Inactive Ok I have a little problem when I start my windows a script not lunched correctly...

user75

user75

Posts: 113   +0
Ok I have a little problem when I start my windows a script not lunched correctly I think I have Pitch a malware can you help me to remove it ?
 
1549402907-2019-02-05-17-38-16-greenshot.jpg
 
You should know the drill...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
*
* Avast Scan Report
* This file is generated automatically
*
* Scan name: Full Virus Scan
* Started on: Wednesday, February 6, 2019 11:41:02 AM
* VPS: 190205-6, 2019-02-05
*

SVC: WindowsInput > C:\Windows\SysWOW64\WindowsInput.exe [L] Win32:Malware-gen (0)
C:\OtohitsNetwork\OtohitsApp\temp\f_00032e [L] JS:FakeAlert-L (0)
C:\Users\guillaume\Desktop\OneDriveBackupFiles\Pictures:ms-properties [E] File is offline - it is currently not available. (42006)
C:\Users\guillaume\Desktop\OneDriveBackupFiles\Documents:ms-properties [E] File is offline - it is currently not available. (42006)
C:\Users\guillaume\Desktop\OneDriveBackupFiles\Pièces jointes:ms-properties [E] File is offline - it is currently not available. (42006)
C:\Users\guillaume\AppData\Local\Temp\3fdca5d7ab3f4687a20927015013bcab\System.exe [L] Win32:MalwareX-gen [Trj] (0)
C:\$RECYCLE.BIN\S-1-5-21-3805808772-3452688692-1920293510-1001\$RH0ZP9G\da mandare.exe [L] Win32:Trojan-gen (0)
C:\Users\guillaume\AppData\Roaming\Workk.exe [L] Win32:Trojan-gen (0)
C:\Users\guillaume\AppData\Roaming\Orcus\Orcus.exe [L] Win32:Trojan-gen (0)
C:\$RECYCLE.BIN\S-1-5-21-3805808772-3452688692-1920293510-1001\$RROESPQ\Account Generator.exe [L] Win32:Trojan-gen (0)
C:\ProgramData\iNmmvsANIm\System.exe [L] Win32:MalwareX-gen [Trj] (0)
C:\Program Files (x86)\touchpad\Synp.exe [L] Win32:Trojan-gen (0)
C:\$RECYCLE.BIN\S-1-5-21-3805808772-3452688692-1920293510-1001\$RQMW438\BTC ROBOT.exe [L] Win32:Trojan-gen (0)
C:\Program Files (x86)\touchpad\Synp.exe [L] Win32:Trojan-gen (0)
C:\ProgramData\iNmmvsANIm\System.exe [L] Win32:MalwareX-gen [Trj] (0)
C:\Users\guillaume\AppData\Roaming\Orcus\Orcus.exe [L] Win32:Trojan-gen (0)
D:\DownloadSSD\kms\kms\KMS Tools Portable 16.11.2017 by Ratiborus\KMS Tools Portable 16.11.2017 by Ratiborus\Programs\PIDKey Lite v1.59 RU EN and more\PIDKey Lite x64.exe [L] Win64:Malware-gen (0)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 6.02.2019
Ran by guillaume (administrator) on TEST (06-02-2019 13:45:55)
Running from C:\Users\guillaume\Downloads
Loaded Profiles: guillaume (Available Profiles: guillaume)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(MSFree Inc.) C:\Windows\KMS\bin\KMSSS.exe
() C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
() C:\Windows\SysWOW64\WindowsInput.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
Failed to access process -> MusicMaker.exe
(ExKode Co. Ltd.) C:\Program Files (x86)\ExKode\Dxtory2.0\Dxtory.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ExKode Co. Ltd.) C:\Program Files (x86)\ExKode\Dxtory2.0\Dxtory64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Druide informatique inc.) D:\DownloadSSD\antidote\Application\Bin32\AgentAntidote.exe
(Druide informatique inc.) D:\DownloadSSD\antidote\Application\Bin64\AgentAntidote.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Pushbullet inc) D:\program ssd\psuhbullet\Pushbullet\pushbullet.exe
(Apowersoft) D:\program ssd\dsadsa\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
() C:\ProgramData\iNmmvsANIm\System.exe
(Mega Limited) C:\Users\guillaume\AppData\Local\MEGAsync\MEGAsync.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Code Systems Corporation) C:\Users\guillaume\AppData\Local\Turbo\19.1.1887.0\Turbo-Sandbox.exe
(Teleflex Incorporated) C:\Windows\Temp\_avast_\unp16258991.tmp
(Code Systems Corporation) C:\Users\guillaume\AppData\Local\Turbo\19.1.1887.0\Turbo-Launcher.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.10\bin\TrayPopupE\TrayTipAgentE.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Emcor Group Inc.) C:\Program Files (x86)\touchpad\Synp.exe
(Pushbullet Inc) C:\Users\guillaume\AppData\Local\Pushbullet\bin\pushbullet_client.exe
(The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(Discord Inc.) C:\Users\guillaume\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\guillaume\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\guillaume\AppData\Local\Discord\app-0.0.304\Discord.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(Initex) C:\Users\guillaume\AppData\Roaming\VIP72 Socks Client\ProxifierPE3\Proxifier.exe
(Initex) C:\Users\guillaume\AppData\Roaming\VIP72 Socks Client\ProxifierPE3\Helper64.exe
() C:\Users\guillaume\AppData\Roaming\VIP72 Socks Client\vip72socks.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Discord Inc.) C:\Users\guillaume\AppData\Local\Discord\app-0.0.304\Discord.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Valve Corporation) D:\program ssd\steam\Steam.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [AgentAntidote32] => D:\DownloadSSD\antidote\Application\Bin32\AgentAntidote.exe [1653352 2017-09-12] (Druide Informatique Inc. -> Druide informatique inc.)
HKLM\...\Run: [AgentAntidote64] => D:\DownloadSSD\antidote\Application\Bin64\AgentAntidote.exe [1797736 2017-09-12] (Druide Informatique Inc. -> Druide informatique inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (Compal Electronics, Inc. -> TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4090176 2019-01-22] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.10\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> )
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-06] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\RunOnce: [ASYNCMAC] => rundll32.exe streamci,StreamingDeviceSetup {eeab7790-c514-11d1-b42b-00805fc1270e},asyncmac,{ad498944-762f-11d0-8dcb-00c04fc3358c},C:\Windows\INF\netrasa.inf,Ndis-Mp-AsyncMac
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Pushbullet] => D:\program ssd\psuhbullet\Pushbullet\pushbullet.exe [345600 2015-07-01] (Pushbullet inc)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [ApowersoftScreenRecorder] => D:\program ssd\dsadsa\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe [3617944 2017-02-07] (Apowersoft Ltd -> Apowersoft)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [VoiceAttack] => C:\SteamLibrary\steamapps\common\VoiceAttack\VoiceAttack.exe [5846008 2018-11-22] (VoiceAttack.com -> VoiceAttack.com)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Spotify] => C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe [26154216 2019-01-31] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Windows 10 Update] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe [45152 2018-03-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [touchpad] => C:\Program Files (x86)\touchpad\Synp.exe [2793472 2019-01-30] (Emcor Group Inc.)
HKLM\...\Drivers32: [vidc.xtor] => C:\Windows\system32\DxtoryCodec.dll [2606144 2015-08-10] (ExKode Co. Ltd.)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( )
HKLM\...\Drivers32-x32: [vidc.xtor] => C:\Windows\SysWOW64\DxtoryCodec.dll [2499648 2015-08-10] (ExKode Co. Ltd.)
HKLM\...\Drivers32-x32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-20] (Google Inc -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2019-02-04]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
InternetURL: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FqAVjWcHAv.url ->
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-06-30]
ShortcutTarget: MEGAsync.lnk -> C:\Users\guillaume\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\synp.exe.vbs [2019-02-04] ()
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Turbo Sandbox Manager.lnk [2019-01-31]
ShortcutTarget: Turbo Sandbox Manager.lnk -> C:\Users\guillaume\AppData\Local\Turbo\19.1.1887.0\Turbo-Sandbox.exe (Code Systems Corporation)
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboLauncher.lnk [2019-01-31]
ShortcutTarget: TurboLauncher.lnk -> C:\Users\guillaume\AppData\Local\Turbo\19.1.1887.0\Turbo-Launcher.exe (Code Systems Corporation)
BootExecute: autocheck autochk * aswBoot.exe /M:34097b9555 /A:"* " /L:"1033" /KBD:5 /dir:"C:\Program Files\AVAST Software\Avast"
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 199.202.105.108 199.202.105.1
Tcpip\..\Interfaces\{36D2171C-A57F-46B4-B995-D6E62D4F80F7}: [DhcpNameServer] 199.202.105.108 199.202.105.1
Tcpip\..\Interfaces\{F456A0CD-13F2-4BD0-8E4A-B58889CF8AA9}: [DhcpNameServer] 172.20.1.13 172.20.1.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshiba.ca/welcome/?w=23
SearchScopes: HKU\S-1-5-21-3805808772-3452688692-1920293510-1001 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-31] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-31] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6zl966uz.default
FF ProfilePath: C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default [2019-02-06]
FF user.js: detected! => C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\user.js [2018-12-21]
FF NewTab: Mozilla\Firefox\Profiles\6zl966uz.default -> about:blank
FF Extension: (VPNetworksLLC Proxy) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\@VPNetworksLLC.xpi [2018-12-20]
FF Extension: (Antidote) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\antidote9_firefox@druide.com.xpi [2017-11-30]
FF Extension: (CryptoTab) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\cryptotab-ff@cryptotab.net.xpi [2018-10-10]
FF Extension: (TubeBuddy for YouTube) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2019-01-12]
FF Extension: (Spanish (Spain) Dictionary) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\es-es@dictionaries.addons.mozilla.org.xpi [2019-02-03]
FF Extension: (MEGA) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\firefox@mega.co.nz.xpi [2019-02-04]
FF Extension: (French spelling dictionary) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org.xpi [2018-11-29]
FF Extension: (SaveFrom.net helper) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\helper@savefrom.net.xpi [2019-01-31]
FF Extension: (HTTPS Everywhere) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\https-everywhere@eff.org.xpi [2019-02-01]
FF Extension: (Honey) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2018-11-16]
FF Extension: (Pushbullet) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2018-07-06]
FF Extension: (English (GB) Language Pack) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2018-12-21]
FF Extension: (Español (España) Language Pack) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\langpack-es-ES@firefox.mozilla.org.xpi [2018-12-21]
FF Extension: (Français Language Pack) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\langpack-fr@firefox.mozilla.org.xpi [2018-12-21]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\marcoagpinto@mail.telepac.pt.xpi [2019-01-31]
FF Extension: (Smart Referer) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\smart-referer@meh.paranoid.pk.xpi [2018-09-21]
FF Extension: (User-Agent Switcher) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2019-01-03]
FF Extension: (minerBlock) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\xd4rker@gmail.com.xpi [2019-02-05]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-01-31]
FF Extension: (Greasemonkey) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-08-29]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3805808772-3452688692-1920293510-1001: @turbo.net/Turbo.net Plugin 3.33 -> C:\Users\guillaume\AppData\Local\Turbo\19.1.1887.0\npMozillaTurboPlugin.dll [2019-01-24] (Code Systems Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-09-18]
CHR Profile: C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-02-04]
CHR Extension: (Slides) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-18]
CHR Extension: (Docs) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-18]
CHR Extension: (Google Drive) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-29]
CHR Extension: (YouTube) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-18]
CHR Extension: (Jaxx Liberty) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjelfplplebdjjenllpjcblmjkfcffne [2019-02-04]
CHR Extension: (Sheets) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-18]
CHR Extension: (Google Docs Offline) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-18]
CHR Extension: (Antidote) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbojggafdepnclikhiapkpinbfdhbdoi [2018-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-18]
CHR Extension: (Gmail) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-18]
CHR Extension: (Chrome Media Router) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-22]
CHR Profile: C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-18]
CHR HKLM-x32\...\Chrome\Extension: [lbojggafdepnclikhiapkpinbfdhbdoi] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
I can post other log because the system think it's spam
 

Attachments

  • FRST.txt
    60.6 KB · Views: 0
  • Addition.txt
    104 KB · Views: 1
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
RogueKiller Anti-Malware V13.1.4.0 (x64) [Feb 4 2019] (Premium) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 8.1 (6.3.9600) 64 bits
Started in : Normal mode
User : guillaume [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190204_072850, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/02/07 11:02:32 (Duration : 00:11:26)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.HackTool (Potentially Malicious)] KMSSS.exe -- %SystemRoot%\KMS\bin\KMSSS.exe -> Killed [Tree]
[Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{3D58DDEA-561E-45BA-AA6A-0AB04BCD9FAD} -- [%localappdata%\Turbo\19.1.1887.0\Turbo-Plugin-x64.dll] -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMSEmulator -- [%SystemRoot%\KMS\bin\KMSSS.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FB7343D9-4892-4C0D-AE73-41DA74A3270B} -- [%USERPROFILE%\Pictures\LiquidSky.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{97569978-A0E8-47CA-82BF-F7EFB9ECED90} -- [%USERPROFILE%\Pictures\LiquidSky.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C5F7DE47-9D3D-4221-BF37-3709ED3053AE} -- [%_guillaume_appdata%\LiquidSky\LiquidSkyClient.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{39028344-C2D7-4E96-AF4E-99777BB3BD61} -- [%_guillaume_appdata%\LiquidSky\LiquidSkyClient.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{13513134-8296-4F10-B420-CC5B6260C5FC} -- [%_guillaume_appdata%\LiquidSky\lib\LiquidSky.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D946626A-9FA3-47E1-9AB6-02C45053CBDC} -- [%_guillaume_appdata%\LiquidSky\lib\LiquidSky.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{9B90EE77-680C-4142-9100-F0E839C2078F}C:\users\guillaume\appdata\roaming\icq\bin\icq.exe -- [%_guillaume_appdata%\ICQ\bin\icq.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{E8EC861F-4553-47E0-9DDF-97B5C00CA6E0}C:\users\guillaume\appdata\roaming\vip72 socks client\vip72socks.exe -- [%_guillaume_appdata%\vip72 socks client\vip72socks.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{EC786BB8-107C-4EB8-94E7-1815639B3478}C:\users\guillaume\appdata\roaming\vip72 socks client\vip72socks.exe -- [%_guillaume_appdata%\vip72 socks client\vip72socks.exe] -> Deleted
[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Replaced (2)
[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Replaced (2)
[PUP.HackTool (Potentially Malicious)] KMS -- %SystemRoot%\KMS -> Removed at reboot [5]
[PUP.Gen1 (Potentially Malicious)] simplitec -- %programdata%\simplitec -> Deleted
[PUP.Gen2 (Potentially Malicious)] Honey -- jid1-93CWPmRbVPjRQA@jetpack -> ERROR [0]
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/7/19
Scan Time: 2:30 PM
Log File: c2f43274-2b0e-11e9-9627-00ffe9bce4ad.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.9158
License: Premium

