Solved Avira engine unable to load. Also Steam and GeForce.

madmichael

TS Rookie
I could use some help removing whatever has infected my PC. Thank you.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by mkemi (administrator) on DESKTOP-DPRKO66 (11-04-2019 22:27:12)
Running from C:\Users\mkemi\Downloads
Loaded Profiles: mkemi & (Available Profiles: mkemi)
Platform: Windows 10 Home Version 1803 17134.706 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\MsMpEng.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\NisSrv.exe
Failed to access process -> Avira.ServiceHost.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AsSysLevelUpSrc.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AsToastHelper.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_SysMode.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AEGIS II\Lighting\AudioDetect.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AlertService.exe
(ASUSTeK Computer Inc. -> ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AEGIS II\Lighting\CheckCD_RomLighting.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe
() [File not signed] C:\Program Files (x86)\ASUS\AEGIS II\Boost Launcher\BLMonitor.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS Cloud Corporation) [File not signed] C:\Program Files (x86)\ASUS\WebStorage\2.2.9.564\AsusWSWinService.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) INTELNPG1 -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Solute GmbH -> Avira) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8498392 2015-07-17] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.9.564\ASUSWSLoader.exe [63968 2016-06-21] (ASUS Cloud Corporation -> ASUS Cloud Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2019-03-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [323632 2018-12-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [{33789076-9ec9-4866-b174-19596d6375c1}] => C:\ProgramData\Package Cache\{33789076-9ec9-4866-b174-19596d6375c1}\Avira.OE.Setup.Bundle.exe [1301536 2019-03-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212125671\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212125936\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126186\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1156727377-108329867-495008690-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3200800 2018-05-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-1156727377-108329867-495008690-1001\...\MountPoints2: {b145cdff-60ef-11e8-8586-74c63b85a06c} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3200800 2018-05-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561\...\MountPoints2: {b145cdff-60ef-11e8-8586-74c63b85a06c} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-25] (Google LLC -> Google Inc.)
Startup: C:\Users\mkemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HoloView-Assist.lnk [2019-03-07]
ShortcutTarget: HoloView-Assist.lnk -> C:\Program Files (x86)\HoloView\HoloAssist\HoloAssist.exe () [File not signed]
Startup: C:\Users\mkemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-11-02]
ShortcutTarget: Twitch.lnk -> C:\Users\mkemi\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
 

madmichael

TS Rookie
==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\..\Interfaces\{202f028a-b23c-4903-ac86-2fc67bd7fb1b}: [DhcpNameServer] 192.168.29.1
Tcpip\..\Interfaces\{7d9bc57d-f8fe-4081-8bc7-442016876ab1}: [DhcpNameServer] 192.168.29.1

Internet Explorer:
==================
HKU\S-1-5-21-1156727377-108329867-495008690-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-03-07] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-03-07] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\mkemi\AppData\Roaming\Mozilla\Firefox\Profiles\dkrW6LAU.default [2018-08-13]
FF Extension: (Avira Browser Safety) - C:\Users\mkemi\AppData\Roaming\Mozilla\Firefox\Profiles\dkrW6LAU.default\Extensions\abs@avira.com [2018-08-13] [hxxps://download.avira.com/package/absnooffers/firefox/update_webext_no_offers.rdf]
FF Extension: (Avira Password Manager) - C:\Users\mkemi\AppData\Roaming\Mozilla\Firefox\Profiles\dkrW6LAU.default\Extensions\passwordmanager@avira.com [2018-08-13] [hxxps://s3.eu-central-1.amazonaws.com/avira-pwm-extensions/update.rdf]
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-03-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-03-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-03-17] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-03-17] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1156727377-108329867-495008690-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\mkemi\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-10-08] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1156727377-108329867-495008690-1001: LWAPlugin15.8 -> C:\Users\mkemi\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561: @zoom.us/ZoomVideoPlugin -> C:\Users\mkemi\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-10-08] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561: LWAPlugin15.8 -> C:\Users\mkemi\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\mkemi\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2019-01-09]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://crunchbang.org/start/"
CHR NewTab: Default -> Active:"chrome-extension://jdpnljppdhjpafeaokemhcggofohekbp/tabpage.html"
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> lp
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default [2019-04-11]
CHR Extension: (Slides) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-28]
CHR Extension: (Entanglement Web App) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2018-03-29]
CHR Extension: (Docs) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-28]
CHR Extension: (Google Drive) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-28]
CHR Extension: (ColorZilla) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2018-03-29]
CHR Extension: (YouTube) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-28]
CHR Extension: (Honey) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-04-08]
CHR Extension: (Google Cast) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2019-04-11]
CHR Extension: (HelloFax) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2019-03-01]
CHR Extension: (JSONView) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2018-03-29]
CHR Extension: (uBlock Origin) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-04-08]
CHR Extension: (WhatRuns) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmkdbmfndkfgebldhnkbfhlneefdaaip [2018-07-28]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2018-09-08]
CHR Extension: (jQuery Debugger) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhhnnnpaeobfddmlalhnehgclcmjimi [2018-03-29]
CHR Extension: (Magneto Calendar) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjdgofdpjeiphcnejhjfnabhcooeblj [2018-03-29]
CHR Extension: (jQuery Audit) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhnpbajdcgdmbbcoakfhmfgmemlncjg [2018-03-29]
CHR Extension: (cast player) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dionggdmdobjjolppiiejleechniphok [2019-03-15]
CHR Extension: (Copy All Urls) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\djdmadneanknadilpjiknlnanaolmbfk [2018-03-29]
CHR Extension: (B.S. Detector) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlcgkekjiopopabcifhebmphmfmdbjod [2018-03-29]
CHR Extension: (Dropbox for Gmail) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2019-02-09]
CHR Extension: (Adobe Acrobat) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-02]
CHR Extension: (Nitrous) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdcneeepllhjlbejkfnaolelbpdacai [2018-03-29]
CHR Extension: (Deb.js) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\egmeoknjmgikkkcdicmajkbkmkcmbiah [2018-03-29]
CHR Extension: (JavaScript Editor) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhkeonpomkliaedmafeniofidolfmdd [2018-03-29]
CHR Extension: (Collavate - Workflow/ECM & Enterprise Social) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\feabbfjgiecneijbnmfileadcjfmbbpb [2018-03-29]
CHR Extension: (Sheets) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-28]
CHR Extension: (Tracking Time | Button) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fglmkdhomaklnckgbjfnfmbfmlkjippg [2019-02-10]
CHR Extension: (Avira Browser Safety) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2019-03-19]
CHR Extension: (EditThisCookie) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2018-12-02]
CHR Extension: (PDF Compressor - Smallpdf.com) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gealeehfjeflamgnohlhabaefbfjfjgc [2018-03-29]
CHR Extension: (Website IP) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmhlgniedlklkpimlibbaoomlpacmk [2018-03-29]
CHR Extension: (Google Docs Offline) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Keypress Editor) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghfooiajeobmcfhmajcblmompfdehnli [2018-03-29]
CHR Extension: (Inbox by Gmail) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkljgfmjocfalijkgoogmfffkhmkbgol [2018-03-29]
CHR Extension: (OneNote Web Clipper) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojbdfnpnhogfdgjbigejoaolejmgdhk [2018-06-21]
CHR Extension: (Yast - The World's Easiest Time Tracker) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gokleigpmoameleoajncmkmajedgfgbk [2018-03-29]
CHR Extension: (Pinterest Save Button) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-04-08]
CHR Extension: (Wappalyzer) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2019-03-28]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-03-21]
CHR Extension: (Website Code Generators by WebCodeTools.com) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiekdllknpjfplfdejdbajoahehmkogk [2018-03-29]
CHR Extension: (feedly) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2018-03-29]
CHR Extension: (Eye Dropper) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2018-03-29]
CHR Extension: (Crackle) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2018-03-29]
CHR Extension: (The Top Inbox for Gmail) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhapcklhkanndjbdnhichfmolhiaekg [2018-09-15]
CHR Extension: (Kami - PDF and Document Annotation) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljojpiodmlhoehoecppliohmplbgeij [2018-09-15]
CHR Extension: (Be Limitless) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpnljppdhjpafeaokemhcggofohekbp [2018-03-29]
CHR Extension: (SingleFile Core) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma [2018-03-29]
CHR Extension: (Slack) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeogkiiogjbmhklcnbgkdcjoioegiknm [2018-03-29]
CHR Extension: (Page Ruler) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2018-03-29]
CHR Extension: (Clear Cache Shortcut) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnajhcakejgchhbjlchkfmdidgjefleg [2018-03-29]
CHR Extension: (LiveReload) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnihajbhpnppcggbcgedagnkighmdlei [2018-03-29]
CHR Extension: (Any.do Extension) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2019-02-26]
CHR Extension: (Usersnap Classic - Collect feedback & bugs) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\khehmhbaabkepkojebhcpjifcmojdmgd [2018-09-15]
CHR Extension: (Window Resizer) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2019-03-15]
CHR Extension: (JSBeautify for Google Chrome™) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkioiolcacgoihiiekambdciinadbpfk [2018-03-29]
CHR Extension: (The Great Suspender) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2018-03-29]
CHR Extension: (Tabs saver) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmabfaomlcjlnplkoflgenkmmpilmead [2018-03-29]
CHR Extension: (TrackingTime | Time Tracker) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\knailkjkjcfegledhjhcfacdngnicimb [2018-03-29]
CHR Extension: (Google Hangouts) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2019-03-29]
CHR Extension: (Evernote Web) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2018-03-29]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2019-04-09]
CHR Extension: (CSS Dig) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpnhmlhomomelfkcjnkcacofhmggjmco [2018-03-29]
CHR Extension: (Poppit!) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2018-03-29]
CHR Extension: (Boomerang for Gmail) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2018-09-15]
CHR Extension: (Save to Google) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\meoeeoaohbmgbocpdpnjklmfmjjagkkf [2018-08-17]
CHR Extension: (BrowserStack Local) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfiddfehmfdojjfdpfngagldgaaafcfo [2019-04-10]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2019-03-10]
CHR Extension: (SingleFile) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle [2019-04-11]
CHR Extension: (Google Hangouts) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2019-03-29]
CHR Extension: (Wikibuy) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2019-04-10]
CHR Extension: (YSlow) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkgllmakh [2018-05-11]
CHR Extension: (BrowserStack) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkihdmlheodkdfojglpcjjmioefjahjb [2018-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2018-03-29]
CHR Extension: (Check My Links) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkcdipcgfaekbeaelaapakgnjflfglf [2019-02-09]
CHR Extension: (Phone to Chrome) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojoecolejmnhkgafjnieigpjhgmpllnn [2019-03-02]
CHR Extension: (Palette Creator) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod [2018-10-06]
CHR Extension: (LocalGalleryViewerExtension) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\opheklanmaieaeneebdohfpbjkhcgilk [2018-03-29]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2019-03-19]
CHR Extension: (Gmail) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-28]
CHR Extension: (BugHerd: Visual Feedback Tool for Websites) - C:\Users\mkemi\AppData\Local\Google\Chrome\User Data\Default\Extensions\popigpemobhbfkhnnkllkjgkaabedgpb [2019-04-10]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [893008 2019-02-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [314264 2019-02-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [248312 2019-02-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [248312 2019-02-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1191152 2019-02-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2016-10-13] (ASUSTeK Computer Inc. -> )
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.9.564\AsusWSWinService.exe [75264 2016-06-21] (ASUS Cloud Corporation) [File not signed]
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [455424 2019-03-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2979032 2018-12-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [367696 2019-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [104752 2019-03-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-09-28] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-02-08] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 HoloService; C:\Program Files (x86)\HoloView\HoloService\HoloService.exe [118784 2017-11-25] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-05-26] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782320 2019-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782320 2019-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [281536 2017-12-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\NisSrv.exe [3856504 2019-04-08] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MsMpEng.exe [113992 2019-04-08] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] (ASUSTeK Computer Inc. -> )
R0 assdv2; C:\WINDOWS\System32\DRIVERS\assdv2.sys [30040 2015-09-07] (ASUSTeK Computer Inc. -> ASUS)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [25944 2016-08-25] (ASUSTeK Computer Inc. -> )
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [75432 2019-02-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-02-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [188008 2019-02-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [175104 2019-02-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-02-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-02-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-02-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [303712 2019-02-04] (Bluestack Systems, Inc. -> Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-04-10] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-04-11] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-04-11] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-11] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-04-11] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaki.inf_amd64_cfbb6c5c29fbbd76\nvlddmkm.sys [20746632 2019-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-02-26] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [756672 2017-12-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2018-04-11] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [8009040 2017-12-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343520 2019-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [68576 2019-04-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

