-16 18:14 - 2019-05-16 18:14 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-16 18:14 - 2019-05-16 18:14 - 000179728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-16 18:14 - 2019-05-16 18:14 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000177976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-16 18:14 - 2019-05-16 18:14 - 000163240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000147736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000121656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-05-16 18:14 - 2019-05-16 18:14 - 000090640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000080184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-16 18:14 - 2019-05-16 18:14 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-16 18:14 - 2019-05-16 18:14 - 000066688 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000055792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-16 18:14 - 2019-05-16 18:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-05-16 18:14 - 2019-05-16 18:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-05-16 18:14 - 2019-05-16 18:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-05-16 18:14 - 2019-05-16 18:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-05-16 18:14 - 2019-05-16 18:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-05-16 18:14 - 2019-05-16 18:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-05-16 18:14 - 2019-05-16 18:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-05-16 18:14 - 2019-05-16 18:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-05-16 18:14 - 2019-05-16 18:14 - 000000000 ____D C:\Program Files (x86)\Java
2019-05-16 18:13 - 2019-05-16 18:13 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2019-05-16 18:13 - 2019-05-16 18:13 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2019-05-16 18:13 - 2019-05-16 18:13 - 000000000 ____D C:\Program Files\Java
2019-05-15 21:42 - 2019-05-15 22:02 - 000000000 ____D C:\ProgramData\RogueKiller
2019-05-15 21:42 - 2019-05-15 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-05-15 21:42 - 2019-05-15 21:42 - 000000000 ____D C:\Program Files\RogueKiller
2019-05-11 21:36 - 2019-05-07 22:56 - 011051912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 009486536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 000552328 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 000457096 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-05-11 21:36 - 2019-05-07 22:56 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-05-11 21:36 - 2019-05-07 22:56 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-05-11 21:36 - 2019-05-07 22:56 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-05-11 21:36 - 2019-05-07 22:56 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-05-11 21:36 - 2019-05-07 22:55 - 002039688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-05-11 21:36 - 2019-05-07 22:55 - 001470856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-05-11 21:36 - 2019-05-07 22:55 - 001134016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-05-11 21:36 - 2019-05-07 22:55 - 000821152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-05-11 21:36 - 2019-05-07 22:55 - 000675416 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-05-11 21:36 - 2019-05-07 22:55 - 000631232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-05-11 21:36 - 2019-05-07 22:55 - 000541656 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-05-11 21:36 - 2019-05-07 22:55 - 000521472 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 040412760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 035270232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 020187904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 017465512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 005421960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 004758728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 001721600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443064.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 001540488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 001467648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443064.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 001162448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 000911616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 000808840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-05-11 21:36 - 2019-05-07 22:54 - 000654080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-05-08 18:37 - 2019-05-15 17:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-05-07 00:27 - 2019-05-07 22:23 - 000000000 ____D C:\Users\Bogdan Placintescu\Desktop\Crest
2019-05-06 01:13 - 2019-05-16 22:11 - 000000000 ____D C:\FRST
2019-05-06 00:40 - 2019-05-06 00:40 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-05-06 00:40 - 2019-05-06 00:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-06 00:40 - 2019-05-06 00:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-06 00:40 - 2019-05-06 00:40 - 000000000 ____D C:\Program Files\Malwarebytes
2019-05-06 00:40 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-05-06 00:40 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-05 18:35 - 2019-05-05 18:35 - 000000000 ____D C:\WINDOWS\Panther
2019-05-05 16:00 - 2019-05-05 16:00 - 000000000 ____D C:\ProgramData\Sophos
2019-05-05 16:00 - 2019-05-05 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2019-05-05 16:00 - 2019-05-05 16:00 - 000000000 ____D C:\Program Files (x86)\Sophos
2019-05-05 13:16 - 2019-05-05 13:16 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\mbamtray
2019-05-05 13:16 - 2019-05-05 13:16 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\mbam
2019-05-04 15:22 - 2019-05-04 15:22 - 012844032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 012140032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 005296640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 003406848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 002701512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 002205184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001674696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001653760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001467552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001219640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000806600 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-04 15:22 - 2019-05-04 15:22 - 000806600 _____ C:\WINDOWS\system32\locale.nls
2019-05-04 15:22 - 2019-05-04 15:22 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000780632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000725696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2019-05-04 15:22 - 2019-05-04 15:22 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000676256 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000638376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2019-05-04 15:22 - 2019-05-04 15:22 - 000553656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000514632 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000454160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-05-04 15:22 - 2019-05-04 15:22 - 000451080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-05-04 15:22 - 2019-05-04 15:22 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000280592 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000157200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000146744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqmigplugin.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000129848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000109568 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-05-04 15:22 - 2019-05-04 15:22 - 000086960 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-05-04 15:22 - 2019-05-04 15:22 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2019-04-24 21:45 - 2019-05-07 22:51 - 004340120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-04-24 21:45 - 2019-04-18 20:02 - 001722064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443039.dll
2019-04-24 21:45 - 2019-04-18 20:02 - 001467648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443039.dll
2019-04-24 21:45 - 2019-04-18 02:25 - 000046848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-04-23 05:19 - 2019-04-10 17:52 - 001734288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6442531.dll
2019-04-23 05:19 - 2019-04-10 17:52 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6442531.dll
2019-04-21 03:05 - 2019-04-21 03:06 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Skyrim