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: TEST\guillaume

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 268232
Threats Detected: 19
Threats Quarantined: 19
Time Elapsed: 18 min, 39 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
Spyware.PasswordStealer.MSIL.Generic, C:\PROGRAM FILES (X86)\TOUCHPAD\SYNP.EXE, Quarantined, [10093], [632108],1.0.9158

Module: 1
Spyware.PasswordStealer.MSIL.Generic, C:\PROGRAM FILES (X86)\TOUCHPAD\SYNP.EXE, Quarantined, [10093], [632108],1.0.9158

Registry Key: 4
Backdoor.Agent.BDB, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsInput, Quarantined, [4105], [309381],1.0.9158
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\KMSAuto, Quarantined, [710], [632069],1.0.9158
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{987087C7-6B6B-46B1-8F08-5E04C585C412}, Quarantined, [710], [632069],1.0.9158
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{987087C7-6B6B-46B1-8F08-5E04C585C412}, Quarantined, [710], [632069],1.0.9158

Registry Value: 1
Spyware.PasswordStealer.MSIL.Generic, HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|touchpad, Quarantined, [10093], [632108],1.0.9158

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 12
Backdoor.Agent.BDB, C:\WINDOWS\SYSWOW64\WINDOWSINPUT.EXE, Quarantined, [4105], [309381],1.0.9158
Trojan.Agent.VBS.Generic, C:\USERS\GUILLAUME\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\synp.exe.vbs, Quarantined, [5758], [428154],1.0.9158
RiskWare.DontStealOurSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Quarantined, [5342], [353142],0.0.0
Spyware.PasswordStealer.MSIL.Generic, C:\PROGRAM FILES (X86)\TOUCHPAD\SYNP.EXE, Quarantined, [10093], [632108],1.0.9158
RiskWare.KMS, C:\WINDOWS\SYSTEM32\TASKS\KMSAuto, Quarantined, [710], [632069],1.0.9158
RiskWare.KMS, C:\WINDOWS\KMSAUTOS\KMSAUTO X64.EXE, Quarantined, [710], [632069],1.0.9158
Trojan.Crypt.MSIL.Generic, C:\USERS\GUILLAUME\APPDATA\ROAMING\WORKK.EXE, Quarantined, [10038], [631585],1.0.9158
Trojan.MalPack.DLF, C:\$RECYCLE.BIN\S-1-5-21-3805808772-3452688692-1920293510-1001\$RH0ZP9G\DA MANDARE.EXE, Quarantined, [8272], [634298],1.0.9158
Spyware.PasswordStealer.MSIL.Generic, C:\$RECYCLE.BIN\S-1-5-21-3805808772-3452688692-1920293510-1001\$RROESPQ\ACCOUNT GENERATOR.EXE, Quarantined, [10093], [632108],1.0.9158
Generic.Malware/Suspicious, C:\$RECYCLE.BIN\S-1-5-21-3805808772-3452688692-1920293510-1001\$RQMW438\BTC ROBOT.EXE, Quarantined, [0], [392686],1.0.9158
Trojan.Crypt.MSIL.Generic, C:\WINDOWS\TEMP\_AVAST_\UNP16258991.TMP, Quarantined, [10038], [631585],1.0.9158
Trojan.BitCoinMiner.XMR, C:\USERS\GUILLAUME\APPDATA\LOCAL\TEMP\3FDCA5D7AB3F4687A20927015013BCAB\SYSTEM.EXE, Quarantined, [8007], [583969],1.0.9158

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-06.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-07-2019
# Duration: 00:00:02
# OS: Windows 8.1
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted Honey

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [10996 octets] - [07/02/2019 14:56:35]
AdwCleaner[S00].txt - [1310 octets] - [07/02/2019 14:58:29]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
Good news but we have to finish cleaning process. Please, read my initial post about the rules.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 8.02.2019
Ran by abysal (administrator) on DESKTOP-DG4P113 (09-02-2019 19:59:29)
Running from C:\Users\abysal\Documents\MEGAsync Downloads
Loaded Profiles: abysal (Available Profiles: abysal)
Platform: Windows 10 Home Version 1809 17763.253 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Code Systems Corporation) C:\Users\abysal\AppData\Local\Turbo\19.1.1887.0\Turbo-Sandbox.exe
(Code Systems Corporation) C:\Users\abysal\AppData\Local\Turbo\19.1.1887.0\Turbo-Launcher.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 9\Application\Bin32\AgentAntidote.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\AgentAntidote.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Spotify Ltd) C:\Users\abysal\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\abysal\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\abysal\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\abysal\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\Antidote.exe
() C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Mega Limited) C:\Users\abysal\AppData\Local\MEGAsync\MEGAsync.exe
(ExKode Co. Ltd.) C:\Program Files (x86)\ExKode\Dxtory2.0\Dxtory.exe
(ExKode Co. Ltd.) C:\Program Files (x86)\ExKode\Dxtory2.0\Dxtory64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Apowersoft) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.10\bin\TrayPopupE\TrayTipAgentE.exe
(Discord Inc.) C:\Users\abysal\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\abysal\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\abysal\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\abysal\AppData\Local\Discord\app-0.0.304\Discord.exe
() C:\Program Files (x86)\VPNetwork LLC\TorGuard\TorGuardDesktopQt.exe
(FileZilla Project) C:\Program Files\FileZilla FTP Client\filezilla.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AgentAntidote32] => C:\Program Files (x86)\Druide\Antidote 9\Application\Bin32\AgentAntidote.exe [1653352 2017-09-12] (Druide Informatique Inc. -> Druide informatique inc.)
HKLM\...\Run: [AgentAntidote64] => C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\AgentAntidote.exe [1797736 2017-09-12] (Druide Informatique Inc. -> Druide informatique inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [61394264 2019-02-07] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4114240 2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [126200 2019-01-28] (Intel(R) Driver & Support Assistant -> Intel)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.10\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> )
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}] => C:\ProgramData\Package Cache\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}\vsupdate_KB3022398.exe [3034256 2019-02-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-66705881-2455800333-246836714-1001\...\Run: [WallpaperEngine] => C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [1698296 2019-02-08] (Kristjan Skutta -> )
HKU\S-1-5-21-66705881-2455800333-246836714-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-66705881-2455800333-246836714-1001\...\Run: [ApowersoftScreenRecorder] => C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe [3016344 2018-09-29] (Apowersoft Ltd -> Apowersoft)
HKU\S-1-5-21-66705881-2455800333-246836714-1001\...\Run: [AdobeBridge] => [X]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( )
HKLM\...\Drivers32: [vidc.xtor] => C:\Windows\system32\DxtoryCodec.dll [2606144 2015-08-10] (ExKode Co. Ltd.)
HKLM\...\Drivers32-x32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( )
HKLM\...\Drivers32-x32: [vidc.xtor] => C:\Windows\SysWOW64\DxtoryCodec.dll [2499648 2015-08-10] (ExKode Co. Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}] -> C:\Program Files (x86)\Chromium\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-08] (The Chromium Authors)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-07] (Google LLC -> Google Inc.)
Startup: C:\Users\abysal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-02-08]
ShortcutTarget: MEGAsync.lnk -> C:\Users\abysal\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\abysal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Turbo Sandbox Manager.lnk [2019-02-08]
ShortcutTarget: Turbo Sandbox Manager.lnk -> C:\Users\abysal\AppData\Local\Turbo\19.1.1887.0\Turbo-Sandbox.exe (Code Systems Corporation)
Startup: C:\Users\abysal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboLauncher.lnk [2019-02-08]
ShortcutTarget: TurboLauncher.lnk -> C:\Users\abysal\AppData\Local\Turbo\19.1.1887.0\Turbo-Launcher.exe (Code Systems Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{0df94510-58db-4e30-b825-d1384d71d1f0}: [DhcpNameServer] 199.202.105.108 199.202.105.1
Tcpip\..\Interfaces\{7fae94f0-3ba1-4a29-ae65-9e4836fb223b}: [DhcpNameServer] 208.67.222.222 208.67.220.220