madmichael

TS Rookie
==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-11 22:27 - 2019-04-11 22:28 - 000038214 _____ C:\Users\mkemi\Downloads\FRST.txt
2019-04-11 22:26 - 2019-04-11 22:26 - 000000000 ____D C:\Users\mkemi\Downloads\FRST-OlderVersion
2019-04-11 22:25 - 2019-04-11 22:27 - 000000000 ____D C:\FRST
2019-04-11 22:23 - 2019-04-11 22:26 - 002434048 _____ (Farbar) C:\Users\mkemi\Downloads\FRST64.exe
2019-04-11 21:20 - 2019-04-11 21:20 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-04-11 21:20 - 2019-04-11 21:20 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-04-11 21:20 - 2019-04-11 21:20 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-04-10 22:38 - 2019-04-10 22:38 - 000000000 ____D C:\Users\mkemi\AppData\Local\mbam
2019-04-10 22:37 - 2019-04-11 21:19 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-10 22:37 - 2019-04-10 22:37 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-04-10 22:37 - 2019-04-10 22:37 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-10 22:37 - 2019-04-10 22:37 - 000000000 ____D C:\Users\mkemi\AppData\Local\mbamtray
2019-04-10 22:37 - 2019-04-10 22:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-10 22:37 - 2019-04-10 22:37 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-10 22:37 - 2019-04-10 22:37 - 000000000 ____D C:\Program Files\Malwarebytes
2019-04-10 22:37 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-04-10 22:37 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-10 22:36 - 2019-04-10 22:36 - 062707336 _____ (Malwarebytes ) C:\Users\mkemi\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10082.exe
2019-04-10 14:32 - 2019-04-10 14:32 - 000822153 _____ C:\Users\mkemi\AppData\Local\census.cache
2019-04-10 14:32 - 2019-04-10 14:32 - 000350571 _____ C:\Users\mkemi\AppData\Local\ars.cache
2019-04-10 14:15 - 2017-10-17 11:40 - 000334488 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2019-04-10 14:14 - 2019-04-10 14:14 - 000000036 _____ C:\Users\mkemi\AppData\Local\housecall.guid.cache
2019-04-09 22:51 - 2019-04-02 07:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-09 22:51 - 2019-04-02 07:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-09 22:51 - 2019-04-02 07:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-09 22:51 - 2019-04-02 07:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-09 22:51 - 2019-04-02 07:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-09 22:51 - 2019-04-02 07:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-09 22:51 - 2019-04-02 07:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-09 22:51 - 2019-04-02 07:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-09 22:51 - 2019-04-02 07:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-09 22:51 - 2019-04-02 07:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-09 22:51 - 2019-04-02 07:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-09 22:51 - 2019-04-02 07:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-09 22:51 - 2019-04-02 07:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-09 22:51 - 2019-04-02 07:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-09 22:51 - 2019-04-02 07:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-09 22:51 - 2019-04-02 07:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-09 22:51 - 2019-04-02 04:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-09 22:51 - 2019-04-02 04:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-09 22:51 - 2019-04-02 04:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-09 22:51 - 2019-04-02 04:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-09 22:51 - 2019-04-02 04:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-09 22:51 - 2019-04-02 04:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-09 22:51 - 2019-04-02 04:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-09 22:51 - 2019-04-02 04:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-09 22:51 - 2019-04-02 04:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-09 22:51 - 2019-04-02 03:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-09 22:51 - 2019-04-02 03:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-09 22:51 - 2019-04-02 03:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-09 22:51 - 2019-04-02 03:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-09 22:51 - 2019-04-02 03:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-09 22:51 - 2019-04-02 03:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-09 22:51 - 2019-04-02 03:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-09 22:51 - 2019-04-02 03:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-09 22:51 - 2019-04-02 03:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-09 22:51 - 2019-04-02 03:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-09 22:51 - 2019-04-02 03:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-09 22:51 - 2019-04-02 03:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-09 22:51 - 2019-04-02 03:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-09 22:51 - 2019-04-02 03:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-09 22:51 - 2019-04-02 03:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-09 22:51 - 2019-04-02 03:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-09 22:51 - 2019-04-02 03:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-09 22:51 - 2019-04-02 02:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-09 22:51 - 2019-04-02 02:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-09 22:51 - 2019-04-02 02:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-09 22:51 - 2019-04-02 02:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-09 22:51 - 2019-04-02 02:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-09 22:51 - 2019-04-02 02:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-09 22:51 - 2019-04-02 02:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-09 22:51 - 2019-04-02 02:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-09 22:51 - 2019-04-02 02:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-09 22:51 - 2019-04-02 02:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-09 22:51 - 2019-04-02 02:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-09 22:51 - 2019-04-02 02:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-09 22:51 - 2019-04-02 02:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-09 22:51 - 2019-04-02 02:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-09 22:51 - 2019-04-02 02:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-09 22:51 - 2019-04-02 02:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-09 22:51 - 2019-04-02 02:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-09 22:51 - 2019-04-02 02:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-09 22:51 - 2019-04-02 01:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-09 22:51 - 2019-04-02 00:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-09 22:51 - 2019-04-02 00:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-09 22:51 - 2019-04-02 00:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-09 22:51 - 2019-04-02 00:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-09 22:51 - 2019-04-02 00:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-09 22:51 - 2019-04-01 23:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-09 22:51 - 2019-04-01 23:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-09 22:51 - 2019-04-01 23:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-09 22:51 - 2019-04-01 23:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-09 22:51 - 2019-04-01 23:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-09 22:51 - 2019-04-01 23:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-09 22:51 - 2019-04-01 23:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-09 22:51 - 2019-04-01 23:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-09 22:51 - 2019-04-01 23:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-09 22:51 - 2019-04-01 23:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-09 22:51 - 2019-04-01 23:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-09 22:51 - 2019-03-16 07:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-09 22:51 - 2019-03-16 04:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-09 22:51 - 2019-03-14 09:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-09 22:51 - 2019-03-14 09:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-09 22:51 - 2019-03-14 09:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-09 22:51 - 2019-03-14 09:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-09 22:51 - 2019-03-14 09:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-09 22:51 - 2019-03-14 09:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-09 22:51 - 2019-03-14 09:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-09 22:51 - 2019-03-14 09:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-09 22:51 - 2019-03-14 09:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-09 22:51 - 2019-03-14 09:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-09 22:51 - 2019-03-14 09:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-09 22:51 - 2019-03-14 09:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-09 22:51 - 2019-03-14 09:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-09 22:51 - 2019-03-14 08:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-09 22:51 - 2019-03-14 08:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-09 22:51 - 2019-03-14 08:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-09 22:51 - 2019-03-14 08:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-09 22:51 - 2019-03-14 08:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-09 22:51 - 2019-03-14 08:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-09 22:51 - 2019-03-14 03:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-09 22:51 - 2019-03-14 03:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-09 22:51 - 2019-03-14 03:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-09 22:51 - 2019-03-14 03:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-09 22:51 - 2019-03-14 03:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-09 22:51 - 2019-03-14 03:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-09 22:51 - 2019-03-14 03:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-09 22:51 - 2019-03-14 03:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-09 22:51 - 2019-03-14 03:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-09 22:51 - 2019-03-14 03:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-09 22:51 - 2019-03-14 03:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-09 22:51 - 2019-03-14 03:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-09 22:51 - 2019-03-14 03:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-09 22:51 - 2019-03-14 03:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-09 22:51 - 2019-03-14 03:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-09 22:51 - 2019-03-14 03:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-09 22:51 - 2019-03-14 03:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-09 22:51 - 2019-03-14 03:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-09 22:51 - 2019-03-14 03:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-09 22:51 - 2019-03-14 03:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-09 22:51 - 2019-03-14 03:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-09 22:51 - 2019-03-14 03:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-09 22:51 - 2019-03-14 03:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-09 22:51 - 2019-03-14 03:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-09 22:51 - 2019-03-14 03:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-09 22:51 - 2019-03-14 03:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-09 22:51 - 2019-03-14 03:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-09 22:51 - 2019-03-14 03:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-09 22:51 - 2019-03-14 03:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-09 22:51 - 2019-03-14 03:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-09 22:51 - 2019-03-14 03:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-09 22:51 - 2019-03-14 03:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-09 22:51 - 2019-03-14 03:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-09 22:51 - 2019-03-14 03:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-09 22:51 - 2019-03-14 03:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-09 22:51 - 2019-03-14 03:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-09 22:51 - 2019-03-14 03:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-09 22:51 - 2019-03-14 03:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-09 22:51 - 2019-03-14 03:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-09 22:51 - 2019-03-14 03:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-09 22:51 - 2019-03-14 03:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-09 22:51 - 2019-03-14 03:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-09 22:51 - 2019-03-14 03:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-09 22:51 - 2019-03-14 03:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-09 22:51 - 2019-03-14 03:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-09 