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-16 22:11 - 2016-11-18 23:48 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\LocalLow\Mozilla
2019-05-16 22:01 - 2018-09-15 10:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-16 21:47 - 2016-10-30 20:59 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\WTablet
2019-05-16 19:19 - 2016-09-22 21:24 - 000000000 ____D C:\ProgramData\Autodesk
2019-05-16 18:25 - 2018-12-31 00:43 - 000972156 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-16 18:25 - 2018-09-15 10:31 - 000000000 ____D C:\WINDOWS\INF
2019-05-16 18:22 - 2018-09-15 09:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-05-16 18:21 - 2017-08-06 10:51 - 000000000 ____D C:\ProgramData\NVIDIA
2019-05-16 18:19 - 2019-04-02 00:09 - 000006144 _____ () C:\WINDOWS\system32\libntsc1.dll
2019-05-16 18:19 - 2018-12-31 00:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-16 18:19 - 2018-12-31 00:25 - 000495976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-16 18:18 - 2018-09-15 10:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-16 18:18 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-16 18:18 - 2018-09-15 09:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-05-16 18:15 - 2018-09-15 10:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-16 18:14 - 2016-12-10 14:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-05-16 18:10 - 2018-09-15 10:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-16 18:10 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-15 23:55 - 2016-09-22 21:51 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Battle.net
2019-05-15 21:39 - 2018-12-31 00:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-15 18:00 - 2018-12-31 00:39 - 000003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 18:00 - 2018-12-31 00:39 - 000003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-15 17:46 - 2016-09-22 19:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-14 23:32 - 2016-09-24 12:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 23:30 - 2016-09-24 12:43 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-14 23:26 - 2016-10-24 12:43 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-14 23:25 - 2018-12-31 00:39 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-05-14 23:25 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-05-14 23:25 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-05-14 00:23 - 2018-09-15 10:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-14 00:23 - 2018-09-15 10:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-11 21:38 - 2016-09-22 22:04 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\NVIDIA
2019-05-11 01:13 - 2017-03-26 12:58 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\discord
2019-05-11 00:01 - 2018-09-15 10:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-05-11 00:00 - 2016-09-30 16:12 - 000000000 ____D C:\Program Files\Microsoft Office
2019-05-10 20:35 - 2018-05-13 21:36 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\D3DSCache
2019-05-10 20:35 - 2018-01-26 16:10 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Personify
2019-05-09 21:15 - 2016-09-25 12:13 - 000000000 ____D C:\Program Files (x86)\Overwatch
2019-05-08 19:00 - 2016-09-22 19:08 - 000001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-07 22:51 - 2018-12-14 20:44 - 005085152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-05-07 22:47 - 2016-09-22 21:51 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-05-06 22:16 - 2016-09-23 01:01 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\CrashDumps
2019-05-06 08:35 - 2018-12-14 20:44 - 000052319 _____ C:\WINDOWS\system32\nvinfo.pb