Internet Explorer:
==================
HKU\S-1-5-21-66705881-2455800333-246836714-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshiba.ca/welcome/?w=23
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-02-08] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-08] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-02-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH -> Eyeo GmbH)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 77w39mj2.default
FF ProfilePath: C:\Users\abysal\AppData\Roaming\Mozilla\Firefox\Profiles\77w39mj2.default [2019-02-09]
FF Extension: (VPNetworksLLC Proxy) - C:\Users\abysal\AppData\Roaming\Mozilla\Firefox\Profiles\77w39mj2.default\Extensions\@VPNetworksLLC.xpi [2019-02-08]
FF Extension: (Antidote) - C:\Users\abysal\AppData\Roaming\Mozilla\Firefox\Profiles\77w39mj2.default\Extensions\antidote9_firefox@druide.com.xpi [2017-11-30]
FF Extension: (TubeBuddy for YouTube) - C:\Users\abysal\AppData\Roaming\Mozilla\Firefox\Profiles\77w39mj2.default\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2019-02-08]
FF Extension: (SaveFrom.net helper) - C:\Users\abysal\AppData\Roaming\Mozilla\Firefox\Profiles\77w39mj2.default\Extensions\helper@savefrom.net.xpi [2019-02-08]
FF Extension: (HTTPS Everywhere) - C:\Users\abysal\AppData\Roaming\Mozilla\Firefox\Profiles\77w39mj2.default\Extensions\https-everywhere@eff.org.xpi [2019-02-08]
FF Extension: (Honey) - C:\Users\abysal\AppData\Roaming\Mozilla\Firefox\Profiles\77w39mj2.default\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2019-02-08]
FF Extension: (Pushbullet) - C:\Users\abysal\AppData\Roaming\Mozilla\Firefox\Profiles\77w39mj2.default\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2019-02-08]
FF Extension: (Smart Referer) - C:\Users\abysal\AppData\Roaming\Mozilla\Firefox\Profiles\77w39mj2.default\Extensions\smart-referer@meh.paranoid.pk.xpi [2019-02-08]
FF Extension: (User-Agent Switcher) - C:\Users\abysal\AppData\Roaming\Mozilla\Firefox\Profiles\77w39mj2.default\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2019-02-08]
FF Extension: (minerBlock) - C:\Users\abysal\AppData\Roaming\Mozilla\Firefox\Profiles\77w39mj2.default\Extensions\xd4rker@gmail.com.xpi [2019-02-08]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\abysal\AppData\Roaming\Mozilla\Firefox\Profiles\77w39mj2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-02-08]
FF Extension: (Firefox ESR configurer for OLDJAWS screen reader ) - C:\Users\abysal\AppData\Roaming\Mozilla\Firefox\Profiles\77w39mj2.default\features\{4424dc03-217f-4dd7-8cc0-3dd98415de62}\jaws-esr@mozilla.org.xpi [2019-02-08] [Legacy]
FF Extension: (Firefox ESR configurer for OLDJAWS screen reader ) - C:\Program Files\Mozilla Firefox\browser\features\jaws-esr@mozilla.org.xpi [2019-01-24] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-02-08] ()
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-08] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-02-07] (Microsoft Corporation)
FF Plugin: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-01-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-01-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-01-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-02-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-08] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-02-07] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-07] (Google Inc.)
FF Plugin-x32: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-01-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-01-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-01-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-01-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-01-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-01-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-66705881-2455800333-246836714-1001: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-01-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-66705881-2455800333-246836714-1001: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-01-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-66705881-2455800333-246836714-1001: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-01-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-66705881-2455800333-246836714-1001: @turbo.net/Turbo.net Plugin 3.33 -> C:\Users\abysal\AppData\Local\Turbo\19.1.1887.0\npMozillaTurboPlugin.dll [2019-01-24] (Code Systems Corporation)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lbojggafdepnclikhiapkpinbfdhbdoi] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013496 2019-01-28] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-02-07] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-02-07] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\System32\DbxSvc.exe [51024 2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2017-07-06] () [File not signed]
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23288 2019-01-28] (Intel(R) Driver & Support Assistant -> Intel)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] (Intel(R) Software Development Products -> )
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2017-04-19] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373712 2018-04-17] (Intel(R) pGFX -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-08] (Intel(R) Trust Services -> Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-08] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-22] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] (OpenVPN Technologies, Inc. -> )
S2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-24] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-24] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [287240 2018-03-29] (Synaptics Incorporated -> Synaptics Incorporated)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [195832 2018-12-19] (Intel(R) Software Development Products -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-16] (TeamViewer GmbH -> TeamViewer GmbH)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] (Intel(R) Software Development Products -> )
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-02-07] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 anvsnddrv; C:\Windows\system32\drivers\anvsnddrv.sys [34416 2016-03-24] (Anvsoft Inc. -> AnvSoft Inc.)
R3 athr; C:\Windows\System32\drivers\athw8x.sys [4233728 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [34368 2018-01-17] (CHENGDU YIWO Tech Development Co., Ltd. -> )
U0 EPMVolFlt; C:\Windows\System32\drivers\EPMVolFlt.sys [30280 2018-07-19] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [38128 2018-09-15] (Intel Corporation - Client Components Group -> Intel Corporation)
R0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [1469952 2017-04-19] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [7972304 2018-04-17] (Intel(R) pGFX -> Intel Corporation)
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [481768 2016-05-12] (Intel(R) OWR -> Intel(R) Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [206496 2017-10-17] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [330176 2018-04-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1137928 2019-01-20] (Realtek Semiconductor Corp. -> Realtek )
R3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [282112 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [54792 2018-03-29] (Synaptics Incorporated -> Synaptics Incorporated)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [48032 2018-12-03] (SteelSeries ApS -> SteelSeries ApS)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [47616 2018-11-07] (TOSHIBA CLIENT SOLUTIONS CO., LTD. -> Toshiba Client Solutions Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46680 2019-02-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [330936 2019-02-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62136 2019-02-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-09 19:59 - 2019-02-09 19:59 - 000000000 ____D C:\Users\abysal\AppData\Local\DBG
2019-02-09 19:56 - 2019-02-09 19:57 - 000000000 ____D C:\FRST
2019-02-09 19:36 - 2019-02-09 19:36 - 000000000 ____D C:\Users\abysal\Downloads\Adobe Photoshop Lightroom Classic CC 2018 + Crack
2019-02-09 19:33 - 2019-02-09 19:33 - 000029852 _____ C:\Users\abysal\Downloads\Adobe.Photoshop.Lightroom.Classic.CC.2018. .Crack.torrent
2019-02-09 19:24 - 2019-02-09 19:24 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2019-02-09 19:23 - 2019-02-09 19:23 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Milestone
2019-02-09 19:21 - 2019-02-09 19:21 - 000000000 ____D C:\Program Files (x86)\My Company Name
2019-02-09 19:21 - 2011-11-03 03:01 - 000056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2019-02-09 19:21 - 2011-10-17 03:00 - 000010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2019-02-09 19:21 - 2011-10-17 03:00 - 000010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2019-02-09 19:14 - 2019-02-09 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2019-02-09 19:14 - 2019-02-09 19:24 - 000000000 ____D C:\Program Files\Adobe
2019-02-09 19:09 - 2019-02-09 19:24 - 000000000 ____D C:\Program Files\Common Files\Adobe
2019-02-09 18:25 - 2019-02-09 18:25 - 000000224 _____ C:\Users\abysal\Desktop\King of the Hat.url
2019-02-09 18:25 - 2019-02-09 18:25 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Games
2019-02-09 18:24 - 2019-02-09 18:25 - 000000000 ____D C:\Users\abysal\AppData\Local\DiscordGames
2019-02-09 18:13 - 2019-02-09 18:13 - 000000000 ____D C:\Users\abysal\Downloads\Adobe.Premiere.Pro.CS6.v6.0.0.LS7.x86.x64.Multilinguange-iND
2019-02-09 18:02 - 2019-02-09 18:02 - 000001410 _____ C:\Users\Public\Desktop\EaseUS Partition Master 12.10.lnk
2019-02-09 18:02 - 2019-02-09 18:02 - 000000000 ____D C:\ProgramData\SystemAcCrux
2019-02-09 18:02 - 2019-02-09 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 12.10
2019-02-09 18:02 - 2019-02-09 18:02 - 000000000 ____D C:\Program Files (x86)\EaseUS
2019-02-09 18:02 - 2018-08-01 13:56 - 005245072 _____ C:\Windows\system32\BootMan.exe
2019-02-09 18:02 - 2018-08-01 13:56 - 003549328 _____ C:\Windows\SysWOW64\BootMan.exe
2019-02-09 18:02 - 2018-07-19 23:22 - 000030280 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\EPMVolFlt.sys
2019-02-09 18:02 - 2018-07-19 23:22 - 000030280 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\EPMVolFlt.sys
2019-02-09 18:02 - 2018-04-28 11:04 - 000132240 _____ C:\Windows\system32\setupempdrvx64.exe
2019-02-09 18:02 - 2018-01-17 00:00 - 000034368 _____ C:\Windows\system32\epmntdrv.sys
2019-02-09 18:02 - 2016-07-11 10:01 - 000010848 _____ C:\Windows\system32\EuGdiDrv.sys
2019-02-09 18:02 - 2014-11-18 14:46 - 000021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
2019-02-09 18:02 - 2014-11-18 14:46 - 000017504 _____ C:\Windows\system32\EuEpmGdi.dll
2019-02-09 17:57 - 2019-02-09 17:57 - 000001353 _____ C:\Users\abysal\Desktop\Any Video Converter Ultimate.lnk
2019-02-09 17:57 - 2019-02-09 17:57 - 000000000 ____D C:\Users\abysal\Documents\Any Video Converter Ultimate
2019-02-09 17:57 - 2019-02-09 17:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2019-02-09 17:57 - 2016-03-24 12:07 - 000034416 _____ (AnvSoft Inc.) C:\Windows\system32\Drivers\anvsnddrv.sys
2019-02-09 17:56 - 2019-02-09 17:57 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Anvsoft
2019-02-09 17:56 - 2019-02-09 17:56 - 000000000 ____D C:\Program Files (x86)\Anvsoft
2019-02-09 17:51 - 2019-02-09 17:51 - 000000000 ____D C:\Users\abysal\AppData\Local\Hinterland
2019-02-09 17:50 - 2019-02-09 17:50 - 000000000 ____D C:\Users\abysal\Documents\Apowersoft
2019-02-09 17:47 - 2019-02-09 17:47 - 000001509 _____ C:\Users\Public\Desktop\Apowersoft Screen Recorder Pro.lnk
2019-02-09 17:47 - 2019-02-09 17:47 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Apowersoft
2019-02-09 17:47 - 2019-02-09 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2019-02-09 17:47 - 2019-02-09 17:47 - 000000000 ____D C:\Program Files (x86)\Apowersoft
2019-02-09 17:32 - 2019-02-09 19:09 - 000000000 ____D C:\Users\abysal\Documents\My Games
2019-02-09 16:53 - 2019-02-09 16:53 - 000000000 ____D C:\Users\abysal\AppData\Local\Kholat
2019-02-09 16:20 - 2019-02-09 16:27 - 000000000 ____D C:\Windows\System32\Tasks\Dxstory
2019-02-09 16:03 - 2019-02-09 16:03 - 000001186 _____ C:\Users\abysal\Desktop\Dxtory.lnk
2019-02-09 16:03 - 2019-02-09 16:03 - 000000000 ____D C:\Users\abysal\AppData\Local\Dxtory Software
2019-02-09 16:03 - 2019-02-09 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2019-02-09 16:03 - 2019-02-09 16:03 - 000000000 ____D C:\Program Files (x86)\ExKode
2019-02-09 16:03 - 2015-08-10 16:00 - 002606144 _____ (ExKode Co. Ltd.) C:\Windows\system32\DxtoryCodec.dll
2019-02-09 16:03 - 2015-08-10 16:00 - 002499648 _____ (ExKode Co. Ltd.) C:\Windows\SysWOW64\DxtoryCodec.dll
2019-02-09 16:02 - 2019-02-09 16:02 - 000000000 ____D C:\Users\abysal\Downloads\Dxtory
2019-02-09 15:59 - 2019-02-09 15:59 - 000000000 ____D C:\Users\abysal\AppData\LocalLow\noio
2019-02-09 15:59 - 2019-02-09 15:59 - 000000000 ____D C:\Users\abysal\AppData\Local\RivalsofAether
2019-02-09 15:49 - 2019-02-09 15:51 - 006033968 _____ (ExKode Co. Ltd. ) C:\Users\abysal\Downloads\DxtorySetup2.0.142.exe
2019-02-09 15:49 - 2019-02-09 15:49 - 005940076 _____ C:\Users\abysal\Downloads\Dxtory.zip
2019-02-09 15:47 - 2019-02-09 15:47 - 000001998 _____ C:\Windows\unins000.dat
2019-02-09 15:47 - 2019-02-09 15:46 - 000715038 _____ C:\Windows\unins000.exe
2019-02-09 15:47 - 2011-12-07 19:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll
2019-02-09 15:47 - 2011-12-07 19:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2019-02-09 15:46 - 2019-02-09 15:46 - 000443445 _____ ( ) C:\Users\abysal\Downloads\LagarithSetup_1327.exe
2019-02-08 21:59 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2019-02-08 21:59 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2019-02-08 21:59 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2019-02-08 21:59 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2019-02-08 21:59 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2019-02-08 21:59 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2019-02-08 21:59 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2019-02-08 21:59 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2019-02-08 21:59 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2019-02-08 21:59 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2019-02-08 21:59 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2019-02-08 21:59 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2019-02-08 21:59 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2019-02-08 21:59 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2019-02-08 21:59 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2019-02-08 21:59 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2019-02-08 21:59 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2019-02-08 21:59 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2019-02-08 21:59 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2019-02-08 21:59 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2019-02-08 21:59 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2019-02-08 21:59 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2019-02-08 21:59 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2019-02-08 21:59 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2019-02-08 21:59 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2019-02-08 21:59 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2019-02-08 21:59 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2019-02-08 21:59 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2019-02-08 21:59 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2019-02-08 21:59 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2019-02-08 21:59 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2019-02-08 21:59 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2019-02-08 21:59 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2019-02-08 21:59 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2019-02-08 21:59 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2019-02-08 21:59 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2019-02-08 21:59 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2019-02-08 21:59 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2019-02-08 21:59 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2019-02-08 21:59 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2019-02-08 21:59 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2019-02-08 21:59 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2019-02-08 21:59 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2019-02-08 21:59 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2019-02-08 21:59 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2019-02-08 21:59 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2019-02-08 21:59 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2019-02-08 21:59 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2019-02-08 21:59 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2019-02-08 21:59 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2019-02-08 21:59 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2019-02-08 21:59 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2019-02-08 21:59 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2019-02-08 21:59 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2019-02-08 21:59 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2019-02-08 21:59 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2019-02-08 21:59 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2019-02-08 21:59 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2019-02-08 21:59 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2019-02-08 21:59 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2019-02-08 21:59 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2019-02-08 21:59 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2019-02-08 21:59 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2019-02-08 21:59 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2019-02-08 21:59 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2019-02-08 21:59 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2019-02-08 21:59 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2019-02-08 21:59 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2019-02-08 21:59 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2019-02-08 21:59 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2019-02-08 21:59 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2019-02-08 21:59 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2019-02-08 21:59 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2019-02-08 21:59 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
 