22:51 - 2019-03-14 03:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-09 22:51 - 2019-03-14 03:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-09 22:51 - 2019-03-14 03:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-09 22:51 - 2019-03-14 03:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-09 22:51 - 2019-03-14 03:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-09 22:51 - 2019-03-14 03:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-09 22:51 - 2019-03-14 02:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-09 22:51 - 2019-03-14 02:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-09 22:51 - 2019-03-14 02:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-09 22:51 - 2019-03-14 02:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-09 22:51 - 2019-03-14 02:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-09 22:51 - 2019-03-14 02:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-09 22:51 - 2019-03-14 02:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-09 22:51 - 2019-03-14 02:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-09 22:51 - 2019-03-14 02:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-09 22:51 - 2019-03-14 02:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-09 22:51 - 2019-03-14 02:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-09 22:51 - 2019-03-14 02:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-09 22:51 - 2019-03-14 02:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-09 22:51 - 2019-03-14 02:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-09 22:51 - 2019-03-14 02:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-09 22:51 - 2019-03-14 02:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-09 22:51 - 2019-03-14 02:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-09 22:51 - 2019-03-14 02:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-09 22:51 - 2019-03-14 02:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-09 22:51 - 2019-03-14 02:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-09 22:51 - 2019-03-14 02:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-09 22:51 - 2019-03-14 02:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-09 22:51 - 2019-03-14 02:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-09 22:51 - 2019-03-14 02:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-09 22:51 - 2019-03-14 02:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-09 22:51 - 2019-03-14 02:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-09 22:51 - 2019-03-14 02:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-09 22:51 - 2019-03-14 02:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-09 22:51 - 2019-03-14 02:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-09 22:51 - 2019-03-14 02:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-09 22:51 - 2019-03-14 02:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-09 22:51 - 2019-03-14 02:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-09 22:51 - 2019-03-14 02:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-09 22:51 - 2019-03-14 02:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-09 22:51 - 2019-03-14 02:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-09 22:51 - 2019-03-14 02:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-09 22:51 - 2019-03-14 02:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-09 22:51 - 2019-03-14 02:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-09 22:51 - 2019-03-14 02:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-09 22:51 - 2019-03-14 02:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-09 22:51 - 2019-03-14 02:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-09 22:51 - 2019-03-14 02:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-09 22:51 - 2019-03-14 02:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-09 22:51 - 2019-03-14 02:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-09 22:51 - 2019-03-14 02:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-09 22:51 - 2019-03-14 02:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-09 22:51 - 2019-03-14 02:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-09 22:51 - 2019-03-14 02:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-09 22:51 - 2019-03-14 02:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-09 22:51 - 2019-03-14 02:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-09 22:51 - 2019-03-14 02:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-09 22:51 - 2019-03-13 20:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-09 22:51 - 2019-03-13 20:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-09 22:51 - 2019-03-13 20:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-09 22:51 - 2019-03-13 20:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-09 22:51 - 2019-03-13 20:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-09 15:04 - 2019-04-09 15:04 - 000000000 ____D C:\Program Files\Sublime Text 3
2019-04-08 23:15 - 2019-04-08 23:15 - 000000000 ____D C:\Users\mkemi\AppData\Local\Chromium
2019-04-08 22:44 - 2019-04-08 22:44 - 000000000 ____D C:\Users\mkemi\AppData\Roaming\java
2019-04-08 21:31 - 2019-04-08 21:31 - 000000000 ____D C:\Users\mkemi\AppData\Local\Discord
2019-04-08 21:30 - 2019-04-08 21:30 - 061370712 _____ (Discord Inc.) C:\Users\mkemi\Downloads\DiscordSetup.exe
2019-04-08 21:21 - 2019-04-08 21:23 - 520093700 _____ C:\Users\mkemi\Downloads\D20PRO_Installer_3.7.8_64bit.exe
2019-04-02 22:58 - 2019-04-02 22:58 - 000001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2019-04-02 22:58 - 2019-03-18 10:08 - 002769904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2019-04-02 22:58 - 2019-03-18 10:08 - 002149872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2019-04-02 22:58 - 2019-03-18 10:08 - 001323504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2019-04-02 22:58 - 2019-01-30 04:47 - 000203304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2019-04-02 22:58 - 2019-01-30 04:47 - 000179240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2019-04-02 22:57 - 2018-10-03 14:28 - 000066792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2019-04-02 22:57 - 2018-10-01 13:47 - 000070024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2019-04-02 22:53 - 2019-04-11 21:24 - 000000000 ____D C:\Users\mkemi\AppData\Local\NVIDIA Corporation
2019-04-02 22:49 - 2019-03-18 09:31 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2019-04-02 22:49 - 2019-03-17 01:42 - 000133616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2019-04-02 22:48 - 2019-04-11 21:23 - 000000000 ____D C:\ProgramData\NVIDIA
2019-04-02 22:48 - 2019-04-02 22:58 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-04-02 22:48 - 2019-04-02 22:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2019-04-02 22:48 - 2019-03-17 01:48 - 005365232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-04-02 22:48 - 2019-03-17 01:48 - 002624368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-04-02 22:48 - 2019-03-17 01:48 - 001767464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-04-02 22:48 - 2019-03-17 01:48 - 000650608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-04-02 22:48 - 2019-03-17 01:48 - 000450872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-04-02 22:48 - 2019-03-17 01:48 - 000124784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-04-02 22:48 - 2019-03-17 01:48 - 000083440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-04-02 22:48 - 2019-03-12 00:17 - 008526362 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-04-02 22:48 - 2019-02-27 11:40 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-04-02 22:47 - 2019-04-02 22:58 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-04-02 22:47 - 2019-03-18 14:48 - 010320928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-04-02 22:47 - 2019-03-18 14:48 - 008786128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-04-02 22:47 - 2019-03-18 14:48 - 001168936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-04-02 22:47 - 2019-03-18 14:48 - 000914912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-04-02 22:47 - 2019-03-18 14:48 - 000822576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-04-02 22:47 - 2019-03-18 14:48 - 000794632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-04-02 22:47 - 2019-03-18 14:48 - 000638176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-04-02 22:47 - 2019-03-18 14:47 - 020107592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-04-02 22:47 - 2019-03-18 14:47 - 017433176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-04-02 22:47 - 2019-03-18 14:47 - 005044688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-04-02 22:47 - 2019-03-18 14:47 - 004303072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-04-02 22:47 - 2019-03-18 14:47 - 001471608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2019-04-02 22:47 - 2019-03-18 14:47 - 001462024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2019-04-02 22:47 - 2019-03-18 14:47 - 001151984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2019-04-02 22:47 - 2019-03-18 14:47 - 001145720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2019-04-02 22:47 - 2019-03-18 13:32 - 001682392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2019-04-02 22:47 - 2019-03-18 13:32 - 000228768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2019-04-02 22:47 - 2019-03-18 13:32 - 000047592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-04-02 22:47 - 2019-03-18 11:51 - 001007008 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-04-02 22:47 - 2019-03-18 11:51 - 001007008 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-04-02 22:47 - 2019-03-18 11:51 - 000870304 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-04-02 22:47 - 2019-03-18 11:51 - 000870304 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-04-02 22:47 - 2019-03-18 11:51 - 000551896 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-04-02 22:47 - 2019-03-18 11:51 - 000456872 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-04-02 22:47 - 2019-03-18 11:51 - 000286624 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-04-02 22:47 - 2019-03-18 11:51 - 000286624 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-04-02 22:47 - 2019-03-18 11:51 - 000260512 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-04-02 22:47 - 2019-03-18 11:51 - 000260512 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-04-02 22:47 - 2019-03-18 11:50 - 005274560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-04-02 22:47 - 2019-03-18 11:50 - 002033032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-04-02 22:47 - 2019-03-18 11:50 - 001734536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441967.dll
2019-04-02 22:47 - 2019-03-18 11:50 - 001535744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-04-02 22:47 - 2019-03-18 11:50 - 001467648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441967.dll
2019-04-02 22:47 - 2019-03-18 11:50 - 001464712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-04-02 22:47 - 2019-03-18 11:50 - 001130376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-04-02 22:47 - 2019-03-18 11:50 - 000752336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2019-04-02 22:47 - 2019-03-18 11:50 - 000668456 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-04-02 22:47 - 2019-03-18 11:50 - 000631040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-04-02 22:47 - 2019-03-18 11:50 - 000611720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2019-04-02 22:47 - 2019-03-18 11:50 - 000534728 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-04-02 22:47 - 2019-03-18 11:50 - 000522120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-04-02 22:47 - 2019-03-18 11:49 - 040421280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-04-02 22:47 - 2019-03-18 11:49 - 035268720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-04-02 22:47 - 2019-03-18 11:49 - 004625616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-04-02 22:47 - 2019-03-17 08:50 - 000049930 _____ C:\WINDOWS\system32\nvinfo.pb
2019-04-02 22:45 - 2019-04-02 22:58 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-04-02 22:31 - 2019-04-02 23:15 - 000420444 _____ C:\WINDOWS\ntbtlog.txt
2019-04-02 22:31 - 2019-04-02 23:15 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-04-02 22:08 - 2019-04-02 22:19 - 578489888 _____ (NVIDIA Corporation) C:\Users\mkemi\Downloads\419.67-desktop-win10-64bit-international-whql.exe
2019-04-02 22:05 - 2019-04-02 22:21 - 000000000 ____D C:\Users\mkemi\Downloads\[Guru3D.com]-DDU
2019-04-02 22:05 - 2019-04-02 22:05 - 001228919 _____ C:\Users\mkemi\Downloads\[Guru3D.com]-DDU.zip
2019-04-02 14:37 - 2019-04-02 14:42 - 000024808 _____ C:\WINDOWS\SysWOW64\Defrag.debuglog
2019-04-02 14:37 - 2019-04-02 14:37 - 000000000 ____D C:\Users\mkemi\AppData\Local\AviraSpeedup
2019-04-02 13:43 - 2019-04-02 22:58 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-02 13:43 - 2019-04-02 22:58 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-02 13:43 - 2019-04-02 22:58 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-02 13:43 - 2019-04-02 22:58 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-02 13:43 - 2019-04-02 22:58 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
 