2019-05-06 05:43 - 2017-08-06 10:51 - 005432176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-05-06 05:43 - 2017-08-06 10:51 - 002637808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-05-06 05:43 - 2017-08-06 10:51 - 001767736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-05-06 05:43 - 2017-08-06 10:51 - 000651248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-05-06 05:43 - 2017-08-06 10:51 - 000450416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-05-06 05:43 - 2017-08-06 10:51 - 000125424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-05-06 05:43 - 2017-08-06 10:51 - 000082984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-05-06 00:40 - 2018-09-15 10:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-06 00:03 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-05-05 20:13 - 2016-09-22 23:41 - 000000000 ___RD C:\Users\Bogdan Placintescu\OneDrive
2019-05-05 20:12 - 2016-09-30 17:38 - 000000000 ____D C:\ProgramData\Apple
2019-05-05 20:12 - 2016-09-30 17:38 - 000000000 ____D C:\Program Files\Common Files\Apple
2019-05-05 15:25 - 2017-12-11 14:02 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Packages
2019-05-05 15:25 - 2016-12-25 13:50 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\Samsung
2019-05-05 15:25 - 2016-12-25 13:50 - 000000000 ____D C:\Program Files (x86)\Samsung
2019-05-05 15:25 - 2016-09-22 22:08 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-05-05 15:23 - 2017-10-19 16:36 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\Visual Studio Setup
2019-05-05 15:23 - 2017-10-19 16:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-05-05 15:22 - 2018-12-31 10:15 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-05-05 14:49 - 2016-09-22 17:34 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\ElevatedDiagnostics
2019-05-05 12:53 - 2017-08-06 10:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-05-04 23:01 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-04 23:01 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-04 23:01 - 2018-09-15 10:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-04-27 18:54 - 2019-03-31 21:44 - 000000000 ____D C:\Users\Bogdan Placintescu\Documents\Gaem 2.0
2019-04-27 18:54 - 2019-03-31 21:38 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Unity
2019-04-27 18:53 - 2019-03-31 21:38 - 000000000 ____D C:\ProgramData\Unity
2019-04-25 22:45 - 2017-08-06 10:51 - 008571382 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-04-25 22:03 - 2019-04-13 14:48 - 000000000 ____D C:\Users\Bogdan Placintescu\Documents\BotaniculaSaves
2019-04-25 00:11 - 2017-08-06 10:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-04-24 21:45 - 2016-09-22 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-04-23 22:04 - 2018-02-25 04:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-23 21:28 - 2016-09-22 21:51 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Blizzard Entertainment
2019-04-23 05:15 - 2018-12-31 00:39 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2018-12-31 00:39 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-23 05:15 - 2017-08-06 10:50 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-04-21 03:05 - 2016-10-06 15:04 - 000000000 ____D C:\Users\Bogdan Placintescu\Documents\My Games
2019-04-21 01:48 - 2017-12-13 22:38 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\obs-studio
2019-04-21 01:47 - 2019-01-17 09:54 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\vlc
2019-04-18 23:59 - 2017-09-14 16:55 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2019-04-18 23:59 - 2017-09-14 16:55 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2019-04-18 02:25 - 2018-12-14 20:44 - 001682368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2019-04-18 02:25 - 2018-12-14 20:44 - 000228608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2019-04-17 22:43 - 2017-07-21 14:20 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Ubisoft Game Launcher