2019-02-08 21:59 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2019-02-08 21:59 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2019-02-08 21:59 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2019-02-08 21:59 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2019-02-08 21:59 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2019-02-08 21:59 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2019-02-08 21:59 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2019-02-08 21:59 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2019-02-08 21:58 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2019-02-08 21:58 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2019-02-08 21:58 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2019-02-08 21:58 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2019-02-08 21:58 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2019-02-08 21:58 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2019-02-08 21:58 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2019-02-08 21:58 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2019-02-08 21:58 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2019-02-08 21:58 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2019-02-08 21:58 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2019-02-08 21:58 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2019-02-08 21:58 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2019-02-08 21:58 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2019-02-08 21:58 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2019-02-08 21:58 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2019-02-08 21:58 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2019-02-08 21:58 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2019-02-08 21:58 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2019-02-08 21:58 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2019-02-08 21:58 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2019-02-08 21:58 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2019-02-08 21:58 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2019-02-08 21:58 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2019-02-08 21:58 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2019-02-08 21:58 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2019-02-08 21:58 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2019-02-08 21:58 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2019-02-08 21:58 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2019-02-08 21:58 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2019-02-08 21:58 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2019-02-08 21:58 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2019-02-08 21:58 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2019-02-08 21:58 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2019-02-08 21:58 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2019-02-08 21:58 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2019-02-08 21:58 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2019-02-08 21:58 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2019-02-08 21:58 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2019-02-08 21:58 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2019-02-08 21:58 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2019-02-08 21:58 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2019-02-08 21:58 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2019-02-08 21:58 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2019-02-08 21:58 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2019-02-08 21:58 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2019-02-08 21:58 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2019-02-08 21:58 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2019-02-08 21:58 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2019-02-08 21:58 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2019-02-08 21:58 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2019-02-08 21:58 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2019-02-08 21:58 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2019-02-08 21:58 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2019-02-08 21:58 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2019-02-08 21:58 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2019-02-08 21:58 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2019-02-08 21:58 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2019-02-08 21:58 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2019-02-08 21:58 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2019-02-08 21:58 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2019-02-08 21:58 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2019-02-08 21:58 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2019-02-08 21:58 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2019-02-08 21:58 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2019-02-08 21:58 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2019-02-08 21:58 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2019-02-08 21:58 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2019-02-08 21:58 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2019-02-08 21:58 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2019-02-08 21:58 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2019-02-08 21:58 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2019-02-08 21:58 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2019-02-08 21:58 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2019-02-08 21:58 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2019-02-08 21:58 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2019-02-08 21:58 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2019-02-08 21:58 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2019-02-08 21:58 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2019-02-08 21:58 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2019-02-08 21:58 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2019-02-08 21:58 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2019-02-08 21:58 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2019-02-08 21:58 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2019-02-08 21:58 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2019-02-08 21:58 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2019-02-08 21:58 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2019-02-08 21:58 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2019-02-08 21:58 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2019-02-08 21:58 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2019-02-08 21:58 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2019-02-08 21:58 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2019-02-08 21:58 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2019-02-08 21:58 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2019-02-08 21:58 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2019-02-08 21:58 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2019-02-08 21:58 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2019-02-08 21:58 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2019-02-08 21:58 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2019-02-08 21:58 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2019-02-08 21:50 - 2019-02-08 21:50 - 000000521 _____ C:\Users\Public\Desktop\Overwatch.lnk
2019-02-08 21:50 - 2019-02-08 21:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2019-02-08 20:00 - 2019-02-08 20:00 - 000001803 _____ C:\Users\abysal\Desktop\WordQ1.lnk
2019-02-08 19:58 - 2019-02-08 19:58 - 000000000 _____ C:\Users\abysal\Desktop\New Text Document.txt
2019-02-08 19:55 - 2019-02-08 20:32 - 000000000 ____D C:\Users\abysal\Documents\WordQ
2019-02-08 19:53 - 2019-02-08 19:55 - 000000000 ____D C:\Users\abysal\Downloads\runasdate
2019-02-08 19:53 - 2019-02-08 19:53 - 000037062 _____ C:\Users\abysal\Downloads\runasdate.zip
2019-02-08 19:52 - 2019-02-08 19:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordQ 4
2019-02-08 19:51 - 2019-02-08 19:56 - 000000000 ____D C:\Program Files (x86)\WordQ4
2019-02-08 19:49 - 2019-02-08 19:49 - 000000000 ____D C:\Users\abysal\Documents\Visual Studio 2015
2019-02-08 19:47 - 2019-02-09 19:59 - 000000000 ____D C:\Users\abysal\AppData\Local\D3DSCache
2019-02-08 19:40 - 2019-02-08 19:40 - 000001008 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2019-02-08 19:40 - 2019-02-08 19:40 - 000000970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2019-02-08 19:40 - 2019-02-08 19:40 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2019-02-08 19:38 - 2019-02-08 19:38 - 000000996 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin.lnk
2019-02-08 19:38 - 2019-02-08 19:38 - 000000000 ____D C:\Program Files (x86)\Origin
2019-02-08 19:37 - 2019-02-08 19:48 - 000000000 ____D C:\7200866e9ad3ae19d969ad
2019-02-08 19:37 - 2019-02-08 19:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-02-08 19:36 - 2019-02-08 19:36 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2019-02-08 19:36 - 2019-02-08 19:36 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2019-02-08 19:36 - 2019-02-08 19:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-02-08 19:34 - 2019-02-08 19:35 - 1096658944 _____ C:\Users\abysal\Downloads\WordQ4P_NA_FR.exe
2019-02-08 19:27 - 2019-02-08 19:27 - 000000000 ____D C:\ProgramData\PreEmptive Solutions
2019-02-08 19:23 - 2019-02-08 19:23 - 000000000 ____D C:\Program Files (x86)\ShellDir
2019-02-08 19:21 - 2019-02-08 19:21 - 000001063 _____ C:\Users\Public\Desktop\GPU-Z.lnk
2019-02-08 19:21 - 2019-02-08 19:21 - 000001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPU-Z.lnk
2019-02-08 19:20 - 2019-02-08 19:20 - 000001115 _____ C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2019-02-08 19:20 - 2019-02-08 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker Software
2019-02-08 19:20 - 2019-02-08 19:20 - 000000000 ____D C:\ProgramData\FileOpen
2019-02-08 19:20 - 2019-02-08 19:20 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2019-02-08 19:20 - 2019-01-28 13:05 - 002161920 _____ (Tracker Software Products (Canada) Ltd.) C:\Windows\system32\pxcpmL.dll
2019-02-08 19:19 - 2019-02-08 19:19 - 000000000 ____D C:\Program Files\Tracker Software
2019-02-08 19:11 - 2019-02-08 19:11 - 000000000 ____D C:\ProgramData\Microsoft DNX
2019-02-08 19:11 - 2019-02-08 19:11 - 000000000 ____D C:\Program Files\Microsoft DNX
2019-02-08 19:09 - 2019-02-08 19:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2019-02-08 19:09 - 2019-02-08 19:09 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2019-02-08 19:08 - 2019-02-08 21:50 - 000000000 ____D C:\Users\abysal\AppData\Local\Battle.net
2019-02-08 19:08 - 2019-02-08 19:09 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Battle.net
2019-02-08 19:08 - 2019-02-08 19:08 - 000000000 ____D C:\Users\abysal\AppData\Local\Blizzard Entertainment
2019-02-08 19:07 - 2019-02-08 19:07 - 000000932 _____ C:\Users\Public\Desktop\Battle.net.lnk
2019-02-08 19:07 - 2019-02-08 19:07 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Druide
2019-02-08 19:07 - 2019-02-08 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2019-02-08 19:07 - 2019-02-08 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antidote
2019-02-08 19:04 - 2019-02-08 19:12 - 000000000 ____D C:\Program Files (x86)\Druide
2019-02-08 19:03 - 2019-02-08 19:12 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Druide informatique inc
2019-02-08 19:03 - 2019-02-08 19:08 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-02-08 19:02 - 2019-02-08 19:02 - 000000000 ____D C:\Users\abysal\AppData\Local\Blizzard
2019-02-08 19:01 - 2019-02-08 19:01 - 000000000 ____D C:\ProgramData\Battle.net
2019-02-08 18:49 - 2019-02-08 18:49 - 000000000 ____D C:\Program Files\IIS Express
2019-02-08 18:49 - 2019-02-08 18:49 - 000000000 ____D C:\Program Files (x86)\IIS Express
2019-02-08 18:48 - 2019-02-08 18:48 - 000000000 ____D C:\Program Files (x86)\AppInsights
2019-02-08 18:47 - 2019-02-08 18:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2019-02-08 18:42 - 2019-02-08 19:08 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Playnite
2019-02-08 18:42 - 2019-02-08 18:42 - 000000000 ____D C:\ProgramData\NuGet
2019-02-08 18:42 - 2019-02-08 18:42 - 000000000 ____D C:\Program Files (x86)\NuGet
2019-02-08 18:41 - 2019-02-08 19:44 - 000000000 ____D C:\Users\abysal\AppData\Local\Playnite
2019-02-08 18:41 - 2019-02-08 18:41 - 000001134 _____ C:\Users\abysal\Desktop\Playnite.lnk
2019-02-08 18:41 - 2019-02-08 18:41 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playnite
2019-02-08 18:41 - 2019-02-08 18:41 - 000000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2019-02-08 18:40 - 2019-02-08 18:40 - 000000000 ____D C:\Program Files\IIS
2019-02-08 18:40 - 2019-02-08 18:40 - 000000000 ____D C:\Program Files (x86)\IIS
2019-02-08 18:34 - 2019-02-08 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2019-02-08 18:33 - 2019-02-08 18:33 - 000001498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2019-02-08 18:31 - 2019-02-08 18:31 - 000000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2019-02-08 18:31 - 2019-02-08 18:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2019-02-08 18:15 - 2019-02-08 19:35 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2019-02-08 18:15 - 2019-02-08 18:15 - 000000000 ____D C:\Windows\symbols
2019-02-08 18:15 - 2019-02-08 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2019-02-08 18:15 - 2019-02-08 18:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2019-02-08 18:11 - 2019-02-08 18:11 - 000002193 _____ C:\Users\Public\Desktop\TorGuard.lnk
2019-02-08 18:11 - 2019-02-08 18:11 - 000000000 ____D C:\Users\abysal\AppData\Local\VPNetworkLLC
2019-02-08 18:11 - 2019-02-08 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPNetwork LLC
2019-02-08 18:11 - 2019-02-08 18:11 - 000000000 ____D C:\Program Files (x86)\VPNetwork LLC
2019-02-08 18:11 - 2018-09-14 21:39 - 000410624 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DXCpl.exe
2019-02-08 18:11 - 2018-09-14 21:38 - 000351232 _____ (Microsoft Corporation) C:\Windows\system32\perf_gputiming.dll
2019-02-08 18:11 - 2018-09-14 20:54 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf_gputiming.dll
2019-02-08 18:11 - 2018-09-14 20:52 - 000386560 _____ (Windows (R) Win 7 DDK provider) C:\Windows\SysWOW64\DXCpl.exe
2019-02-08 18:11 - 2018-09-14 18:30 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\DxToolsReportGenerator.dll
2019-02-08 18:11 - 2018-09-14 18:04 - 000095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxToolsReportGenerator.dll
2019-02-08 18:11 - 2018-09-14 18:04 - 000091648 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsProxyStub.dll
2019-02-08 18:11 - 2018-09-14 18:03 - 001176064 _____ (Microsoft Corporation) C:\Windows\system32\DXCap.exe
2019-02-08 18:11 - 2018-09-14 18:03 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\VSD3DWARPDebug.dll
2019-02-08 18:11 - 2018-09-14 18:01 - 017761792 _____ (Microsoft Corporation) C:\Windows\system32\DXCaptureReplay.dll
2019-02-08 18:11 - 2018-09-14 18:01 - 000331264 _____ (Microsoft Corporation) C:\Windows\system32\DXGIDebug.dll
2019-02-08 18:11 - 2018-09-14 18:00 - 001366016 _____ (Microsoft Corporation) C:\Windows\system32\d3d11_3SDKLayers.dll
2019-02-08 18:11 - 2018-09-14 17:59 - 000177152 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsReporting.dll
2019-02-08 18:11 - 2018-09-14 17:58 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsCapture.dll
2019-02-08 18:11 - 2018-09-14 17:57 - 000189440 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsMonitor.dll
2019-02-08 18:11 - 2018-09-14 17:56 - 002006016 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsOfflineAnalysis.dll
2019-02-08 18:11 - 2018-09-14 17:55 - 003176448 _____ (Microsoft Corporation) C:\Windows\system32\d3d12SDKLayers.dll
2019-02-08 18:11 - 2018-09-14 17:54 - 000555008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1debug3.dll
2019-02-08 18:11 - 2018-09-14 17:52 - 005732864 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsDesktopEngine.exe
2019-02-08 18:11 - 2018-09-14 17:51 - 004850688 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsRemoteEngine.exe
2019-02-08 18:11 - 2018-09-14 17:49 - 000286208 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsExperiment.dll
2019-02-08 18:11 - 2018-09-14 17:45 - 000041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsProxyStub.dll
2019-02-08 18:11 - 2018-09-14 17:44 - 013942784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCaptureReplay.dll
2019-02-08 18:11 - 2018-09-14 17:44 - 000236544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXGIDebug.dll
2019-02-08 18:11 - 2018-09-14 17:44 - 000060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VSD3DWARPDebug.dll
2019-02-08 18:11 - 2018-09-14 17:43 - 000912896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCap.exe
2019-02-08 18:11 - 2018-09-14 17:42 - 000137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsMonitor.dll
2019-02-08 18:11 - 2018-09-14 17:40 - 000116224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsReporting.dll
2019-02-08 18:11 - 2018-09-14 17:39 - 000424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1debug3.dll
2019-02-08 18:11 - 2018-09-14 17:38 - 001089024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11_3SDKLayers.dll
2019-02-08 18:11 - 2018-09-14 17:37 - 002473984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d12SDKLayers.dll
2019-02-08 18:11 - 2018-09-14 17:37 - 000219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsExperiment.dll
2019-02-08 18:11 - 2018-09-14 17:36 - 004520960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsDesktopEngine.exe
2019-02-08 18:11 - 2018-09-14 17:36 - 001419776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsOfflineAnalysis.dll
2019-02-08 18:11 - 2018-09-14 17:35 - 003631616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsRemoteEngine.exe
2019-02-08 18:11 - 2018-09-14 17:34 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsCapture.dll
2019-02-08 18:10 - 2019-02-08 18:10 - 033885176 _____ C:\Users\abysal\Downloads\torguard-setup-latest.exe
2019-02-08 18:08 - 2019-02-08 19:44 - 000000000 ____D C:\Windows\SysWOW64\1033
 