madmichael

TS Rookie
2019-04-02 13:43 - 2019-04-02 22:58 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-02 13:43 - 2019-04-02 22:58 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-02 13:43 - 2019-04-02 22:58 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-02 13:43 - 2019-04-02 22:58 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-02 13:43 - 2019-04-02 22:58 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-02 13:43 - 2019-04-02 22:57 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-02 13:43 - 2019-04-02 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-04-01 14:16 - 2019-04-01 14:17 - 118453136 _____ (NVIDIA Corporation) C:\Users\mkemi\Downloads\GeForce_Experience_v3.18.0.94.exe
2019-04-01 14:06 - 2019-04-01 14:06 - 001573568 _____ C:\Users\mkemi\Downloads\SteamSetup.exe
2019-04-01 14:06 - 2019-04-01 14:06 - 000001039 _____ C:\Users\Public\Desktop\Steam.lnk
2019-03-30 22:09 - 2019-04-02 14:52 - 000000000 ____D C:\Users\mkemi\AppData\Local\Doodly
2019-03-30 22:09 - 2019-03-30 22:09 - 081534032 _____ (Bryxen Software) C:\Users\mkemi\Downloads\Doodly Setup 1.19.6.exe
2019-03-30 22:09 - 2019-03-30 22:09 - 000002288 _____ C:\Users\mkemi\Desktop\Doodly.lnk
2019-03-30 22:09 - 2019-03-30 22:09 - 000000000 ____D C:\Users\mkemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bryxen Software
2019-03-30 22:09 - 2019-03-30 22:09 - 000000000 ____D C:\Users\mkemi\AppData\Roaming\Doodly
2019-03-30 21:25 - 2019-04-01 15:42 - 000000000 ____D C:\WINDOWS\Minidump
2019-03-30 16:19 - 2019-03-30 22:01 - 000000000 ____D C:\Users\mkemi\AppData\Roaming\vlc
2019-03-30 16:19 - 2019-03-30 16:20 - 000000000 ____D C:\Users\mkemi\AppData\Roaming\dvdcss
2019-03-30 16:19 - 2019-03-30 16:19 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-03-30 16:19 - 2019-03-30 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-03-30 16:19 - 2019-03-30 16:19 - 000000000 ____D C:\Program Files\VideoLAN
2019-03-30 16:16 - 2019-03-30 16:16 - 041846888 _____ C:\Users\mkemi\Downloads\vlc-3.0.6-win64.exe
2019-03-21 14:12 - 2019-04-02 14:52 - 000000000 ____D C:\Users\mkemi\AppData\Roaming\WhatsApp
2019-03-21 14:12 - 2019-03-21 14:12 - 000002268 _____ C:\Users\mkemi\Desktop\WhatsApp.lnk
2019-03-21 14:12 - 2019-03-21 14:12 - 000000000 ____D C:\Users\mkemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2019-03-21 14:11 - 2019-04-02 14:52 - 000000000 ____D C:\Users\mkemi\AppData\Local\WhatsApp
2019-03-21 14:05 - 2019-03-21 14:05 - 139868088 _____ (WhatsApp) C:\Users\mkemi\Downloads\WhatsAppSetup.exe
2019-03-21 00:34 - 2019-03-21 00:34 - 000000600 _____ C:\Users\mkemi\AppData\Roaming\winscp.rnd
2019-03-19 14:44 - 2019-03-19 14:44 - 000268395 _____ C:\Users\mkemi\Downloads\chosen-child.zip
2019-03-19 14:35 - 2019-03-19 14:35 - 000188262 _____ C:\Users\mkemi\Downloads\competethemes-chosen-gamer-wordpress-template.zip
2019-03-19 13:50 - 2019-03-19 13:50 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2019-03-19 13:50 - 2019-03-19 13:50 - 000001137 _____ C:\Users\Public\Desktop\WinSCP.lnk
2019-03-19 13:50 - 2019-03-19 13:50 - 000000000 ____D C:\Program Files (x86)\WinSCP
2019-03-19 13:49 - 2019-03-19 13:49 - 009592936 _____ (Martin Prikryl ) C:\Users\mkemi\Downloads\WinSCP-5.13.9-Setup.exe
2019-03-19 13:46 - 2019-03-19 13:46 - 000000000 ____D C:\Users\mkemi\AppData\Roaming\FileZilla Server
2019-03-19 13:44 - 2019-03-19 13:44 - 002241216 _____ (FileZilla Project) C:\Users\mkemi\Downloads\FileZilla_Server-0_9_60_2.exe
2019-03-19 13:14 - 2019-03-21 14:07 - 000000000 ____D C:\Users\mkemi\Documents\2OG
2019-03-19 12:52 - 2019-03-19 12:52 - 000000000 ____D C:\Users\mkemi\Downloads\Patreon
2019-03-19 03:22 - 2019-04-02 14:52 - 000000000 ____D C:\Users\mkemi\AppData\Roaming\EasyAntiCheat
2019-03-19 03:22 - 2019-03-19 03:22 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2019-03-15 14:06 - 2019-03-15 14:06 - 000001196 _____ C:\Users\Public\Desktop\Avira.lnk
2019-03-15 13:16 - 2019-03-15 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2019-03-15 13:12 - 2019-04-02 14:52 - 000000000 ____D C:\xampp
2019-03-15 12:55 - 2019-03-15 12:56 - 153391688 _____ C:\Users\mkemi\Downloads\xampp-windows-x64-7.3.2-2-VC15-installer.exe
2019-03-14 09:48 - 2019-03-14 09:48 - 001447178 _____ (Igor Pavlov) C:\Users\mkemi\Downloads\7z1900-x64.exe
2019-03-14 09:48 - 2019-03-14 09:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-03-14 09:48 - 2019-03-14 09:48 - 000000000 ____D C:\Program Files\7-Zip
2019-03-13 13:12 - 2019-04-10 13:54 - 000000000 ____D C:\Users\mkemi\Downloads\Kickstarter
2019-03-12 15:15 - 2019-02-16 05:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-12 15:14 - 2019-03-06 10:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-12 15:14 - 2019-03-06 10:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-12 15:14 - 2019-03-06 10:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-12 15:14 - 2019-03-06 10:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-12 15:14 - 2019-03-06 10:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-12 15:14 - 2019-03-06 10:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-12 15:14 - 2019-03-06 10:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-12 15:14 - 2019-03-06 10:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-12 15:14 - 2019-03-06 07:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-12 15:14 - 2019-03-06 07:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-12 15:14 - 2019-03-06 07:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-12 15:14 - 2019-03-06 04:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-12 15:14 - 2019-03-06 04:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-12 15:14 - 2019-03-06 04:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-12 15:14 - 2019-03-06 04:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-12 15:14 - 2019-03-06 04:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-12 15:14 - 2019-03-06 04:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-12 15:14 - 2019-03-06 04:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-12 15:14 - 2019-03-06 04:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-12 15:14 - 2019-03-06 04:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-12 15:14 - 2019-03-06 04:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-12 15:14 - 2019-03-06 04:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-12 15:14 - 2019-03-06 04:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-12 15:14 - 2019-03-06 04:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-12 15:14 - 2019-03-06 04:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-12 15:14 - 2019-03-06 03:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-12 15:14 - 2019-03-06 03:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-12 15:14 - 2019-03-06 03:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-12 15:14 - 2019-03-06 03:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-12 15:14 - 2019-03-06 03:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-12 15:14 - 2019-03-06 03:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-12 15:14 - 2019-03-06 03:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-12 15:14 - 2019-03-06 03:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-12 15:14 - 2019-03-06 03:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-12 15:14 - 2019-03-06 03:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-12 15:14 - 2019-03-06 03:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-12 15:14 - 2019-03-06 03:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-12 15:14 - 2019-03-06 01:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-12 15:14 - 2019-03-06 01:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-12 15:14 - 2019-03-06 01:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-12 15:14 - 2019-03-06 01:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-12 15:14 - 2019-03-06 01:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-12 15:14 - 2019-03-06 01:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-12 15:14 - 2019-03-06 00:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-12 15:14 - 2019-03-06 00:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-12 15:14 - 2019-03-06 00:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-12 15:14 - 2019-03-06 00:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-12 15:14 - 2019-02-20 22:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-12 15:14 - 2019-02-16 08:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-12 15:14 - 2019-02-16 08:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-12 15:14 - 2019-02-16 08:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-12 15:14 - 2019-02-16 08:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-12 15:14 - 2019-02-16 08:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-12 15:14 - 2019-02-16 08:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-12 15:14 - 2019-02-16 08:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-12 15:14 - 2019-02-16 08:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-12 15:14 - 2019-02-16 08:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-12 15:14 - 2019-02-16 07:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-12 15:14 - 2019-02-16 07:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-12 15:14 - 2019-02-16 07:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-12 15:14 - 2019-02-16 07:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-12 15:14 - 2019-02-16 07:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-12 15:14 - 2019-02-16 07:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-12 15:14 - 2019-02-16 07:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-12 15:14 - 2019-02-16 07:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-12 15:14 - 2019-02-16 07:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-12 15:14 - 2019-02-16 07:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-12 15:14 - 2019-02-16 07:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-12 15:14 - 2019-02-16 07:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-12 15:14 - 2019-02-16 07:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-12 15:14 - 2019-02-16 07:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-12 15:14 - 2019-02-16 07:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-12 15:14 - 2019-02-16 07:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-12 15:14 - 2019-02-16 07:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-12 15:14 - 2019-02-16 07:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-12 15:14 - 2019-02-16 07:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-12 15:14 - 2019-02-16 07:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-12 15:14 - 2019-02-16 07:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-12 15:14 - 2019-02-16 07:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-12 15:14 - 2019-02-16 07:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-12 15:14 - 2019-02-16 07:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-12 15:14 - 2019-02-16 07:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-12 15:14 - 2019-02-16 07:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-12 15:14 - 2019-02-16 07:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-12 15:14 - 2019-02-16 07:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-12 15:14 - 2019-02-16 05:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-12 15:14 - 2019-02-16 03:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-12 15:14 - 2019-02-16 03:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-12 15:14 - 2019-02-16 03:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-12 15:14 - 2019-02-16 03:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-12 15:14 - 2019-02-16 03:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-12 15:14 - 2019-02-16 03:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-12 15:14 - 2019-02-16 03:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-12 15:14 - 2019-02-16 03:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-12 15:14 - 2019-02-16 03:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-12 15:14 - 2019-02-16 03:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-12 15:14 - 2019-02-16 03:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-12 15:14 - 2019-02-16 03:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-12 15:14 - 2019-02-16 03:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-12 15:14 - 2019-02-16 03:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-12 15:14 - 2019-02-16 03:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-12 15:14 - 2019-02-16 03:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-12 15:14 - 2019-02-16 03:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-12 15:14 - 2019-02-16 03:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-12 15:14 - 2019-02-16 03:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-12 15:14 - 2019-02-16 03:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-12 15:14 - 2019-02-16 03:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-12 15:14 - 2019-02-16 03:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-12 15:14 - 2019-02-16 03:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-12 15:14 - 2019-02-16 03:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-12 15:14 - 2019-02-16 02:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-12 15:14 - 2019-02-16 02:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-12 15:14 - 2019-02-16 02:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-12 15:14 - 2019-02-16 02:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-12 15:14 - 2019-02-16 02:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-12 15:14 - 2019-02-16 02:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-12 15:14 - 2019-02-16 02:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-12 15:14 - 2019-02-16 02:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-12 15:14 - 2019-02-16 02:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-12 15:14 - 2019-02-16 02:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-12 15:14 - 2019-02-16 02:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-12 15:14 - 2019-02-16 02:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-12 15:14 - 2019-02-16 02:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-12 15:14 - 2019-02-16 02:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-12 15:14 - 2019-02-16 02:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-12 15:14 - 2019-02-16 02:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-12 15:14 - 2019-02-16 02:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-12 15:14 - 2019-02-16 02:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-12 15:14 - 2019-02-16 02:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-12 15:14 - 2019-02-16 02:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-12 15:14 - 2019-02-16 02:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-12 15:14 - 2019-02-16 02:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-12 15:14 - 2019-02-16 02:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-12 15:14 - 2019-02-16 02:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-12 15:14 - 2019-02-16 02:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-12 15:14 - 2019-02-16 02:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-12 15:14 - 2019-02-16 02:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-12 15:14 - 2019-02-16 02:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-12 15:14 - 2019-02-16 02:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-12 15:14 - 2019-02-16 02:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-12 15:14 - 2019-02-16 02:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-12 15:14 - 2019-02-16 02:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-12 15:14 - 2019-02-16 02:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-12 15:14 - 2019-02-16 02:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-12 15:14 - 2019-02-16 02:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-12 15:14 - 2019-02-16 02:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-12 15:14 - 2019-02-16 02:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-12 15:14 - 2019-02-16 02:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-12 15:14 - 2019-02-16 02:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-12 15:14 - 2019-02-16 02:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-12 15:14 - 2019-02-16 02:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-12 15:14 - 2019-02-16 02:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-12 15:14 - 2019-02-16 02:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-12 15:14 - 2019-02-16 02:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll


==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-11 22:09 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-11 21:32 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-11 21:32 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-11 21:31 - 2018-12-22 00:29 - 000000000 ____D C:\Users\Public\Speedup Sessions
2019-04-11 21:31 - 2018-03-28 20:58 - 000000000 ____D C:\Users\mkemi\AppData\Local\CrashDumps
2019-04-11 21:19 - 2018-05-19 04:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-10 23:27 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-04-10 23:20 - 2018-05-19 03:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-10 22:37 - 2018-04-11 18:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-10 14:10 - 2018-03-30 03:38 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-10 11:05 - 2018-03-30 03:34 - 000000000 ____D C:\Users\mkemi\Downloads\Games
2019-04-10 10:19 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-10 10:13 - 2018-05-19 03:39 - 000405744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-09 23:04 - 2018-04-11 18:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-09 23:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-09 23:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-09 22:58 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-09 22:50 - 2018-03-28 20:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-09 22:46 - 2018-03-28 20:18 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-09 15:04 - 2018-08-19 19:10 - 000000000 ____D C:\Users\mkemi\AppData\Local\Sublime Text 3
2019-04-08 23:42 - 2018-05-19 03:45 - 000000000 ____D C:\Users\mkemi
2019-04-08 21:32 - 2018-10-08 08:46 - 000000000 ____D C:\Users\mkemi\AppData\Local\SquirrelTemp
2019-04-08 21:28 - 2019-02-18 21:26 - 000000000 ____D C:\Users\mkemi\AppData\Local\JxBrowser
2019-04-08 21:20 - 2018-05-19 04:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-07 11:44 - 2018-08-13 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-04-07 10:29 - 2018-03-28 20:29 - 000000000 ____D C:\Program Files\rempl
2019-04-02 22:48 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Help
2019-04-02 21:53 - 2018-07-23 21:31 - 000000000 ____D C:\Users\mkemi\Downloads\images
2019-04-02 15:48 - 2018-05-19 06:35 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2019-04-02 15:47 - 2017-10-10 19:32 - 000000000 ____D C:\ProgramData\Realtek
2019-04-02 14:52 - 2019-03-10 21:37 - 000000000 ____D C:\Users\mkemi\AppData\Roaming\Breaker
2019-04-02 14:52 - 2019-02-27 09:55 - 000000000 ____D C:\Users\mkemi\AppData\Local\Bluestacks
2019-04-02 14:52 - 2018-11-02 17:27 - 000000000 ____D C:\Users\mkemi\AppData\Roaming\Twitch
2019-04-02 14:52 - 2018-10-08 08:46 - 000000000 ____D C:\Users\mkemi\AppData\Local\slack
2019-04-02 14:52 - 2018-07-24 11:04 - 000000000 ____D C:\Users\mkemi\Documents\Home
2019-04-02 14:52 - 2018-05-15 00:01 - 000000000 ___DC C:\WINDOWS\Panther
2019-04-02 14:52 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2019-04-02 14:52 - 2018-03-29 16:37 - 000000000 ____D C:\Program Files (x86)\Steam
2019-04-02 14:52 - 2018-03-28 17:14 - 000000000 ____D C:\Users\mkemi\AppData\Local\ConnectedDevicesPlatform
2019-04-02 13:45 - 2018-05-19 03:52 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-02 13:36 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-04-01 14:35 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Registration
2019-04-01 13:59 - 2018-09-09 18:03 - 000000000 ____D C:\Users\mkemi\AppData\Local\D3DSCache
2019-04-01 12:51 - 2018-07-11 17:47 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-01 12:51 - 2018-07-11 17:47 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-30 21:21 - 2018-10-08 08:46 - 000000000 ____D C:\Users\mkemi\AppData\Roaming\Slack
2019-03-30 16:23 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-03-27 20:27 - 2018-05-19 04:01 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-27 20:27 - 2018-05-19 04:01 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-25 17:28 - 2018-03-28 21:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-25 15:13 - 2018-05-19 04:01 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1156727377-108329867-495008690-1001
2019-03-25 15:13 - 2018-05-19 03:45 - 000002370 _____ C:\Users\mkemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-25 15:13 - 2018-03-28 17:17 - 000000000 ___RD C:\Users\mkemi\OneDrive
2019-03-22 15:36 - 2018-06-20 16:21 - 000000000 ____D C:\ProgramData\Packages
2019-03-22 15:36 - 2018-03-29 22:36 - 000000000 ____D C:\Users\mkemi\AppData\Local\PlaceholderTileLogoFolder
2019-03-22 15:36 - 2018-03-28 23:51 - 000000000 ____D C:\Users\mkemi\AppData\Local\Packages
2019-03-21 17:38 - 2018-10-08 08:46 - 000002200 _____ C:\Users\mkemi\Desktop\Slack.lnk
2019-03-21 17:38 - 2018-10-08 08:46 - 000000000 ____D C:\Users\mkemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2019-03-15 14:06 - 2017-10-10 19:25 - 000000000 ____D C:\ProgramData\Package Cache
2019-03-12 18:11 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-12 18:11 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-12 18:11 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-12 18:10 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-12 18:10 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender

==================== Files in the root of some directories =======

2019-03-21 00:34 - 2019-03-21 00:34 - 000000600 _____ () C:\Users\mkemi\AppData\Roaming\winscp.rnd
2019-04-10 14:32 - 2019-04-10 14:32 - 000350571 _____ () C:\Users\mkemi\AppData\Local\ars.cache
2019-04-10 14:32 - 2019-04-10 14:32 - 000822153 _____ () C:\Users\mkemi\AppData\Local\census.cache
2019-04-10 14:14 - 2019-04-10 14:14 - 000000036 _____ () C:\Users\mkemi\AppData\Local\housecall.guid.cache
2018-08-18 09:33 - 2018-08-18 09:33 - 000005461 _____ () C:\Users\mkemi\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-19 03:39

==================== End of FRST.txt ============================
 

madmichael

TS Rookie
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by mkemi (11-04-2019 22:29:42)
Running from C:\Users\mkemi\Downloads
Windows 10 Home Version 1803 17134.706 (X64) (2018-05-19 09:02:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1156727377-108329867-495008690-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1156727377-108329867-495008690-503 - Limited - Disabled)
Guest (S-1-5-21-1156727377-108329867-495008690-501 - Limited - Disabled)
mkemi (S-1-5-21-1156727377-108329867-495008690-1001 - Administrator - Enabled) => C:\Users\mkemi
WDAGUtilityAccount (S-1-5-21-1156727377-108329867-495008690-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7D2D Launcher (HKU\S-1-5-21-1156727377-108329867-495008690-1001\...\0fa300cea2469b2c) (Version: 1.0.5.2 - SphereII Software)
7D2D Launcher (HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561\...\0fa300cea2469b2c) (Version: 1.0.5.2 - SphereII Software)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.89 - Adobe Systems Incorporated)
AEGIS II - Boost Launcher (HKLM-x32\...\{4829AFF2-F50E-44F6-8BC5-C985F2C24CE1}) (Version: 3.00.06 - ASUSTeK Computer Inc.)
AEGIS II - GameALive (HKLM-x32\...\{9A689EB4-C4FA-49C1-80A5-EC49A7F43046}) (Version: 3.00.21 - ASUSTeK Computer Inc.)
AEGIS II - Lighting (HKLM-x32\...\{E7691292-4F73-4EC6-A3F8-126BFDC987F5}) (Version: 3.00.19 - ASUSTeK Computer Inc.)
AEGIS II - System Usage (HKLM-x32\...\{E8D6582C-D43C-452A-9F75-1D8C6BC0AA12}) (Version: 3.00.06 - ASUSTeK Computer Inc.)
AEGIS II - Threshold Setting (HKLM-x32\...\{6C5979A6-97A8-4D0C-8A3F-4F49D2A13055}) (Version: 3.00.07 - ASUSTeK Computer Inc.)
AEGIS II (HKLM-x32\...\{A9FDB6CC-F2D6-4903-87BC-1537931F11B0}) (Version: 2.01.05 - ASUSTeK Computer Inc.)
AEGIS II Installation Wizard (HKLM-x32\...\{00087100-B4B1-405D-A902-59EE60F88CBC}) (Version: 1.01.01 - ASUSTeK Computer Inc.)
Application Update (HKLM-x32\...\{BEBAE8E0-8C69-4178-8A8E-1E591747A89F}) (Version: - )
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.26.1 - Asmedia Technology)
ASUS App Box (HKLM-x32\...\{F0CE6060-50B1-401E-8357-B6E24DB98D21}) (Version: 1.01.09 - ASUSTeK Computer Inc.)
ASUS Command - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.18 - ASUSTeK Computer Inc.)
ASUS Command - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.01.13 - ASUSTeK Computer Inc.)
ASUS Command - Backup & Recovery (HKLM-x32\...\{34D67DE5-2ECF-4E6B-A243-2C16E2792787}) (Version: 2.01.18 - ASUSTeK Computer Inc.)
ASUS Command - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.01.20 - ASUSTeK Computer Inc.)
ASUS Command - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.02.09 - ASUSTeK Computer Inc.)
ASUS Command - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.05.05 - ASUSTeK Computer Inc.)
ASUS Command (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.12.00 - ASUSTeK Computer Inc.)
ASUS Oculus Wizard (HKLM-x32\...\{E4B59A43-F230-4901-974A-9949A8AB6378}) (Version: 1.02.01 - ASUSTeK COMPUTER INC.)
ASUS ROG GAMING MOUSE GX900 (HKLM-x32\...\{0AD3CB15-7DAA-4A0D-AD49-2BB8485C95A3}) (Version: 1.1.0 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.73 - ICEpower a/s)
Avira (HKLM-x32\...\{33789076-9ec9-4866-b174-19596d6375c1}) (Version: 1.2.131.15242 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{63FCD992-C7DD-4815-A79C-C54871748B59}) (Version: 1.2.131.15242 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.44.143 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.22.2.16398 - Avira Operations GmbH & Co. KG)
Avira Privacy Pal (HKLM-x32\...\{F2BC8305-DFBE-4C02-A906-9BBD8EE299A3}_is1) (Version: 1.5.0.1453 - Avira Operations GmbH & Co. KG)
Avira Safe Shopping (HKLM-x32\...\{5B6E4D2E-B399-4CEB-A321-D51CAD2EC4E9}) (Version: 1.1.21.3693 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{8838C776-B982-48A4-89FC-CB2A751728A5}) (Version: 2.0.6.12364 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.16.0.7799 - Avira Operations GmbH & Co. KG)
Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BIOS Update (HKLM-x32\...\{8B15B78B-E4AE-44BC-9590-D93190DA44AA}) (Version: - )
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.50.5.1003 - BlueStack Systems, Inc.)
Breaker 0.16.0 (HKU\S-1-5-21-1156727377-108329867-495008690-1001\...\2c26b95c-cbb2-58fd-9a65-2e9d241b9043) (Version: 0.16.0 - breaker.io)
Breaker 0.16.0 (HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561\...\2c26b95c-cbb2-58fd-9a65-2e9d241b9043) (Version: 0.16.0 - breaker.io)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
D20PRO (HKLM-x32\...\D20PRO) (Version: - )
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
Discord (HKU\S-1-5-21-1156727377-108329867-495008690-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Discord (HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 419.67 - NVIDIA Corporation) Hidden
Doodly (HKU\S-1-5-21-1156727377-108329867-495008690-1001\...\Doodly) (Version: 1.19.6 - Bryxen Software)
Doodly (HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561\...\Doodly) (Version: 1.19.6 - Bryxen Software)
Driver Update (HKLM-x32\...\{8104540C-E338-47C0-8FEC-7C2BEC3B5EBE}) (Version: - )
DriveThruRPG (HKLM-x32\...\DriveThruRPG) (Version: 2.0.2.9 - OneBookShelf)
GIMP 2.10.4 (HKLM\...\GIMP-2_is1) (Version: 2.10.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
HoloView (HKLM-x32\...\HoloView) (Version: 1.8.0.0 - VR-TEK)
Intel(R) Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel(R) Network Connections 20.5.150.0 (HKLM\...\PROSetDX) (Version: 20.5.150.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Ken Follett's The Pillars of the Earth (HKLM-x32\...\{C2BFAD1A-CD3C-49EC-9D7B-9CFB4952753E}) (Version: - Daedalic Entertainment)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Lync Web App Plug-in (HKLM\...\{BE6D5464-0B1F-46CC-8973-F9651FE6A45A}) (Version: 15.8.8308.965 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1156727377-108329867-495008690-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
MTGArena (HKLM-x32\...\{E399DBC3-3531-46B4-ADE2-D031F9C81811}) (Version: 0.1.893.0 - Wizards of the Coast)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 419.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 419.67 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.18.0.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.18.0.94 - NVIDIA Corporation)
NVIDIA Graphics Driver 419.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 419.67 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.4.887.170424 - REALTEK Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7560 - Realtek Semiconductor Corp.)
Realtek PCI-E Wireless LAN Driver (HKLM-x32\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0014 - REALTEK Semiconductor Corp.)
Slack (HKU\S-1-5-21-1156727377-108329867-495008690-1001\...\slack) (Version: 3.3.8 - Slack Technologies)
Slack (HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561\...\slack) (Version: 3.3.8 - Slack Technologies)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
The Adventure Pals (HKLM-x32\...\{A9B25161-BC1E-48EF-BF69-A4BEFFB1E529}) (Version: - Armor Games)
Twitch (HKU\S-1-5-21-1156727377-108329867-495008690-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Twitch (HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{7819341C-57E0-4F2B-A746-8F3EF9971A29}) (Version: 1.14.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
VUDU To Go (HKLM-x32\...\{E79BF868-C0C3-08C9-B82D-8701BE0A0727}) (Version: 2.3.4 - Vudu) Hidden
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 2.3.4 - Vudu)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.9.564 - ASUS Cloud Corporation)
WhatsApp (HKU\S-1-5-21-1156727377-108329867-495008690-1001\...\WhatsApp) (Version: 0.3.2386 - WhatsApp)
WhatsApp (HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561\...\WhatsApp) (Version: 0.3.2386 - WhatsApp)
Windows Driver Package - STMicroelectronics (STTub30) USB (04/20/2015 3.0.5.0) (HKLM\...\F575C4E62D6E44AB851D54DC86A91A82C673B62C) (Version: 04/20/2015 3.0.5.0 - STMicroelectronics)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinSCP 5.13.9 (HKLM-x32\...\winscp3_is1) (Version: 5.13.9 - Martin Prikryl)
XAMPP (HKLM-x32\...\xampp) (Version: 7.3.2-2 - Bitnami)
Zoom (HKU\S-1-5-21-1156727377-108329867-495008690-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
Zoom (HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
 