==================== Files in the root of some directories =======

2019-05-16 20:45 - 2019-05-16 20:45 - 000000000 _____ () C:\Users\Bogdan Placintescu\AppData\Local\oobelibMkey.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

TSemp · May 16, 2019

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05.2019 01
Ran by Bogdan Placintescu (16-05-2019 22:12:34)
Running from C:\Users\Bogdan Placintescu\Desktop
Windows 10 Pro Version 1809 17763.503 (X64) (2018-12-30 21:39:31)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1985958338-2759964917-1504332263-500 - Administrator - Disabled)
Bogdan Placintescu (S-1-5-21-1985958338-2759964917-1504332263-1000 - Administrator - Enabled) => C:\Users\Bogdan Placintescu
DefaultAccount (S-1-5-21-1985958338-2759964917-1504332263-503 - Limited - Disabled)
Guest (S-1-5-21-1985958338-2759964917-1504332263-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1985958338-2759964917-1504332263-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\uTorrent) (Version: 3.5.3.44428 - BitTorrent Inc.)
1310 (HKLM-x32\...\{76A9FB3A-D7AB-4C8C-8C49-3CFDBF2D6C2D}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
1310_Help (HKLM-x32\...\{6D4553DF-2095-4D10-92C0-17934733B51D}) (Version: 82.0.58.000 - Hewlett-Packard) Hidden
1310Trb (HKLM-x32\...\{6D7E031C-4C05-4265-854A-FE9FDEA9984D}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.010.20100 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe Audition CC 2019 (HKLM-x32\...\AUDT_12_0_1) (Version: 12.0.1 - Adobe Systems Incorporated)
Adobe Bridge CC 2019 (HKLM-x32\...\KBRG_9_0_2) (Version: 9.0.2 - Adobe Systems Incorporated)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_6) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.1.435 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.192 - Adobe)
Adobe Illustrator CC 2019 (HKLM-x32\...\ILST_23_0_2) (Version: 23.0.2 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_8_2) (Version: 8.2 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2019 (HKLM-x32\...\AME_13_0_2) (Version: 13.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_3) (Version: 20.0.3 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2019 (HKLM-x32\...\PPRO_13_0_3) (Version: 13.0.3 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (HKLM-x32\...\{D5045A94-1D46-44A7-9C4F-7D05B40D82EC}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM-x32\...\{2DFDE21D-AFFE-4CDD-BBD4-3B7832BEC036}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Allegorithmic Substance Painter 2018.1.2 (HKLM\...\{33C3E9E2-0675-4196-9019-28AB9C5E9BB0}_is1) (Version: 2018.1.2 - Allegorithmic)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Autodesk Certificate Package (x64) - 5.1.4 (HKLM\...\{79D5E475-5EAB-4474-84F5-BD612337A175}) (Version: 5.1.4.100 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.12.84 - Autodesk)
Autodesk License Service (x64) - 5.1.5 (HKLM\...\{3609A8D9-FC0C-4C9B-9F58-0B1D1A4FE556}) (Version: 5.1.5.0 - Autodesk)
Autodesk Maya 2018 (HKLM\...\{8502EAAD-CC62-498D-9C8D-CB5632762A61}) (Version: 18.5.0.7880 - Autodesk) Hidden
Autodesk Maya 2018 (HKLM\...\Autodesk Maya 2018) (Version: 18.5.0.7880 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bifrost for Maya 2018 (HKLM\...\{2CA9DC72-AB13-4FCE-ADE1-B20DED59D7FA}) (Version: 1.5.5.0 - Autodesk)
Bifrost for Maya 2018 1.5.5.0 (HKLM\...\Bifrost for Maya 2018) (Version: - )
Bifrost to Arnold for Maya 2018 1.5.0 Arnold-5.0.0.0 (HKLM\...\BifrostToArnold for Maya 2018 1.5.0 Arnold-5.0.0.0) (Version: 0.3.0.0 - Autodesk)
BifrostToArnold for Maya 2018 1.5.0 Arnold-5.0.0.0 (HKLM\...\{23779D18-6AD1-449E-AC36-F16D501230FE}) (Version: 0.3.0.0 - Autodesk) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
ChromaCam (remove only) (HKLM-x32\...\ChromaCam) (Version: 2.2.1.14 - Personify, Inc.)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Destiny 2 (HKLM-x32\...\Destiny 2) (Version: - Blizzard Entertainment)
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Discord (HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 425.31 - NVIDIA Corporation) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.157 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1068 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
iTunes (HKLM\...\{0019B70B-02B6-486A-A582-A99AB68F6C9D}) (Version: 12.9.3.3 - Apple Inc.)
Java 8 Update 211 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11601.20178 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - ro-ro (HKLM\...\ProPlusRetail - ro-ro) (Version: 16.0.11601.20178 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 66.0.5 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.5 (x64 en-US)) (Version: 66.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 66.0.5.7066 - Mozilla)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.39 - MSI)
MtoA for Maya 2018 (HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\MtoA2018) (Version: 3.1.1.1 - Solid Angle)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.18.0.102 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.18.0.102 - NVIDIA Corporation)