07 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2019-02-08 18:07 - 2019-02-08 19:36 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2019-02-08 18:07 - 2019-02-08 19:36 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2019-02-08 17:55 - 2019-02-08 19:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2019-02-08 17:55 - 2019-02-08 19:23 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2019-02-08 17:55 - 2019-02-08 18:10 - 000000000 ____D C:\Windows\system32\1033
2019-02-08 17:53 - 2019-02-08 18:15 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-02-08 17:53 - 2019-02-08 17:53 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-02-08 17:48 - 2019-02-08 17:48 - 000001448 _____ C:\Users\abysal\Desktop\Tor Browser.lnk
2019-02-08 17:48 - 2019-02-08 17:48 - 000000000 ____D C:\ProgramData\VsTelemetry
2019-02-08 17:46 - 2019-02-08 17:46 - 000000914 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2019-02-08 17:46 - 2019-02-08 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2019-02-08 17:46 - 2019-02-08 17:46 - 000000000 ____D C:\Program Files\CPUID
2019-02-08 17:45 - 2019-02-08 17:45 - 000001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2019-02-08 17:45 - 2019-02-08 17:45 - 000001072 _____ C:\Users\Public\Desktop\Audacity.lnk
2019-02-08 17:45 - 2019-02-08 17:45 - 000000953 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2019-02-08 17:45 - 2019-02-08 17:45 - 000000022 _____ C:\Windows\S.dirmngr
2019-02-08 17:45 - 2019-02-08 17:45 - 000000000 ____D C:\Users\abysal\AppData\Roaming\gnupg
2019-02-08 17:45 - 2019-02-08 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2019-02-08 17:45 - 2019-02-08 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2019-02-08 17:45 - 2019-02-08 17:45 - 000000000 ____D C:\ProgramData\GNU
2019-02-08 17:45 - 2019-02-08 17:45 - 000000000 ____D C:\Program Files\TAP-Windows
2019-02-08 17:45 - 2019-02-08 17:45 - 000000000 ____D C:\Program Files\OpenVPN
2019-02-08 17:45 - 2019-02-08 17:45 - 000000000 ____D C:\Program Files (x86)\GNU
2019-02-08 17:44 - 2019-02-08 19:25 - 3908013239 _____ C:\Users\abysal\Downloads\The Matrix (1999) - 1080p FR EN x264 ac3 mHDgz.mkv
2019-02-08 17:44 - 2019-02-08 17:45 - 000000000 ____D C:\Program Files (x86)\Audacity
2019-02-08 17:42 - 2019-02-09 18:01 - 000000000 ____D C:\Users\abysal\Downloads\EaseUS Partition Master 12.10 Technician Edition + Crack [Tech-Tools.Me]
2019-02-08 17:38 - 2019-02-08 17:38 - 000001419 _____ C:\Users\abysal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UpdateInstaller.lnk
2019-02-08 17:38 - 2019-02-08 17:38 - 000001314 _____ C:\Users\abysal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UpdateGenerator.lnk
2019-02-08 17:37 - 2019-02-09 17:55 - 000000000 ____D C:\Users\abysal\Downloads\Any Video Converter Professional & Ultimate 5.9.3 Multilingual + Key [SadeemPC]
2019-02-08 17:37 - 2019-02-08 17:37 - 000002260 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2019-02-08 17:37 - 2019-02-08 17:37 - 000002219 _____ C:\Users\Public\Desktop\Chromium.lnk
2019-02-08 17:37 - 2019-02-08 17:37 - 000000000 ____D C:\Program Files (x86)\Chromium
2019-02-08 17:36 - 2019-02-09 17:47 - 000000000 ____D C:\Users\abysal\Downloads\Apowersoft Screen Recorder Pro 2.3.8 + Crack [CracksMind]
2019-02-08 17:35 - 2019-02-08 17:35 - 000001858 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2019-02-08 17:35 - 2019-02-08 17:35 - 000001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Explorer.lnk
2019-02-08 17:35 - 2019-02-08 17:35 - 000000000 ____D C:\Users\abysal\AppData\LocalLow\Adblock Plus for IE
2019-02-08 17:35 - 2019-02-08 17:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
2019-02-08 17:35 - 2019-02-08 17:35 - 000000000 ____D C:\ProgramData\Canneverbe Limited
2019-02-08 17:35 - 2019-02-08 17:35 - 000000000 ____D C:\Program Files\CDBurnerXP
2019-02-08 17:35 - 2019-02-08 17:35 - 000000000 ____D C:\Program Files\Adblock Plus for IE
2019-02-08 17:34 - 2019-02-08 17:34 - 000001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-02-08 17:34 - 2019-02-08 17:34 - 000001096 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-02-08 17:34 - 2019-02-08 17:34 - 000000000 ____D C:\Users\abysal\AppData\Roaming\TeamViewer
2019-02-08 17:34 - 2019-02-08 17:34 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-02-08 17:29 - 2019-02-08 17:29 - 000001914 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2019-02-08 17:29 - 2019-02-08 17:29 - 000000000 ____D C:\Users\abysal\AppData\LocalLow\Apple Computer
2019-02-08 17:29 - 2019-02-08 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2019-02-08 17:29 - 2019-02-08 17:29 - 000000000 ____D C:\ProgramData\Apple Computer
2019-02-08 17:29 - 2019-02-08 17:29 - 000000000 ____D C:\ProgramData\Apple
2019-02-08 17:29 - 2019-02-08 17:29 - 000000000 ____D C:\Program Files (x86)\QuickTime
2019-02-08 17:22 - 2019-02-08 17:22 - 000000000 ____D C:\ProgramData\shimgen
2019-02-08 17:21 - 2019-02-08 17:21 - 000004592 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-02-08 17:18 - 2019-02-08 17:18 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2019-02-08 17:18 - 2019-02-08 17:18 - 000000000 ____D C:\Program Files\Java
2019-02-08 17:08 - 2019-02-08 17:08 - 000000725 _____ C:\Users\abysal\Downloads\72v.zip
2019-02-08 17:07 - 2019-02-09 19:57 - 000000000 ____D C:\Users\abysal\Documents\MEGAsync Downloads
2019-02-08 17:07 - 2019-02-08 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-02-08 17:07 - 2019-02-08 17:07 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Sun
2019-02-08 17:07 - 2019-02-08 17:07 - 000000000 ____D C:\Users\abysal\AppData\LocalLow\Sun
2019-02-08 17:07 - 2019-02-08 17:06 - 000099192 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2019-02-08 17:06 - 2019-02-08 17:06 - 000000000 ____D C:\ProgramData\Oracle
2019-02-08 17:06 - 2019-02-08 17:06 - 000000000 ____D C:\Program Files (x86)\Java
2019-02-08 16:51 - 2019-02-08 17:21 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-02-08 16:51 - 2019-02-08 16:51 - 000004580 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-02-08 16:45 - 2019-02-08 16:45 - 000000000 ____D C:\Users\abysal\AppData\Roaming\NuGet
2019-02-08 16:45 - 2019-02-08 16:45 - 000000000 ____D C:\Users\abysal\AppData\Local\NuGet
2019-02-08 16:35 - 2019-02-08 19:01 - 004703728 _____ (Blizzard Entertainment) C:\Users\abysal\Downloads\Battle.net-Setup.exe
2019-02-08 16:04 - 2019-02-08 16:58 - 000000000 ____D C:\Users\abysal\Downloads\Druide Antidote 9 v5.1
2019-02-08 15:53 - 2019-02-09 19:26 - 000000000 ____D C:\Users\abysal\AppData\Roaming\FileZilla
2019-02-08 15:53 - 2019-02-08 15:57 - 000000000 ____D C:\Users\abysal\AppData\Local\FileZilla
2019-02-08 15:47 - 2019-02-08 15:50 - 000000000 ___RD C:\Users\abysal\Dropbox
2019-02-08 15:41 - 2019-02-09 19:00 - 000000000 ___RD C:\Users\abysal\Documents\MEGAsync
2019-02-08 15:40 - 2019-02-08 15:40 - 000001124 _____ C:\Users\abysal\Desktop\MEGAsync.lnk
2019-02-08 15:40 - 2019-02-08 15:40 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2019-02-08 15:40 - 2019-02-08 15:40 - 000000000 ____D C:\Users\abysal\AppData\Local\MEGAsync
2019-02-08 15:40 - 2019-02-08 15:40 - 000000000 ____D C:\Users\abysal\AppData\Local\Mega Limited
2019-02-08 15:28 - 2019-02-08 15:38 - 000000000 ____D C:\Users\abysal\AppData\Local\Turbo
2019-02-08 15:28 - 2019-02-08 15:28 - 000000000 ___DL C:\Users\abysal\AppData\Local\Spoon
2019-02-08 15:28 - 2019-02-08 15:28 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbo.net
2019-02-08 15:27 - 2019-02-08 15:28 - 109376200 _____ (Code Systems Corporation) C:\Users\abysal\Downloads\turbo-client-19.1.1887.0.exe
2019-02-07 21:22 - 2019-02-07 18:24 - 000000000 ____D C:\Windows\Panther
2019-02-07 19:54 - 2019-02-07 19:54 - 002338023 _____ C:\Users\abysal\Downloads\Untitzzzzzzzzzaaaaaaaaled.jpeg
2019-02-07 19:45 - 2019-02-07 19:45 - 000003192 _____ C:\Windows\System32\Tasks\RTKCPL
2019-02-07 19:44 - 2019-02-07 19:44 - 000000000 ____D C:\ProgramData\Audyssey Labs
2019-02-07 19:44 - 2019-02-07 19:44 - 000000000 ____D C:\Program Files\Realtek
2019-02-07 19:43 - 2017-01-11 11:38 - 072520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2019-02-07 19:43 - 2017-01-11 11:38 - 009124224 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2019-02-07 19:43 - 2017-01-11 11:38 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2019-02-07 19:43 - 2017-01-11 11:38 - 005545472 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2019-02-07 19:43 - 2017-01-11 11:38 - 003503048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 003410832 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 003203584 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 003203424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 003122656 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 003014144 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2019-02-07 19:43 - 2017-01-11 11:38 - 002110592 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 001382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 001353824 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000984912 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000965024 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000962128 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000873464 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000689880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000601144 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000258864 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000231912 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000221968 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000209536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000158696 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000090912 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000088320 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000075536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2019-02-07 19:43 - 2017-01-11 11:38 - 000023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 007172912 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 005593608 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 002201600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 002050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 001334376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 001213656 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 001166152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 000999848 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 000923736 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 000678176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 000677672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 000618184 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 000447720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 000330560 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 000151784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 000134200 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2019-02-07 19:42 - 2017-01-11 11:38 - 000084616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 007096184 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 003302272 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 002993720 _____ (Audyssey Labs) C:\Windows\system32\AudysseyEfx.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 001965808 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 001780616 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 001591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 001508928 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000743960 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000727432 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000574752 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000514520 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000504304 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000500552 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000445400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000441264 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000428224 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000327448 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000272712 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000253896 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000253864 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000252872 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000118592 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000118592 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2019-02-07 19:42 - 2017-01-11 11:37 - 000105304 _____ C:\Windows\system32\audioLibVc.dll
2019-02-07 19:42 - 2016-09-22 14:55 - 002839520 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2019-02-07 19:40 - 2019-02-07 19:45 - 000000000 ___HD C:\Program Files (x86)\Temp
2019-02-07 19:38 - 2019-01-20 14:24 - 001137928 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2019-02-07 19:38 - 2018-09-14 18:05 - 006238208 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons000c.dll
2019-02-07 19:38 - 2018-09-14 17:56 - 002344448 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000c.dll
2019-02-07 19:38 - 2018-09-14 17:38 - 002273280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsData000c.dll
2019-02-07 19:37 - 2019-02-07 19:42 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-02-07 19:37 - 2019-02-07 19:40 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-02-07 19:37 - 2019-02-07 19:37 - 000815420 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-02-07 19:37 - 2019-02-07 19:37 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-02-07 19:37 - 2019-02-07 19:37 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Intel Corporation
2019-02-07 19:37 - 2016-07-13 20:40 - 009891328 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2019-02-07 19:35 - 2019-02-07 19:35 - 000003800 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2019-02-07 19:35 - 2019-02-07 19:35 - 000000000 ____D C:\Users\abysal\Intel
2019-02-07 19:29 - 2019-02-07 19:51 - 000003834 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-02-07 19:25 - 2019-02-07 19:25 - 000000000 ____D C:\Users\abysal\AppData\Local\CEF
2019-02-07 19:24 - 2019-02-07 19:25 - 000000000 ____D C:\Users\abysal\AppData\Local\Steam
2019-02-07 19:23 - 2019-02-07 19:23 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Greenshot
2019-02-07 19:23 - 2019-02-07 19:23 - 000000000 ____D C:\Users\abysal\AppData\Local\Greenshot
2019-02-07 19:21 - 2019-02-08 19:49 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-07 19:21 - 2019-02-07 19:35 - 000000000 ____D C:\ProgramData\Intel
2019-02-07 19:21 - 2019-02-07 19:21 - 015341312 _____ (Intel) C:\Users\abysal\Downloads\Intel Driver and Support Assistant Installer.exe
2019-02-07 19:21 - 2019-02-07 19:21 - 000003762 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-02-07 19:21 - 2019-02-07 19:21 - 000003528 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-02-07 19:21 - 2019-02-07 19:21 - 000002678 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2019-02-07 19:21 - 2019-02-07 19:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2019-02-07 19:21 - 2019-02-07 19:21 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2019-02-07 19:21 - 2018-12-19 19:01 - 000043008 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2019-02-07 19:12 - 2019-02-07 19:12 - 001624440 _____ (Tous Les Drivers) C:\Users\abysal\Downloads\Mes_Drivers_3.0.4.exe
2019-02-07 19:11 - 2019-02-07 19:08 - 000592616 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-02-07 19:08 - 2019-02-07 19:10 - 000000000 ____D C:\Windows\system32\MRT