madmichael

TS Rookie
==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1156727377-108329867-495008690-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1156727377-108329867-495008690-1001_Classes\CLSID\{56671e01-333e-4504-907b-60321ab09b3b}\InprocServer32 -> c:\windows\system32\dfshim.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.9.564\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.9.564\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.9.564\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-02-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2018-12-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Program Files (x86)\Common Files\AWS\2.2.9.564\ASUSWSContextMenu.dll [2016-06-21] (ASUS Cloud Corporation -> ASUS Cloud Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2018-12-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-03-17] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2018-12-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-02-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
 

madmichael

TS Rookie
The rest of my Addition.txt file is being detected as spam by the forum. It won't let me post it. I will upload it or share it another way on request.

Pulling out the text in
==================== Other Areas ============================
allowed me to paste the rest. I read through it, but have no idea what caused it to be rejected.
 
Last edited:

madmichael

TS Rookie
==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {043CE978-9482-4530-B2CB-4E52A0E4ED2B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantAllUsersRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exeMicrosoft Corporation
Task: {085862CD-D364-4EE1-9D83-B5226E2D97A6} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {09375D3F-8C13-4EBE-B89C-F7D018895EDD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {11C28C34-8D4D-42DA-9493-07E734F78A17} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {1B9D5FBE-2970-4553-A2F8-8C66A22FCBCE} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle America, Inc. -> Oracle Corporation)
Task: {21AB6F30-90EF-4CF3-924C-9FCBE5C84107} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {2B072269-8746-4D4E-96A2-6DF8CCF0FD3D} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG )
Task: {2C970487-61EF-4B4D-9850-F0D15016BE12} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {36779198-DA74-4581-8D32-927B9155CCDB} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3B474893-8574-4C8E-BAD3-091B06AE46E3} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exeMicrosoft Corporation
Task: {3CFA2EFE-EADB-4D95-B9C2-07408A24E07C} - System32\Tasks\ASUS\AEGIS II Alert Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AlertService.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {4C0B4EEE-1AED-47A1-BD75-5935BF1765BA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5B18ABC7-E498-47DC-A7F3-608C110381F2} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe (ASUSTeK Computer Inc. -> )
Task: {6826D7EA-263D-42BC-AC2C-D65310E5FFEB} - System32\Tasks\ASUS\AEGIS II System Level Up Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AsSysLevelUpSrc.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {6FF1BB1F-64FD-4D59-9FA0-7DE5950E3AD0} - System32\Tasks\ASUS\AEGIS II Toast Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AsToastHelper.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {701EF12C-A0DB-4CC9-A70F-DFC1EF76A513} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {76FBDEB9-CDF1-4FCE-8162-FB7EA81F7DC1} - System32\Tasks\ASUS\AEGIS II Matrix => C:\Program Files (x86)\ASUS\AEGIS II\LaunchAtStartupHelper.exe (ASUSTeK Computer Inc. -> )
Task: {7FEC0AA6-F62D-46E3-A449-D334F83816F6} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {865361E9-2AC5-4793-BA66-4454825DBF06} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exeMicrosoft Corporation
Task: {8A2725A3-D800-4C14-ADFE-3959086F87CE} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8B68E6F2-3840-47BA-B540-A9305E38AC67} - System32\Tasks\ASUS\AEGIS II - Boost Launcher => C:\Program Files (x86)\ASUS\AEGIS II\Boost Launcher\BLMonitor.exe () [File not signed]
Task: {8C899A29-5C42-426C-B3C2-58CCD9969B51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8EFCFEEA-12BC-4645-9207-F9F12C16CAB5} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {918170E0-69E1-43FF-80FA-06CFBD8F1338} - System32\Tasks\ASUS\AEGIS II SysInfo Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_SysMode.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {940F3919-9A59-4E45-84A2-15C2C1ED6E40} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9711848D-5BCF-4BF7-A176-66429C0B76AB} - System32\Tasks\Avira\Safe Shopping\Launch => C:\Program Files (x86)\Avira\Safe Shopping\Updater\Updater.exe (Solute GmbH -> Avira)
Task: {9A66CCF3-D264-4DE2-953D-7B1C40D09ABA} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {A0B07B0A-C105-4775-B518-3524C25AC1A7} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {A149C961-7A11-4E12-918B-EB533D28310D} - System32\Tasks\ASUS\AEGIS_II Lighting AudioDetect Execute => C:\Program Files (x86)\ASUS\AEGIS II\Lighting\AudioDetect.exe (ASUSTeK Computer Inc. -> )
Task: {A4B69C2F-6B5E-4DFA-BBE1-C368F339C11D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A6651B7E-E2D9-4ED9-B0DB-DCC72AD9AA6D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exeMicrosoft Corporation
Task: {A907C9F7-9607-4271-B25C-9A3A9B6991E3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {AA322518-E5D2-4407-89D0-555E436634C5} - System32\Tasks\Avira\Safe Shopping\Update => C:\Program Files (x86)\Avira\Safe Shopping\Updater\Updater.exe (Solute GmbH -> Avira)
Task: {AB81EE63-A2F5-48A3-ACA7-5DA972238846} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AE3B1F45-2DB5-4ECC-AE32-1512EC97348F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B6BF5069-EA6B-4567-BAC4-7EE32FA95252} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {BA0552EF-E351-448C-9E3D-384B3D80DBF9} - System32\Tasks\ASUS\AEGIS_II Lighting CD_Rom Execute => C:\Program Files (x86)\ASUS\AEGIS II\Lighting\CheckCD_RomLighting.exe (ASUSTeK Computer Inc. -> )
Task: {BCC15C21-49E1-41A1-8863-7DECA3D9BDD1} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {BE20B6BB-8754-49F5-A44F-8A7C0E4A1F54} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) <==== ATTENTION
Task: {C0D8D780-80E3-45AB-B448-49524AEB70D0} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {C7EE2CF1-70B8-40B0-B0E0-4B15AC83F9B8} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe (ASUSTeK Computer Inc. -> )
Task: {D14EAE57-6BBA-482E-8CC2-A7C97C15C39B} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe (ASUSTeK Computer Inc. -> ASUSTeK)
Task: {D3B7DE69-6663-4B2B-8321-BD453238410C} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {DC385ACA-78B3-4AEF-9698-95C00AB1C79F} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe (ASUSTeK Computer Inc. -> )
Task: {E2630132-31E4-4B2E-A85E-2F8A0FB3AB81} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {E4956980-F42E-42CB-99F8-077B58CBD358} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EE81DF13-36ED-42FB-866A-C82A4F56B443} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F2B43767-9D07-4669-8DD3-8103B7FD6BD6} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) [File not signed]
Task: {FF1E7C69-4FDE-4612-AA59-8223F62B5F6F} - System32\Tasks\Avira\Safe Shopping\Check => C:\Program Files (x86)\Avira\Safe Shopping\Updater\Updater.exe (Solute GmbH -> Avira)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 

madmichael

TS Rookie
==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\mkemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\BrowserStack Local.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mfiddfehmfdojjfdpfngagldgaaafcfo
ShortcutWithArgument: C:\Users\mkemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Apps & Extensions Developer Tool.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ohmmkhmmmpcnpikjeljgnaoabkaalbgc
ShortcutWithArgument: C:\Users\mkemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\mkemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Keypress Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghfooiajeobmcfhmajcblmompfdehnli
ShortcutWithArgument: C:\Users\mkemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Nitrous.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=efdcneeepllhjlbejkfnaolelbpdacai
ShortcutWithArgument: C:\Users\mkemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TrackingTime _ Time Tracker.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knailkjkjcfegledhjhcfacdngnicimb
ShortcutWithArgument: C:\Users\mkemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl
ShortcutWithArgument: C:\Users\mkemi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd

==================== Loaded Modules (Whitelisted) ==============

2018-03-28 20:58 - 2015-04-20 19:55 - 001011712 _____ () [File not signed] C:\Program Files (x86)\ASUS\AEGIS II\Boost Launcher\BLMonitor.exe
2015-04-22 08:59 - 2015-04-22 08:59 - 001489920 _____ (ASUS Cloud Corporation.) [File not signed] C:\Program Files (x86)\Common Files\AWS\2.2.9.564\ASUSWSShellExt64.dll
2016-06-21 20:56 - 2016-06-21 20:56 - 000075264 _____ (ASUS Cloud Corporation) [File not signed] C:\Program Files (x86)\ASUS\WebStorage\2.2.9.564\AsusWSWinService.exe
2016-03-18 14:03 - 2016-03-18 14:03 - 000335360 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
2019-04-10 11:37 - 2019-04-10 11:37 - 000880128 _____ (ServiceStack) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ServiceStack.Text\1d97f50d22944379f169c508b8a646b3\ServiceStack.Text.ni.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-04-10 22:37 - 2019-03-13 09:22 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2018-03-28 20:57 - 2014-09-29 19:58 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AEGIS II\asacpi.dll
2018-03-28 20:57 - 2014-09-29 19:58 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AEGIS II\asacpiEx.dll
2018-03-28 20:57 - 2014-09-29 19:57 - 000011264 _____ () [File not signed] C:\Program Files (x86)\ASUS\AEGIS II\SysTranslations\AsMultiLang.dll
2018-03-28 20:57 - 2014-10-16 17:05 - 000053248 _____ () [File not signed] C:\Program Files (x86)\ASUS\AEGIS II\cpuutil.dll
2018-03-28 20:58 - 2015-02-26 20:37 - 000215552 _____ (ASUSTeK COMPUTER INC.) [File not signed] C:\Program Files (x86)\ASUS\AEGIS II\Lighting\ACPIWMI.dll
2017-10-10 19:35 - 2015-01-05 13:43 - 000215552 _____ (ASUSTeK COMPUTER INC.) [File not signed] C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\ACPIWMI.dll
2018-03-28 20:56 - 2019-04-11 21:21 - 000018216 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2018-03-28 20:56 - 2016-10-13 04:32 - 000104448 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2015-07-27 14:28 - 2015-07-27 14:28 - 000285184 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-07-27 14:28 - 2015-07-27 14:28 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 