NVIDIA Graphics Driver 430.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 430.64 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11601.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11601.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11601.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0418-1000-0000000FF1CE}) (Version: 16.0.11601.20178 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.36.23506 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{2f92ca61-4ea7-462a-a74d-831fab9238e8}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.20.606 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8470 - Realtek Semiconductor Corp.)
RogueKiller version 13.2.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.0.0 - Adlice Software)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype version 8.42 (HKLM-x32\...\Skype_is1) (Version: 8.42 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
SPORE™ Creepy & Cute Parts Pack (HKLM-x32\...\{4BDCC41C-FFE7-40a4-BCB6-B558916868F7}_SPORE(TM) Creepy & Cute Parts Pack) (Version: 1.0.0.0 - Electronic Arts)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Twitch (HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Unity (HKLM-x32\...\Unity) (Version: 2018.3.12f1 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
UtechSmart 16400DPI VENUS Gaming Mouse version 1.1 (HKLM-x32\...\{5A0E98CD-3E42-4FA9-BA70-3EEFA31F67CE}_is1) (Version: 1.1 - UtechSmart)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.31-4 - Wacom Technology Corp.)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-01-17] (Adobe Systems Incorporated)
Adobe XD CC -> C:\Program Files\WindowsApps\Adobe.CC.XD_16.0.2.8_x64__adky2gkssdxte [2019-02-23] (Adobe Systems Incorporated)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_95.1.531.0_x64__v10z8vjag6ke6 [2019-03-19] (HP Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1985958338-2759964917-1504332263-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-2AC715432C9E} -> [Creative Cloud Files] => C:\Users\Bogdan Placintescu\Creative Cloud Files [2016-12-08 21:44]
CustomCLSID: HKU\S-1-5-21-1985958338-2759964917-1504332263-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-08-20 18:55 - 2005-07-18 13:43 - 000160256 _____ () [File not signed] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2019-05-16 18:19 - 2019-05-16 18:19 - 000015360 _____ () [File not signed] C:\WINDOWS\System32\tlpless.dll
2019-04-01 23:58 - 2019-04-01 23:58 - 000586752 _____ (DRM Technologies) [File not signed] C:\WINDOWS\Microsoft.NET\Framework\VERSION.dll
2019-04-01 23:58 - 2019-04-01 23:58 - 000586752 _____ (DRM Technologies) [File not signed] C:\WINDOWS\System32\msfte.dll
2011-08-18 01:29 - 2011-08-18 01:29 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2017-07-17 12:42 - 2017-08-23 17:48 - 001548288 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] E:\Origin\LIBEAY32.dll
2017-07-17 12:42 - 2017-08-23 17:49 - 000395776 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] E:\Origin\ssleay32.dll
2017-07-17 12:42 - 2018-04-10 16:01 - 001611264 _____ (The Qt Company Ltd) [File not signed] E:\Origin\platforms\qwindows.dll
2017-07-17 12:42 - 2018-04-10 16:02 - 005487104 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Core.dll
2017-07-17 12:42 - 2018-04-10 16:02 - 005841920 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Gui.dll
2017-07-17 12:42 - 2018-04-10 16:02 - 001177600 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Network.dll
2017-07-17 12:42 - 2018-04-10 16:02 - 005089792 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Widgets.dll
2017-07-17 12:42 - 2018-04-10 16:02 - 000184832 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ldmdxsga.sys:changelist [562]
AlternateDataStreams: C:\Users\Bogdan Placintescu\Desktop\Diploma SAE anul 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [97]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-11-03 20:45 - 2016-12-08 21:47 - 000000959 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1
127.0.0.1
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc64"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc32"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "ElectraV2Helper"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "T1gmmouseRun"
HKLM\...\StartupApproved\Run32: => "OGMgmmouseRun"
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-1985958338-2759964917-1504332263-1000\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"

==================== FirewallRules (Whitelisted) ===============

Solved Trojan Occamy

Posts: 67 +0

Attachments

Posts: 56,041 +516

Posts: 67 +0

Posts: 56,041 +516

Posts: 67 +0

Posts: 56,041 +516

Posts: 67 +0

Posts: 56,041 +516

Posts: 67 +0

Posts: 67 +0

Posts: 67 +0

Posts: 67 +0

Posts: 56,041 +516

Attachments

Posts: 67 +0

Posts: 67 +0

Posts: 56,041 +516

Posts: 67 +0

Posts: 67 +0

Posts: 67 +0

Posts: 56,041 +516

Posts: 67 +0

Posts: 56,041 +516

Posts: 67 +0

Posts: 67 +0

Posts: 67 +0

Similar threads