2019-02-07 19:08 - 2019-02-07 19:08 - 132790320 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-02-07 19:06 - 2019-02-07 19:06 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-02-07 19:06 - 2019-02-07 19:06 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-02-07 19:06 - 2019-02-07 19:06 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-02-07 19:06 - 2019-02-07 19:06 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-02-07 19:06 - 2019-02-07 19:06 - 000000000 ____D C:\Users\abysal\Downloads\wumt
2019-02-07 19:06 - 2019-02-07 19:06 - 000000000 ____D C:\Users\abysal\AppData\Roaming\WinRAR
2019-02-07 19:06 - 2019-02-07 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-02-07 19:05 - 2019-02-07 19:05 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2019-02-07 19:04 - 2019-02-08 17:22 - 000000000 ____D C:\ProgramData\chocolatey
2019-02-07 19:01 - 2019-02-07 19:06 - 000000000 ____D C:\Program Files\Microsoft Office
2019-02-07 19:01 - 2019-02-07 19:01 - 000000000 ____D C:\Program Files\Microsoft Office 15
2019-02-07 19:00 - 2019-02-07 19:00 - 035365720 _____ (Ratiborus) C:\Users\abysal\Downloads\KMSTools.exe
2019-02-07 18:59 - 2019-02-09 19:53 - 000003656 _____ C:\Windows\System32\Tasks\AutoKMS
2019-02-07 18:59 - 2019-02-07 19:23 - 000000000 ____D C:\Windows\AutoKMS
2019-02-07 18:59 - 2019-02-07 19:12 - 000000000 ____D C:\Windows\KMSServerService
2019-02-07 18:58 - 2019-02-07 18:58 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2019-02-07 18:55 - 2019-02-09 19:58 - 000000000 ____D C:\Users\abysal\AppData\LocalLow\Mozilla
2019-02-07 18:55 - 2019-02-09 15:41 - 000000000 ____D C:\Users\abysal\AppData\Local\Mozilla
2019-02-07 18:55 - 2019-02-07 18:55 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Mozilla
2019-02-07 18:54 - 2019-02-07 18:54 - 000002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2019-02-07 18:54 - 2019-02-07 18:54 - 000002283 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2019-02-07 18:54 - 2019-02-07 18:54 - 000000944 _____ C:\Users\Public\Desktop\GIMP 2.10.8.lnk
2019-02-07 18:54 - 2019-02-07 18:54 - 000000944 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.8.lnk
2019-02-07 18:53 - 2019-02-07 18:53 - 000000000 ____D C:\Users\abysal\AppData\Local\Google
2019-02-07 18:53 - 2019-02-07 18:53 - 000000000 ____D C:\Program Files\GIMP 2
2019-02-07 18:53 - 2019-02-07 18:52 - 000001327 _____ C:\Users\abysal\Desktop\Dropbox.lnk
2019-02-07 18:52 - 2019-02-09 19:45 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Spotify
2019-02-07 18:52 - 2019-02-08 20:02 - 000000000 ____D C:\Users\abysal\AppData\Local\Spotify
2019-02-07 18:52 - 2019-02-08 15:47 - 000000000 ____D C:\Users\abysal\AppData\Local\Dropbox
2019-02-07 18:52 - 2019-02-07 19:22 - 000000940 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-02-07 18:52 - 2019-02-07 19:22 - 000000936 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-02-07 18:52 - 2019-02-07 18:53 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-02-07 18:52 - 2019-02-07 18:52 - 000004000 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2019-02-07 18:52 - 2019-02-07 18:52 - 000003768 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2019-02-07 18:52 - 2019-02-07 18:52 - 000001855 _____ C:\Users\abysal\Desktop\Spotify.lnk
2019-02-07 18:52 - 2019-02-07 18:52 - 000001841 _____ C:\Users\abysal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2019-02-07 18:52 - 2019-02-07 18:52 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Dropbox
2019-02-07 18:52 - 2019-02-07 18:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-02-07 18:52 - 2019-02-07 18:52 - 000000000 ____D C:\ProgramData\Dropbox
2019-02-07 18:51 - 2019-02-09 19:15 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Discord
2019-02-07 18:51 - 2019-02-07 18:51 - 000002234 _____ C:\Users\abysal\Desktop\Discord.lnk
2019-02-07 18:51 - 2019-02-07 18:51 - 000001274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2019-02-07 18:51 - 2019-02-07 18:51 - 000001262 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2019-02-07 18:51 - 2019-02-07 18:51 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-02-07 18:51 - 2019-02-07 18:51 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-02-07 18:51 - 2019-02-07 18:51 - 000000000 ____D C:\Users\abysal\AppData\Local\SquirrelTemp
2019-02-07 18:51 - 2019-02-07 18:51 - 000000000 ____D C:\Users\abysal\AppData\Local\Discord
2019-02-07 18:51 - 2019-02-07 18:51 - 000000000 ____D C:\ProgramData\SquirrelMachineInstalls
2019-02-07 18:51 - 2019-02-07 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-02-07 18:51 - 2019-02-07 18:51 - 000000000 ____D C:\Program Files\VideoLAN
2019-02-07 18:50 - 2019-02-07 18:50 - 000001942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2019-02-07 18:50 - 2019-02-07 18:50 - 000001930 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2019-02-07 18:50 - 2019-02-07 18:50 - 000001106 _____ C:\Users\Public\Desktop\WinRAR.lnk
2019-02-07 18:50 - 2019-02-07 18:50 - 000001096 _____ C:\Users\Public\Desktop\Notepad++.lnk
2019-02-07 18:50 - 2019-02-07 18:50 - 000001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2019-02-07 18:50 - 2019-02-07 18:50 - 000001053 _____ C:\Users\Public\Desktop\FileZilla.lnk
2019-02-07 18:50 - 2019-02-07 18:50 - 000001019 _____ C:\Users\Public\Desktop\PuTTY.lnk
2019-02-07 18:50 - 2019-02-07 18:50 - 000000907 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2019-02-07 18:50 - 2019-02-07 18:50 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Notepad++
2019-02-07 18:50 - 2019-02-07 18:50 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-07 18:50 - 2019-02-07 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-07 18:50 - 2019-02-07 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2019-02-07 18:50 - 2019-02-07 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2019-02-07 18:50 - 2019-02-07 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2019-02-07 18:50 - 2019-02-07 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2019-02-07 18:50 - 2019-02-07 18:50 - 000000000 ____D C:\Program Files\WinRAR
2019-02-07 18:50 - 2019-02-07 18:50 - 000000000 ____D C:\Program Files\qBittorrent
2019-02-07 18:50 - 2019-02-07 18:50 - 000000000 ____D C:\Program Files\PuTTY
2019-02-07 18:50 - 2019-02-07 18:50 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2019-02-07 18:50 - 2019-02-07 18:50 - 000000000 ____D C:\Program Files (x86)\Notepad++
2019-02-07 18:50 - 2019-02-07 18:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-02-07 18:50 - 2019-02-07 18:50 - 000000000 ____D C:\Program Files (x86)\ImgBurn
2019-02-07 18:50 - 2019-02-07 18:49 - 000000883 _____ C:\Users\Public\Desktop\Greenshot.lnk
2019-02-07 18:49 - 2019-02-09 19:26 - 000000000 ____D C:\Program Files (x86)\Steam
2019-02-07 18:49 - 2019-02-09 19:24 - 000000000 ____D C:\ProgramData\Adobe
2019-02-07 18:49 - 2019-02-09 19:20 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-02-07 18:49 - 2019-02-09 19:03 - 000000000 ____D C:\Users\abysal\AppData\Local\Adobe
2019-02-07 18:49 - 2019-02-07 18:54 - 000000000 ____D C:\Program Files (x86)\Google
2019-02-07 18:49 - 2019-02-07 18:50 - 000000000 ____D C:\Program Files\Greenshot
2019-02-07 18:49 - 2019-02-07 18:49 - 000003418 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-07 18:49 - 2019-02-07 18:49 - 000003294 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-07 18:49 - 2019-02-07 18:49 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-07 18:49 - 2019-02-07 18:49 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-07 18:49 - 2019-02-07 18:49 - 000001028 _____ C:\Users\Public\Desktop\Steam.lnk
2019-02-07 18:49 - 2019-02-07 18:49 - 000000000 ____D C:\Windows\SysWOW64\Adobe
2019-02-07 18:49 - 2019-02-07 18:49 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2019-02-07 18:49 - 2019-02-07 18:49 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2019-02-07 18:49 - 2019-02-07 18:49 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Macromedia
2019-02-07 18:49 - 2019-02-07 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2019-02-07 18:49 - 2019-02-07 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
2019-02-07 18:49 - 2019-02-07 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-02-07 18:49 - 2019-02-07 18:49 - 000000000 ____D C:\Program Files\7-Zip
2019-02-07 18:48 - 2019-02-08 17:44 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-07 18:48 - 2019-02-08 17:44 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-02-07 18:48 - 2019-02-08 17:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-02-07 18:48 - 2019-02-08 17:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-07 18:48 - 2019-02-07 19:52 - 000000000 ____D C:\Program Files\Opera
2019-02-07 18:48 - 2019-02-07 18:55 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-07 18:48 - 2019-02-07 18:48 - 000003950 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1549583324
2019-02-07 18:48 - 2019-02-07 18:48 - 000001187 _____ C:\Users\Public\Desktop\Opera Browser.lnk
2019-02-07 18:48 - 2019-02-07 18:48 - 000001187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-02-07 18:48 - 2019-02-07 18:48 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Opera Software
2019-02-07 18:47 - 2019-02-07 18:49 - 000000000 ____D C:\ProgramData\Packages
2019-02-07 18:42 - 2019-02-07 18:42 - 000000000 ____D C:\Users\abysal\AppData\Local\Comms
2019-02-07 18:41 - 2019-02-07 18:41 - 000000000 ____D C:\Temp
2019-02-07 18:39 - 2019-02-07 18:39 - 000000000 ____D C:\Program Files\Common Files\Atheros
2019-02-07 18:38 - 2019-02-07 19:45 - 000001527 _____ C:\Windows\system32\Drivers\rtkhdasetting.zip
2019-02-07 18:38 - 2019-02-07 18:38 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2019-02-07 18:38 - 2019-02-07 18:38 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2019-02-07 18:38 - 2019-02-07 18:38 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2019-02-07 18:38 - 2019-02-07 18:38 - 000000000 ____D C:\Program Files\Synaptics
2019-02-07 18:38 - 2018-03-29 00:27 - 000054792 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2019-02-07 18:37 - 2019-02-07 19:44 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2019-02-07 18:36 - 2019-02-07 18:36 - 000033925 _____ C:\Users\abysal\Downloads\Windows10Debloater-master.zip
2019-02-07 18:36 - 2019-02-07 18:36 - 000000000 ____D C:\Users\abysal\Downloads\Windows10Debloater-master
2019-02-07 18:35 - 2019-02-07 19:35 - 000000000 ____D C:\Program Files (x86)\Intel
2019-02-07 18:35 - 2018-04-17 23:04 - 000103904 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2019-02-07 18:35 - 2018-04-17 23:04 - 000099808 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2019-02-07 18:34 - 2019-02-07 19:46 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-02-07 18:34 - 2019-02-07 19:46 - 000000000 __SHD C:\Users\abysal\IntelGraphicsProfiles
2019-02-07 18:34 - 2019-02-07 19:37 - 000000000 ____D C:\Program Files\Intel
2019-02-07 18:34 - 2019-02-07 18:52 - 000000000 ____D C:\Users\abysal\AppData\Local\PlaceholderTileLogoFolder
2019-02-07 18:34 - 2019-02-07 18:34 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2019-02-07 18:34 - 2019-02-07 18:34 - 000000000 ____D C:\Intel
2019-02-07 18:34 - 2019-02-07 18:34 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2019-02-07 18:32 - 2019-02-07 18:32 - 000000000 ____D C:\Windows\SysWOW64\sda
2019-02-07 18:31 - 2019-02-07 18:31 - 000001446 _____ C:\Users\abysal\Desktop\Microsoft Edge.lnk
2019-02-07 18:31 - 2019-02-07 18:31 - 000000000 ___HD C:\Users\abysal\MicrosoftEdgeBackups
2019-02-07 18:31 - 2019-02-07 18:31 - 000000000 ____D C:\Users\abysal\AppData\Local\MicrosoftEdge
2019-02-07 18:30 - 2019-02-09 19:24 - 000000000 ____D C:\Users\abysal\AppData\Roaming\Adobe
2019-02-07 18:30 - 2019-02-07 19:11 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-02-07 18:30 - 2019-02-07 18:52 - 000000000 ____D C:\Users\abysal\AppData\Local\Packages
2019-02-07 18:30 - 2019-02-07 18:30 - 000000000 ___RD C:\Users\abysal\3D Objects
2019-02-07 18:30 - 2019-02-07 18:30 - 000000000 ____D C:\Users\abysal\AppData\Local\VirtualStore
2019-02-07 18:30 - 2019-02-07 18:30 - 000000000 ____D C:\Users\abysal\AppData\Local\Publishers
2019-02-07 18:29 - 2019-02-08 15:47 - 000000000 ____D C:\Users\abysal
2019-02-07 18:29 - 2019-02-07 19:23 - 000000000 ____D C:\Users\abysal\AppData\Local\ConnectedDevicesPlatform
2019-02-07 18:29 - 2019-02-07 18:29 - 000000020 ___SH C:\Users\abysal\ntuser.ini
2019-02-07 18:29 - 2019-02-07 18:29 - 000000000 ____D C:\ProgramData\USOShared
2019-02-07 18:28 - 2019-02-09 15:36 - 000848478 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-07 18:26 - 2018-09-15 02:28 - 002864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2019-02-07 18:25 - 2019-02-07 18:25 - 000000000 _SHDL C:\Documents and Settings
2019-02-07 18:22 - 2019-02-08 21:02 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-02-07 18:22 - 2019-02-07 19:46 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-07 18:22 - 2019-02-07 19:22 - 000438136 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-07 18:22 - 2019-02-07 19:18 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-02-07 18:22 - 2019-02-07 18:22 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-02-07 18:22 - 2019-02-07 18:22 - 000000000 ____D C:\Windows\ServiceProfiles
2019-02-05 08:15 - 2019-02-05 08:15 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-02-05 08:15 - 2019-02-05 08:15 - 000047800 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-02-05 08:15 - 2019-02-05 08:15 - 000047800 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-02-05 08:15 - 2019-02-05 08:15 - 000047800 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-01-24 20:01 - 2019-01-24 20:01 - 000829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2019-01-24 20:01 - 2019-01-24 20:01 - 000608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-09 19:21 - 2018-09-15 02:31 - 000000000 ____D C:\Windows\INF
2019-02-09 18:47 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-09 15:56 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-02-08 21:39 - 2018-09-15 02:23 - 000000000 ____D C:\Windows\CbsTemp
2019-02-08 20:12 - 2018-09-15 01:09 - 000000000 ____D C:\Windows\servicing
2019-02-08 20:07 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\AppReadiness
2019-02-08 19:55 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\SysWOW64\setup
2019-02-08 19:50 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\Registration
2019-02-08 19:29 - 2018-09-15 02:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-02-08 17:21 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-02-08 17:21 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\system32\Macromed
2019-02-08 15:11 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\appcompat
2019-02-07 21:21 - 2018-09-15 02:31 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-02-07 19:45 - 2018-09-15 01:09 - 000262144 _____ C:\Windows\system32\config\BBI
2019-02-07 19:38 - 2018-09-15 04:10 - 000000000 ____D C:\Windows\OCR
2019-02-07 19:33 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-07 19:18 - 2018-09-15 02:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-07 18:29 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2019-02-07 18:29 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\USOPrivate
2019-02-07 18:26 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\system32\spool
2019-02-07 18:23 - 2018-09-15 02:33 - 000000000 ___RD C:\Windows\PrintDialog
2019-02-07 18:23 - 2018-09-15 02:33 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2019-02-07 18:23 - 2018-09-15 01:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-02-07 18:22 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\ServiceState