madmichael

TS Rookie
==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "WebStorage"
HKU\S-1-5-21-1156727377-108329867-495008690-1001\...\StartupApproved\StartupFolder: => "HoloView-Assist.lnk"
HKU\S-1-5-21-1156727377-108329867-495008690-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1156727377-108329867-495008690-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561\...\StartupApproved\StartupFolder: => "HoloView-Assist.lnk"
HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1156727377-108329867-495008690-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112019212126561\...\StartupApproved\Run: => "Steam"
 

madmichael

TS Rookie
==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1EC70FB2-B39D-40C8-8838-B0339D59DEE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe (Obsidian Entertainment, Inc. -> )
FirewallRules: [{0DDD0810-B5F3-413B-B69D-B6726B966B39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe (Obsidian Entertainment, Inc. -> )
FirewallRules: [{891CD236-D0B8-4EBA-90D9-11CA71EDBF4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild of Dungeoneering\dungeoneering.exe () [File not signed]
FirewallRules: [{5CCDB779-DA52-4180-AAF6-B71A2C72BF74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild of Dungeoneering\dungeoneering.exe () [File not signed]
FirewallRules: [{F44EA3D0-C066-4FD8-B9C9-7346A56C7AC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGONinjago\LEGONINJAGO_DX11.exe (Travellers Tales (UK) Limited -> Warner Bros. Interactive Entertainment)
FirewallRules: [{486AE785-63FA-4AD6-B97C-6DB811404C9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGONinjago\LEGONINJAGO_DX11.exe (Travellers Tales (UK) Limited -> Warner Bros. Interactive Entertainment)
FirewallRules: [{C5189BB6-6CDE-407D-84FF-F64CF9418E22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe (Obsidian Entertainment) [File not signed]
FirewallRules: [{FD8A0D2C-7D03-47FB-812E-DA5F818BB7EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe (Obsidian Entertainment) [File not signed]
FirewallRules: [{D25AFEEF-496F-4CCF-8825-E5F6FEEAA035}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Batman 2\LEGOBatman2.exe (WarnerBros.InteractiveEntertainment) [File not signed]
FirewallRules: [{B2435DC9-1A25-457E-B578-D1DAE0554E9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Batman 2\LEGOBatman2.exe (WarnerBros.InteractiveEntertainment) [File not signed]
FirewallRules: [{5078828C-81F5-437E-B75B-A841E9AC477C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Letter Quest Remastered\letterquestremastered.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{5335D343-7C92-48A9-96EE-E4CE39A53494}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Letter Quest Remastered\letterquestremastered.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{BB9DB94B-B616-426B-8417-22E2D134116E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scooby-Doo! & Looney Tunes Cartoon Universe Adventure\CartoonUniverse.exe () [File not signed]
FirewallRules: [{B4962515-7F10-4C2D-812F-509B9D12A3EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scooby-Doo! & Looney Tunes Cartoon Universe Adventure\CartoonUniverse.exe () [File not signed]
FirewallRules: [{2954AA87-05F0-4C7D-86C2-EE6773CAF4F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Song of the Deep\SOTD.exe () [File not signed]
FirewallRules: [{E62AD65E-6A38-442A-92A4-3AB7CBC1DB5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Song of the Deep\SOTD.exe () [File not signed]
FirewallRules: [{C3CFCE7F-D64A-4B74-8CC8-8274392F91B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{B685F66B-6D96-44A4-BF37-1C78A74E6602}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [UDP Query User{4F199885-E691-4721-B056-2A95CE5E40DD}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe () [File not signed]
FirewallRules: [TCP Query User{F809F4F6-F6FC-45C3-AAD8-D5A22E5A1E7D}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe () [File not signed]
FirewallRules: [{D86D6733-3C11-4DFF-8CA1-DE5CFB86BD9D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{188E67DA-EB3A-4E69-B258-C6E824E44447}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{DC53FE2B-A4F3-433F-811A-9DE10BA79990}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [{1CA0D445-54EE-46D3-9718-D17C183A22C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [{DC23BA3A-4BBC-4D3E-8FF5-24D1904EA0A6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{4DEDFCF3-A853-4D80-962F-FD5FDF61D76B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{1C456473-FF48-49C0-A849-0DE5FC5DAA0E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{9EEA9565-EBAC-4EBC-8097-CC114C14CCAB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1BF3B8E0-6228-4ED4-9010-403E36859C59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Tiny Bang Story\ttbs.exe () [File not signed]
FirewallRules: [{28F2ADF4-B9AD-4FA8-91D0-984CB1A48269}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Tiny Bang Story\ttbs.exe () [File not signed]
FirewallRules: [{355E6AAF-07A3-435E-8E08-AF9D9447C208}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe (TECHLAND SP Z O O -> Techland)
FirewallRules: [{E07093E2-FF06-46E8-97E5-BB281644AC79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe (TECHLAND SP Z O O -> Techland)
FirewallRules: [{D522C42A-E66B-4C2C-AEAA-184641DA78AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland Sp. z o.o. -> Techland)
FirewallRules: [{248F0A68-7913-46E1-9C6C-945293E76CAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland Sp. z o.o. -> Techland)
FirewallRules: [{4155ECFE-22BE-4377-8D6A-00773E851E41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle Chasers Nightwar\BC.exe () [File not signed]
FirewallRules: [{F3288F7D-54FC-4081-A46D-B8749DC7FC7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle Chasers Nightwar\BC.exe () [File not signed]
FirewallRules: [{BD76528A-7F12-4C50-9C1D-252D6309580A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Remastered\Build\Final\BioshockHD.exe () [File not signed]
FirewallRules: [{7034FFDC-FC80-4F74-A131-2AAB3AB17765}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Remastered\Build\Final\BioshockHD.exe () [File not signed]
FirewallRules: [{8B297AA1-600E-4A81-BACE-5C75660FBFCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{FB98EB94-E73E-4710-B81B-F46FCC2614E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [TCP Query User{E43EF22B-0866-4E4D-A285-E4710389AE0D}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe No File
FirewallRules: [UDP Query User{FD909127-A511-4C7B-AAB1-BE74631E530A}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe No File
FirewallRules: [{AF56B4EA-03B1-4D4C-8DF2-917846F86FF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of the Monkey Tavern\Heroes.exe () [File not signed]
FirewallRules: [{CC830698-A94C-4A62-A971-7BB0BC1080CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of the Monkey Tavern\Heroes.exe () [File not signed]
FirewallRules: [{1FE67236-96ED-4F4F-B11E-0AF8A158D826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GrowHome\GrowHome.exe (Ubisoft Entertainment SA -> )
FirewallRules: [{9F2C3CD9-E1B7-4841-9107-33474C30E7C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GrowHome\GrowHome.exe (Ubisoft Entertainment SA -> )
FirewallRules: [{B2BF7DB2-07E7-4DA2-A2A6-301092387EED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie Vikings\ZombieVikings.exe () [File not signed]
FirewallRules: [{4CA57C02-E82E-467E-AF21-C8D452D34041}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie Vikings\ZombieVikings.exe () [File not signed]
FirewallRules: [{22D21497-D31F-4918-9FE0-9F21EDB3E342}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B6A55B5A-E46D-40CE-B83F-1A04A9B4A48F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BC7921F5-1086-4AAA-A049-514E0FD457D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{9C98C270-C9D9-4964-820E-77809177078D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{C299240C-6050-4130-BFCA-8992B1B521E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{BBB81C3C-1C0E-4DD7-A58E-951BBC4B68AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{BC1C445B-3CE8-4383-83C1-5C4471C1DC5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe (Larian Studios -> Larian Studios)
FirewallRules: [{F55F1930-8E2F-4D7A-9D7E-2C8D5EECD8D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe (Larian Studios -> Larian Studios)
FirewallRules: [{163C476A-DE3F-4E99-934B-428CEC58968B}] => (Allow) C:\Users\mkemi\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{56704FC2-B02A-4992-A7F3-B02A9B10577A}] => (Allow) C:\Users\mkemi\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [TCP Query User{67B33790-3545-4248-A57A-0B24FE8E395A}C:\users\mkemi\documents\my_games\7_days_to_die_-_undead_legacy\undead_legacy\undead_legacy_bigger_backpack\7daystodie.exe] => (Allow) C:\users\mkemi\documents\my_games\7_days_to_die_-_undead_legacy\undead_legacy\undead_legacy_bigger_backpack\7daystodie.exe () [File not signed]
FirewallRules: [UDP Query User{1EA389B2-41B7-4859-95DC-74ADB459F81B}C:\users\mkemi\documents\my_games\7_days_to_die_-_undead_legacy\undead_legacy\undead_legacy_bigger_backpack\7daystodie.exe] => (Allow) C:\users\mkemi\documents\my_games\7_days_to_die_-_undead_legacy\undead_legacy\undead_legacy_bigger_backpack\7daystodie.exe () [File not signed]
FirewallRules: [TCP Query User{401AFFB7-1FF3-4DF6-8A27-4EDFC10B68FF}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [UDP Query User{46D7923F-27B5-4D1E-BABE-36C34D7469DB}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{5CF7CF10-4707-4727-9EF3-28A52CEB8E12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\StardockLauncher.exe (Stardock Corporation -> Stardock Corporation)
FirewallRules: [{968841E4-96A7-42E2-B3FD-53B6BF72D0ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\StardockLauncher.exe (Stardock Corporation -> Stardock Corporation)
FirewallRules: [TCP Query User{BDAAC7B0-27A2-4EFD-BADE-EBAA2CEF7C62}C:\users\mkemi\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\mkemi\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{9ABFC103-59EE-41C5-97B4-4470B6707FA0}C:\users\mkemi\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\mkemi\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{274472DE-5C9D-40E3-8B34-A1ABFA84D69F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Letter Quest\letterquest.exe () [File not signed]
FirewallRules: [{DDF3F6EE-EC25-4210-ACE0-95BEA32C9946}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Letter Quest\letterquest.exe () [File not signed]
FirewallRules: [{737A75D5-3096-4094-8597-4C074A14C15D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland Sp. z o.o. -> Techland)
FirewallRules: [{7FAD8066-4313-4497-9AB8-D27B197D1143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland Sp. z o.o. -> Techland)
FirewallRules: [{CD692E65-559A-4C10-AEEA-BA72A7427F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SalvationProphecy\bin\release\SalvationProphecy.exe () [File not signed]
FirewallRules: [{743BC07F-75C6-4D53-B3D5-8AA3BED7B4E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SalvationProphecy\bin\release\SalvationProphecy.exe () [File not signed]
FirewallRules: [{45F84E1A-15B5-4570-93E3-C3EA786B8F04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [{DB11B54E-B12A-498F-84BD-E9E1293F3ECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [TCP Query User{3C30F8CF-A763-42E5-8524-A1E7E65BCFA9}C:\mesamundi\d20pro\jre\bin\javaw.exe] => (Allow) C:\mesamundi\d20pro\jre\bin\javaw.exe
FirewallRules: [UDP Query User{EE8BC049-2DDF-4F6D-A9CD-6084C7D9E6CC}C:\mesamundi\d20pro\jre\bin\javaw.exe] => (Allow) C:\mesamundi\d20pro\jre\bin\javaw.exe
FirewallRules: [{41F02FD4-064F-4B3B-AB44-8A7A2E446FE6}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{CC0DA391-1111-4505-B4BF-31CC7492A3E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve -> )
FirewallRules: [{CEE3646A-1AB0-44B6-B0F8-01F4574469A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve -> )
FirewallRules: [{0AABB234-99E6-4F4C-A783-544206F64EF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [{0B2948A8-0A8D-430B-B94D-2A81531B7352}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [{7C859CA0-D1B0-455B-8899-C417F4D650A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [{1C37EED0-E882-4C4C-B99A-C634E06A063D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [TCP Query User{ABED4157-6838-45B4-8B91-9B3E57D2A222}C:\users\mkemi\appdata\local\programs\breaker\breaker.exe] => (Allow) C:\users\mkemi\appdata\local\programs\breaker\breaker.exe (breaker.io) [File not signed]
FirewallRules: [UDP Query User{E32EA78D-5C07-4AB7-BD21-F17F9271A188}C:\users\mkemi\appdata\local\programs\breaker\breaker.exe] => (Allow) C:\users\mkemi\appdata\local\programs\breaker\breaker.exe (breaker.io) [File not signed]
FirewallRules: [{FE68C402-BBE0-4411-B578-7D9AA672CF2A}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{5CCEC13A-87DF-445B-9E51-7A4D183E1D7F}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{560BCEB0-2ABD-429A-94E9-1B49642A4EB0}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [TCP Query User{05B4E626-AABE-4012-A482-2BE564FAAC5B}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{498B95F5-4214-4105-840A-B766AC3021A9}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{FAB69C27-22DB-4D8B-9FD1-B4F013206201}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [UDP Query User{46D5E9AB-439B-46DB-88C5-FBA4CEAE00BA}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [{A4B7DEB4-6030-4599-9106-24407B8821F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Knights\portal_knights_x64.exe () [File not signed]
FirewallRules: [{AE1F78D4-D08D-40D6-8D1A-3AE7956D122F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Knights\portal_knights_x64.exe () [File not signed]
FirewallRules: [{3361A79C-EB90-4098-BCE3-FC868684CB1F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{5220059B-BBF2-4264-8A0D-BA8A9C8BE3E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6EF991ED-ABE5-40AF-86C3-0B5B93FF6363}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C9F62B1D-78F8-4671-B3B7-173032AFEE15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FB8BC38B-46B6-472F-8945-DB81888D5C3D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{89E0EB49-ED94-456B-9838-7B1856919131}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{833D4D36-891E-406E-97EB-016D983A6E68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{96EC2026-1CBC-4D03-B333-EA20DBD8E5E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{410B860E-66F0-4124-B7F8-B92F53A2F39C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E3D00CC4-FF84-4F2B-B995-A6C7DF4CA55E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F6866B93-2812-4A5A-99AD-FAD345F144DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B7D08FBE-A9A6-4337-8660-3F4E18A1C9F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{00F32C45-71CA-4CDA-980C-05FDCDE8E935}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E4D4C811-67AD-45FC-90A6-D9C09E3CB4E7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5EE1CF50-E9D6-42F6-A381-957C53264293}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