Some files in TEMP:
====================
2019-02-08 19:55 - 2019-02-08 20:32 - 000004096 _____ () C:\Users\abysal\AppData\Local\Temp\dateinj01.dll
2019-02-07 18:59 - 2019-02-07 18:59 - 001037720 _____ (Microsoft Corporation) C:\Users\abysal\AppData\Local\Temp\PidGenX.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by abysal (09-02-2019 20:01:35)
Running from C:\Users\abysal\Documents\MEGAsync Downloads
Windows 10 Home Version 1809 17763.253 (X64) (2019-02-07 23:25:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

abysal (S-1-5-21-66705881-2455800333-246836714-1001 - Administrator - Enabled) => C:\Users\abysal
Administrator (S-1-5-21-66705881-2455800333-246836714-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-66705881-2455800333-246836714-503 - Limited - Disabled)
Guest (S-1-5-21-66705881-2455800333-246836714-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-66705881-2455800333-246836714-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{E267C808-4C22-457E-B74B-50EAB4AD9030}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{9486AD8F-39F4-470B-92FD-BC423ABAEC43}) (Version: 19.1.4.5 - Intel) Hidden
7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
Acapela Synthèse de la Parole pour le WordQ 4 (français) (HKLM-x32\...\{F0ADA798-6CB1-49FB-A2D3-060FFA25D60E}) (Version: 9.1.1 - Quillsoft Ltd.)
Acapela Text to Speech for WordQ 4 (Core) (HKLM-x32\...\{EE2AA629-F3EC-412E-8A14-5DD9BAD490D2}) (Version: 9.1.1 - Quillsoft)
Acapela Text to Speech for WordQ 4(North America) (HKLM-x32\...\{1D08C682-F619-4E89-8291-1C13A346DAD9}) (Version: 9.1.1 - Quillsoft Ltd.)
Acapela Text-to-Speech for WordQ 4(Canadian French) (HKLM-x32\...\{98B997C5-8A5C-4EB2-B8DE-7CBAAAFAF2A0}) (Version: 9.1.1 - Quillsoft Ltd.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.89 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\{AAA1427A-797B-4352-9E2B-2B2295529C90}) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\{E80E5B60-A240-4E09-B901-8D55A0C193EC}) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Antidote 9 (HKLM-x32\...\{D98F9F54-E310-4F57-93F5-0F42EFAA3847}) (Version: 9.5.3407 - Druide informatique inc.)
Any Video Converter Ultimate 5.9.3 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
Apowersoft Screen Recorder Pro V2.3.8 (HKLM-x32\...\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1) (Version: 2.3.8 - APOWERSOFT LIMITED)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{9F429DF7-F8DD-4980-9673-E6DACA012F6C}) (Version: 3.3 - Microsoft Corporation) Hidden
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
CDBurnerXP (64 bit) (HKLM\...\{34046EC0-466B-481D-A2BA-D0DD7974F9E0}) (Version: 4.5.8.7041 - Canneverbe Limited)
Chromium (HKLM-x32\...\Chromium) (Version: 72.0.3626.96 - The Chromium Authors) <==== ATTENTION
CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.)
Discord (HKU\S-1-5-21-66705881-2455800333-246836714-1001\...\Discord) (Version: 0.0.304 - Discord Inc.)
Dotfuscator and Analytics Community Edition 5.18.1 (HKLM-x32\...\{9890DF1A-10E9-4236-94B1-1EFAA4099F13}) (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 66.4.84 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Dxtory version 2.0.142 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.142 - ExKode Co. Ltd.)
EaseUS Partition Master 12.10 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS)
Entity Framework 6.1.3 Tools for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
FileZilla Client 3.40.0 (HKLM-x32\...\FileZilla Client) (Version: 3.40.0 - Tim Kosse)
GIMP 2.10.8 (HKLM\...\GIMP-2_is1) (Version: 2.10.8 - The GIMP Team)
Google Chrome (HKLM\...\{51BAF2DB-F22D-3A9D-947C-F78F0BF6ECFA}) (Version: 72.0.3626.96 - Google LLC)
Google Earth Pro (HKLM-x32\...\{402FF39A-CF32-42F6-B480-BAF2B1B0096B}) (Version: 7.3.2.5495 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Gpg4win (2.3.4) (HKLM-x32\...\GPG4Win) (Version: 2.3.4 - The Gpg4win Project)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1058 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4963 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.16.1063 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.139.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{fd62de85-bda9-4280-a95b-fa2f86e0dc58}) (Version: 1.48.139.0 - Intel Corporation) Hidden
Intel® Driver & Support Assistant (HKLM-x32\...\{b0134461-205a-4d62-bbdc-1fcabdd02645}) (Version: 19.1.4.5 - Intel)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
King of the Hat (HKU\S-1-5-21-66705881-2455800333-246836714-1001\...\460940655984771072) (Version: - )
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Office Professionnel Plus 2016 - fr-fr (HKLM\...\ProplusRetail - fr-fr) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27024 (HKLM-x32\...\{5fb2083a-f3cc-4b78-93ff-bd9788b5de01}) (Version: 14.16.27024.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{4f075c79-8ee3-4c85-9408-828736d1f7f3}) (Version: 14.0.23107.178 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Mozilla Firefox 60.5.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 60.5.0 ESR (x64 en-US)) (Version: 60.5.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.5.0 - Mozilla)
Mozilla Thunderbird 60.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.5.0 (x86 en-US)) (Version: 60.5.0 - Mozilla)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.6.3 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040C-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
OpenVPN 2.4.6-I601 (HKLM\...\OpenVPN) (Version: 2.4.6-I601 - OpenVPN Technologies, Inc.)
Opera Stable 58.0.3135.53 (HKLM-x32\...\Opera 58.0.3135.53) (Version: 58.0.3135.53 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.34.21025 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PDF-XChange Editor (HKLM\...\{A92947C7-3157-4E71-9EF9-A4296E9DB977}) (Version: 7.0.328.2 - Tracker Software Products (Canada) Ltd.)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Playnite (HKLM-x32\...\Playnite_is1) (Version: 4.71 - Josef Nemec)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.17134.29096 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.32.1206.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SpeakQ 4 (HKLM-x32\...\{FBD8FBC5-EC77-4CA9-9B77-6AE6C36FE997}) (Version: 4.1.16 - Quillsoft Ltd.)
Spotify (HKU\S-1-5-21-66705881-2455800333-246836714-1001\...\Spotify) (Version: 1.0.99.250.g936eab8d - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.182 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ${PRODUCT_PUBLISHER})
Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (HKLM-x32\...\{C0402801-37B7-30B1-A678-AE3E73E4C4F6}) (Version: 14.98.25331 - Microsoft) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.2.3 - TeamSpeak Systems GmbH)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.9025 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Turbo.net Sandbox Manager 19.1 (HKU\S-1-5-21-66705881-2455800333-246836714-1001\...\{8248212A-01F7-4BF1-A4FD-BA0A965198B4}) (Version: 19.1.1887.0 - Code Systems Corporation)
TurboLauncher (HKU\S-1-5-21-66705881-2455800333-246836714-1001\...\TurboLauncher) (Version: 19.1.1887.0 - Code Systems Corporation)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
Visuel intégré (HKLM-x32\...\{91257374-4FAA-4FF3-B3BC-C17521EBA169}) (Version: 1.0 - Druide informatique inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
VPNetwork LLC - TorGuard - Online Privacy Protection Services (HKLM-x32\...\VPNetwork LLC TorGuard) (Version: "3.92.0" - "VPNetwork LLC")
VS Update core components (HKLM-x32\...\{579B7F13-BCE2-3FCC-9273-40DC54D0B281}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
WordQ 4 (HKLM-x32\...\{40042175-CB48-4D51-8BAF-D66BAE867676}) (Version: 4.1.16 - Quillsoft Ltd.)
WordQ Pro CF Templates (HKLM-x32\...\{9E88CEC9-9160-417C-8647-C98D261E803B}) (Version: 4.1.1 - Quillsoft Ltd.)
WordQ4 Pro CF Dictionary (HKLM-x32\...\{AFEF30D7-DA5D-4D57-A72C-B64E5F9CD26E}) (Version: 4.1.1 - Quillsoft Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-66705881-2455800333-246836714-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\abysal\AppData\Local\Microsoft\OneDrive\18.240.1202.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-66705881-2455800333-246836714-1001_Classes\CLSID\{3D58DDEA-561E-45BA-AA6A-0AB04BCD9FAD}\InprocServer32 -> C:\Users\abysal\AppData\Local\Turbo\19.1.1887.0\Turbo-Plugin-x64.dll (Code Systems Corporation -> Code Systems Corporation)
CustomCLSID: HKU\S-1-5-21-66705881-2455800333-246836714-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\abysal\AppData\Local\Microsoft\OneDrive\18.240.1202.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-66705881-2455800333-246836714-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\abysal\AppData\Local\Microsoft\OneDrive\18.240.1202.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-66705881-2455800333-246836714-1001_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8E}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\AgentAntidote.exe (Druide Informatique Inc. -> Druide informatique inc.)
CustomCLSID: HKU\S-1-5-21-66705881-2455800333-246836714-1001_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8F}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\Antidote.exe (Druide Informatique Inc. -> Druide informatique inc.)
CustomCLSID: HKU\S-1-5-21-66705881-2455800333-246836714-1001_Classes\CLSID\{AD630E0F-BF29-4791-AD3B-A289E884E37C}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\Antidote.exe (Druide Informatique Inc. -> Druide informatique inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\abysal\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\abysal\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\abysal\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\abysal\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\abysal\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\abysal\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\abysal\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2019-01-28] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\abysal\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\abysal\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\abysal\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2018-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0146E767-BEA8-4B12-8837-F32B8DA3D87C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {021ED0D0-BA03-43AC-9ACF-DF2BB974547B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-02-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {02D5CE69-A4FD-4BB3-BDF1-11DC57FAC66B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2019-02-07] (Dropbox, Inc -> Dropbox, Inc.)
Task: {02F47775-53E6-4499-AD50-426562C8A176} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {16A00734-43D6-4AEE-A08A-B3C58C49E328} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {1E547F1D-51C3-492E-9D53-C9184F4DFCE6} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [2017-11-08] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {2E9EC8DB-DEBD-445A-BFEF-9E88393A0F37} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {3180C67D-DC72-4899-A450-44D14E4DDDE0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {455A8C87-143D-48F4-9FEE-9EF5874AE943} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-02-07] (Google Inc -> Google Inc.)
Task: {4631E82A-48DC-4115-9E89-542B08C5D7E8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {4AFE5999-DBD8-41B3-BDDA-260306E7083A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {597FF298-82FC-4ADA-BD59-3D7B78183CE3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {66B48582-75DC-468C-B2DD-64B468A633FC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {66E813E3-7A26-48EA-866E-036794AEF39B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2017-01-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {741886C7-9382-4D19-8E8D-C72DD17496ED} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {7DD9277B-14B6-4296-88D0-799C4432AE00} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2019-02-07] (Dropbox, Inc -> Dropbox, Inc.)
Task: {84828EBC-996A-4D1D-919F-1B2CCC571A4D} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {84F35CFE-C622-4654-A0A1-84A782CB0A97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-02-07] (Google Inc -> Google Inc.)
Task: {9B1F052D-2EF4-4482-A31B-915EBEB8614D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0ABDD30-F398-4E5B-9E34-8F3ABF053F32} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {A3927F96-674A-41E8-AB73-4327A6458350} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {A589333D-34D9-4008-B0CE-3AFB3137AF26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-02-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {AE6A6F34-6128-42E7-84B4-4A8BE187F603} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {C22E40C8-03FC-40AA-B14D-ECD5862BC662} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2019-02-07] () [File not signed]
Task: {C8CF74AF-E164-481A-9C0E-D51356A9F933} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {CC96AE47-72F9-437F-84E4-F6C1D3B02452} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe [2019-02-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {D2730F19-FE40-4CB1-AA43-824C361B26EC} - System32\Tasks\Dxstory\Dxstory => C:\Program Files (x86)\ExKode\Dxtory2.0\Dxtory.exe [2017-04-08] (ExKode Co.Ltd. -> ExKode Co. Ltd.)
Task: {E855D2BC-2B50-47CD-99B7-3BA9ACADEE56} - System32\Tasks\Opera scheduled Autoupdate 1549583324 => C:\Program Files\Opera\launcher.exe [2019-01-30] (Opera Software AS -> Opera Software)
Task: {FC8F82B0-0E18-4FFC-AE46-883791F8A24D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-19 19:01 - 2018-12-19 19:01 - 000195832 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
2018-09-15 02:28 - 2018-09-15 02:28 - 000834088 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-04-17 23:03 - 2018-04-17 23:03 - 000401872 _____ () C:\Windows\system32\igfxTray.exe
2019-01-25 08:34 - 2019-01-25 08:34 - 000054440 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000937208 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
2018-12-19 19:01 - 2018-12-19 19:01 - 002329336 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000282360 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000578296 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000616696 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000267000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000323832 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000978680 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000243960 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_winstat_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000750840 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_upnp_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000411384 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000558840 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sgx_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000636152 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000303864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000778488 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000863480 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
2018-12-19 19:01 - 2018-12-19 19:01 - 000312568 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000555768 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_events_input.dll
2018-12-19 19:01 - 2018-12-19 19:01 - 000636152 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll
2019-02-07 18:47 - 2019-02-07 18:47 - 000282624 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2019-02-07 18:47 - 2019-02-07 18:47 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-18 16:51 - 2017-10-18 16:51 - 000598528 _____ () C:\Users\abysal\AppData\Local\MEGAsync\ShellExtX64.dll
2018-09-15 02:28 - 2018-09-15 02:28 - 000474624 _____ () C:\Windows\ShellExperiences\TileControl.dll