07-04-2019 10:28:12 Windows Update

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2019 09:42:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.ServiceHost.exe, version: 1.2.131.15242, time stamp: 0x5c87b4e6
Faulting module name: KERNELBASE.dll, version: 10.0.17134.556, time stamp: 0xadca2670
Exception code: 0xe0434352
Fault offset: 0x001118a2
Faulting process id: 0x25dc
Faulting application start time: 0x01d4f0d950e46756
Faulting application path: C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 6e01a9cb-36bf-47a9-a373-89c276f78194
Faulting package full name:
Faulting package-relative application ID:

Error: (04/11/2019 09:42:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.CompositionException
at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
at System.ComponentModel.Composition.Primitives.Export.get_Value()
at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at Avira.OE.ServiceHost.ServiceHost.Initialize()
at Avira.OE.ServiceHost.Program+<>c__DisplayClass12_0.<OnServiceStart>b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (04/11/2019 09:41:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.ServiceHost.exe, version: 1.2.131.15242, time stamp: 0x5c87b4e6
Faulting module name: KERNELBASE.dll, version: 10.0.17134.556, time stamp: 0xadca2670
Exception code: 0xe0434352
Fault offset: 0x001118a2
Faulting process id: 0x2910
Faulting application start time: 0x01d4f0d949a39528
Faulting application path: C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 027ddfce-6176-46ef-9b3b-e95b40741cdc
Faulting package full name:
Faulting package-relative application ID:

Error: (04/11/2019 09:41:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.CompositionException
at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
at System.ComponentModel.Composition.Primitives.Export.get_Value()
at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at Avira.OE.ServiceHost.ServiceHost.Initialize()
at Avira.OE.ServiceHost.Program+<>c__DisplayClass12_0.<OnServiceStart>b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (04/11/2019 09:41:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.ServiceHost.exe, version: 1.2.131.15242, time stamp: 0x5c87b4e6
Faulting module name: KERNELBASE.dll, version: 10.0.17134.556, time stamp: 0xadca2670
Exception code: 0xe0434352
Fault offset: 0x001118a2
Faulting process id: 0x2be4
Faulting application start time: 0x01d4f0d941316022
Faulting application path: C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: bac829c4-d612-45b8-8ca2-c5236108ea8f
Faulting package full name:
Faulting package-relative application ID:

Error: (04/11/2019 09:41:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.CompositionException
at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
at System.ComponentModel.Composition.Primitives.Export.get_Value()
at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at Avira.OE.ServiceHost.ServiceHost.Initialize()
at Avira.OE.ServiceHost.Program+<>c__DisplayClass12_0.<OnServiceStart>b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (04/11/2019 09:31:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ASUSUpdateChecker.exe, version: 1.0.0.0, time stamp: 0x57884772
Faulting module name: KERNELBASE.dll, version: 10.0.17134.556, time stamp: 0xadca2670
Exception code: 0xe0434352
Fault offset: 0x001118a2
Faulting process id: 0x2aa0
Faulting application start time: 0x01d4f0d7c656b3ab
Faulting application path: C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: aa92ac60-55e6-4593-87a7-a02c5cfc9fc7
Faulting package full name:
Faulting package-relative application ID:

Error: (04/11/2019 09:31:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ASUSUpdateChecker.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
at System.Windows.FrameworkElement.BeginInit()
at MS.Internal.Xaml.Runtime.ClrObjectRuntime.InitializationGuard(System.Xaml.XamlType, System.Object, Boolean)

Exception Info: System.Windows.Markup.XamlParseException
at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
at System.Windows.Application.LoadComponent(System.Uri, Boolean)
at System.Windows.Application.DoStartup()
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at System.Windows.Application.Run()
at ASUSUpdateChecker.App.Main()


System errors:
=============
Error: (04/11/2019 10:17:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/11/2019 10:10:56 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-DPRKO66)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-DPRKO66\mkemi SID (S-1-5-21-1156727377-108329867-495008690-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/11/2019 09:42:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s).

Error: (04/11/2019 09:41:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/11/2019 09:41:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/11/2019 09:23:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/11/2019 09:22:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/11/2019 09:22:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LMS service to connect.


Windows Defender:
===================================
Date: 2019-04-11 22:05:46.403
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3ACE669B-07F3-4F63-8B7C-7C8417703943}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-10 11:17:10.350
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CD4B90E0-F161-47EA-AEAE-2F65A5326536}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-08-03 07:17:37.157
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C52A6FCC-52E4-4BA6-8804-79D84B5E270A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-16 14:50:53.552
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D4142A02-A9F9-43A2-8678-03272117151D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-16 14:27:57.871
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {967771BE-CC96-4472-9E28-0FA603D5F92D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-07 10:49:53.442
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.1045.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2019-04-07 10:49:53.442
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.1045.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2019-04-02 23:15:21.301
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2019-04-02 22:31:30.068
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-06-15 22:01:40.839
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

CodeIntegrity:
===================================

Date: 2019-03-30 21:46:12.246
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2019-03-30 21:33:03.338
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2018-12-19 17:46:24.834
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2018-12-19 17:45:39.685
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2018-12-12 20:24:32.226
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 16309.36 MB
Available physical RAM: 12218.49 MB
Total Virtual: 18741.36 MB
Available Virtual: 12902.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.91 GB) (Free:163.23 GB) NTFS

\\?\Volume{57a7c6c6-ec67-4d61-9ed2-5ff95e6a490d}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS
\\?\Volume{c6e66d66-5fd7-4cf0-83e9-a0016a403aec}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 06DD8A73)

Partition: GPT.

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Welcome aboard


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================

What are the problems?

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

madmichael

TS Rookie
RogueKiller Anti-Malware V13.1.9.0 (x64) [Mar 27 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : mkemi [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190326_132530, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/04/12 12:56:44 (Duration : 00:15:08)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{E32EA78D-5C07-4AB7-BD21-F17F9271A188}C:\users\mkemi\appdata\local\programs\breaker\breaker.exe -- [%localappdata%\Programs\Breaker\Breaker.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{ABED4157-6838-45B4-8B91-9B3E57D2A222}C:\users\mkemi\appdata\local\programs\breaker\breaker.exe -- [%localappdata%\Programs\Breaker\Breaker.exe] -> Deleted
[PUP.Gen0 (Potentially Malicious)] Honey -- bmnlcjabgnpnenekpadlanbbkooimhnj -> Deleted
[PUP.Gen0 (Potentially Malicious)] JSONView -- chklaanhfefbnpoihckbnefhakgolnmc -> Deleted
[PUP.Gen0 (Potentially Malicious)] Amazon Assistant for Chrome -- pbjikboenpfhbbejgkoklgkhjpfogcam -> Deleted
 

madmichael

TS Rookie
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/12/19
Scan Time: 1:01 PM
Log File: ffc4a948-5d4c-11e9-a8a6-3497f6833486.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.10132
License: Trial

-System Information-
OS: Windows 10 (Build 17134.706)
CPU: x64
File System: NTFS
User: DESKTOP-DPRKO66\mkemi

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 290270
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 5 min, 6 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

madmichael

TS Rookie
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-03.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-12-2019
# Duration: 00:00:10
# OS: Windows 10 Home
# Scanned: 27198
# Detected: 5


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.AmazonBrowserBar Amazon Assistant for Chrome
PUP.Optional.Legacy Avira SafeSearch Plus
PUP.Optional.Legacy cpngackimfmofbokmjmljamhdncknpmg

***** [ Chromium URLs ] *****

PUP.Optional.SofTonicAssistant Softonic EN
PUP.Optional.SofTonicAssistant Softonic EN

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

madmichael

TS Rookie
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-03.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-12-2019
# Duration: 00:00:06
# OS: Windows 10 Home
# Cleaned: 5
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted Amazon Assistant for Chrome
Deleted Avira SafeSearch Plus
Deleted cpngackimfmofbokmjmljamhdncknpmg

***** [ Chromium URLs ] *****

Deleted Softonic EN
Deleted Softonic EN

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1449 octets] - [12/04/2019 13:58:33]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

madmichael

TS Rookie
I've tried to reinstall Steam, Avira, and Geforce Experience and Drivers. All reinstalled without error, but the same errors I experienced before persist.
 

MaiaLenart

TS Rookie
Hi...I ve got the same error and have good internet(wirless but router is in my room) and I have a i3-2310m 16gb ddr3 ram AMD HD4790M 1GB ive used ethernet and still getting the issue. Iahve tlaked to techsupport but they just told me to renstall my game