2019-01-07 20:05 - 2019-01-07 20:05 - 002801152 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-27 12:48 - 2019-01-27 12:48 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2019-02-07 18:47 - 2019-02-07 18:49 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-02-07 18:47 - 2019-02-07 18:49 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2019-02-07 18:47 - 2019-02-07 18:49 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-02-07 18:47 - 2019-02-07 18:48 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-02-07 18:47 - 2019-02-07 18:49 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-02-07 18:47 - 2019-02-07 18:49 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-02-07 18:47 - 2019-02-07 18:48 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2019-02-07 18:47 - 2019-02-07 18:49 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-09-15 04:15 - 2018-09-15 04:15 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-07 18:47 - 2019-02-07 18:49 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\SKU.dll
2017-07-06 07:46 - 2017-07-06 07:46 - 000216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-10-21 20:49 - 2015-10-21 20:49 - 000087368 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\libQtDispatchDruide9.dll
2017-04-25 15:45 - 2017-04-25 15:45 - 000108136 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\libwebsocketsDruide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000467784 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\boost_locale-vc120-mt-1_58-Druide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000088392 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\libxdispatchDruide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000063816 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\libdispatchDruide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000025928 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\boost_system-vc120-mt-1_58-Druide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000036168 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\boost_chrono-vc120-mt-1_58-Druide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000108360 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\boost_thread-vc120-mt-1_58-Druide9.dll
2017-04-30 06:02 - 2017-04-30 06:02 - 000022120 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\LibrairiesQt\libEGL.dll
2017-04-30 06:02 - 2017-04-30 06:02 - 002022504 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\LibrairiesQt\libGLESv2.dll
2017-09-12 15:33 - 2017-09-12 15:33 - 000118376 _____ () C:\Program Files (x86)\Druide\Antidote 9\LingEN\Bin64\libYamChaDruide9.dll
2018-09-15 02:28 - 2018-09-15 02:28 - 001740288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-12 15:30 - 2017-09-12 15:30 - 000402536 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\Extensions\Antidote.LibreOffice.MA.P100.dll
2019-02-08 21:59 - 2019-02-08 19:26 - 001698296 _____ () C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
2019-02-09 18:02 - 2014-11-18 14:44 - 000255072 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.10\bin\TrayPopupE\TrayTipAgentE.exe
2018-12-18 15:42 - 2018-12-18 15:42 - 002593392 _____ () C:\Program Files (x86)\VPNetwork LLC\TorGuard\TorGuardDesktopQt.exe
2019-01-25 08:34 - 2019-01-25 08:34 - 000210088 _____ () C:\Program Files\FileZilla FTP Client\libfilezilla-0.dll
2019-01-25 08:34 - 2019-01-25 08:34 - 000234664 _____ () C:\Program Files\FileZilla FTP Client\libpng16-16.dll
2019-01-25 08:34 - 2019-01-25 08:34 - 000094376 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_seh-1.dll
2019-01-25 08:34 - 2019-01-25 08:34 - 001398440 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2019-01-25 08:34 - 2019-01-25 08:34 - 000222376 _____ () C:\Program Files\FileZilla FTP Client\libhogweed-4.dll
2019-01-25 08:34 - 2019-01-25 08:34 - 000227496 _____ () C:\Program Files\FileZilla FTP Client\libnettle-6.dll
2019-01-25 08:34 - 2019-01-25 08:34 - 000132264 _____ () C:\Program Files\FileZilla FTP Client\zlib1.dll
2019-01-25 08:34 - 2019-01-25 08:34 - 000563880 _____ () C:\Program Files\FileZilla FTP Client\libgmp-10.dll
2019-01-25 08:34 - 2019-01-25 08:34 - 001763496 _____ () C:\Program Files\FileZilla FTP Client\libgnutls-30.dll
2019-02-07 18:52 - 2019-02-05 08:15 - 001214280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2019-02-07 18:52 - 2019-02-05 08:15 - 002103112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2019-02-07 18:52 - 2019-02-05 08:17 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000025456 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000148968 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 001878888 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000118232 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes36.dll
2019-02-07 18:52 - 2019-02-05 08:15 - 000109024 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000082760 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000418776 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom36.dll
2019-02-07 18:52 - 2019-02-05 08:16 - 000074072 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000049128 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000026600 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000131552 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000182752 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000119272 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:17 - 000401752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:17 - 000034664 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:18 - 000062304 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000023520 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 001457488 _____ () C:\Program Files (x86)\Dropbox\Client\dbxlog._dbxlog.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000053736 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000065504 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000025944 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:17 - 000068968 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:17 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000032224 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 001755472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000101200 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt592.sip.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 001886032 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000523600 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 003755344 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000061408 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000169304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000061784 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000042840 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000202584 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000117584 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000214872 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000099664 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:17 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shell32.compiled._winffi_shell32.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:17 - 000028008 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:17 - 000033632 _____ () C:\Program Files (x86)\Dropbox\Client\winreindex.compiled._winreindex.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000027624 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:17 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:17 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:17 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000031600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000486880 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:17 - 000051552 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:18 - 000029040 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 012335952 _____ () C:\Program Files (x86)\Dropbox\Client\nucleus_python.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000029024 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:15 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2019-02-07 18:52 - 2019-02-05 08:16 - 000036712 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000272208 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2019-02-07 18:52 - 2019-02-05 08:17 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000433992 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2019-02-07 18:52 - 2019-02-05 08:17 - 000038240 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000026432 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2019-02-07 18:52 - 2019-02-05 08:16 - 001967936 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2019-02-07 18:52 - 2019-02-05 08:17 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shcore.compiled._winffi_shcore.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:17 - 000095592 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:17 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000054096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:17 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.gdi32.compiled._winffi_gdi32.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000556880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp36-win32.pyd
2019-02-07 18:52 - 2019-02-05 08:16 - 000335184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp36-win32.pyd
2017-11-22 18:18 - 2017-11-22 18:18 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2019-02-07 19:24 - 2018-12-05 18:47 - 000885536 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2019-02-07 19:24 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2019-02-07 19:24 - 2019-02-02 12:33 - 002667296 _____ () C:\Program Files (x86)\Steam\video.dll
2019-02-07 19:24 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2019-02-07 19:24 - 2018-11-05 13:53 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2019-02-07 19:24 - 2018-11-05 13:53 - 000810784 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2019-02-07 19:24 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2019-02-07 19:24 - 2018-11-05 13:53 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2019-02-07 19:24 - 2018-11-05 13:53 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2019-02-07 19:24 - 2018-11-05 13:53 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2019-02-07 19:24 - 2019-02-02 12:33 - 001031456 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2019-02-07 19:24 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2019-02-07 19:24 - 2018-11-19 19:55 - 088009504 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2019-02-07 19:24 - 2018-12-05 18:47 - 000885536 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2019-02-07 19:24 - 2018-11-19 19:55 - 004083488 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libglesv2.dll
2019-02-07 19:24 - 2018-11-19 19:55 - 000097056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libegl.dll
2017-07-06 07:21 - 2017-07-06 07:21 - 000050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2017-07-06 07:33 - 2017-07-06 07:33 - 000222720 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2017-07-06 07:33 - 2017-07-06 07:33 - 000073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2017-07-06 07:36 - 2017-07-06 07:36 - 000890880 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2017-07-06 07:27 - 2017-07-06 07:27 - 000103424 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000076616 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin32\libQtDispatchDruide9.dll
2017-04-25 15:45 - 2017-04-25 15:45 - 000093288 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin32\libwebsocketsDruide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000373576 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin32\boost_locale-vc120-mt-1_58-Druide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000077128 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin32\libxdispatchDruide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000054600 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin32\libdispatchDruide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000022856 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin32\boost_system-vc120-mt-1_58-Druide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000033096 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin32\boost_chrono-vc120-mt-1_58-Druide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000089928 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin32\boost_thread-vc120-mt-1_58-Druide9.dll
2017-04-30 06:02 - 2017-04-30 06:02 - 000021096 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin32\LibrairiesQt\libEGL.dll
2017-04-30 06:02 - 2017-04-30 06:02 - 001654888 _____ () C:\Program Files (x86)\Druide\Antidote 9\Application\Bin32\LibrairiesQt\libGLESv2.dll
2019-02-07 18:52 - 2019-02-07 18:52 - 088824552 _____ () C:\Users\abysal\AppData\Roaming\Spotify\libcef.dll
2019-02-07 18:52 - 2019-02-07 18:52 - 004239592 _____ () C:\Users\abysal\AppData\Roaming\Spotify\libglesv2.dll
2019-02-07 18:52 - 2019-02-07 18:52 - 000098024 _____ () C:\Users\abysal\AppData\Roaming\Spotify\libegl.dll
2019-02-08 21:59 - 2019-02-08 19:26 - 000932856 _____ () C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\plugins\corsair\cueextensions32.dll
2017-09-10 15:51 - 2017-09-10 15:51 - 000798208 _____ () C:\Users\abysal\AppData\Local\MEGAsync\libsodium.dll
2017-10-18 16:58 - 2017-10-18 16:58 - 000570368 _____ () C:\Users\abysal\AppData\Local\MEGAsync\ShellExtX32.dll
2019-01-25 08:34 - 2019-01-25 08:34 - 000049320 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2019-02-09 17:47 - 2018-07-18 15:39 - 042781710 _____ () C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\libffmpeg.dll
2019-02-09 18:02 - 2014-02-13 15:27 - 000249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.10\bin\TrayPopupE\uexper.dll
2019-02-09 18:02 - 2014-02-13 15:27 - 000222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.10\bin\TrayPopupE\traynet.dll
2019-02-09 18:02 - 2014-02-13 15:27 - 000275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.10\bin\TrayPopupE\libcurl.dll
2019-02-09 18:02 - 2014-02-13 15:27 - 000113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.10\bin\TrayPopupE\zlib1.dll
2019-02-07 18:51 - 2019-01-15 16:32 - 002000216 _____ () C:\Users\abysal\AppData\Local\Discord\app-0.0.304\ffmpeg.dll
2019-02-07 18:51 - 2019-01-15 16:32 - 004332376 _____ () C:\Users\abysal\AppData\Local\Discord\app-0.0.304\libglesv2.dll
2019-02-07 18:51 - 2019-01-15 16:32 - 000106328 _____ () C:\Users\abysal\AppData\Local\Discord\app-0.0.304\libegl.dll
2019-02-07 19:24 - 2019-02-07 19:24 - 011345240 _____ () \\?\C:\Users\abysal\AppData\Roaming\discord\0.0.304\modules\discord_voice\discord_voice.node
2019-02-07 19:24 - 2019-02-07 19:24 - 001723224 _____ () \\?\C:\Users\abysal\AppData\Roaming\discord\0.0.304\modules\discord_utils\discord_utils.node
2019-02-07 19:24 - 2019-02-07 19:24 - 002672984 _____ () \\?\C:\Users\abysal\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
2019-02-07 19:24 - 2019-02-07 19:24 - 000837464 _____ () \\?\C:\Users\abysal\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
2019-02-07 19:24 - 2019-02-07 19:24 - 000479064 _____ () \\?\C:\Users\abysal\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2019-02-07 19:24 - 2019-02-07 19:24 - 000553816 _____ () \\?\C:\Users\abysal\AppData\Roaming\discord\0.0.304\modules\discord_erlpack\discord_erlpack.node
2019-02-07 19:25 - 2019-02-07 19:25 - 001762648 _____ () \\?\C:\Users\abysal\AppData\Roaming\discord\0.0.304\modules\discord_game_utils\discord_game_utils.node
2019-02-07 19:25 - 2019-02-07 19:25 - 009914712 _____ () \\?\C:\Users\abysal\AppData\Roaming\discord\0.0.304\modules\discord_cloudsync\discord_cloudsync.node
2019-02-07 19:25 - 2019-02-07 19:25 - 002909016 _____ () \\?\C:\Users\abysal\AppData\Roaming\discord\0.0.304\modules\discord_rpc\discord_rpc.node
2019-02-09 18:22 - 2019-02-09 18:22 - 002284376 _____ () \\?\C:\Users\abysal\AppData\Roaming\discord\0.0.304\modules\discord_media\discord_media.node
2019-02-07 19:45 - 2019-02-07 19:45 - 001266008 _____ () \\?\C:\Users\abysal\AppData\Roaming\discord\0.0.304\modules\discord_modules\discord_modules.node
2019-02-07 19:44 - 2019-02-07 19:44 - 022327128 _____ () \\?\C:\Users\abysal\AppData\Roaming\discord\0.0.304\modules\discord_dispatch\discord_dispatch.node
2019-02-07 19:45 - 2019-02-07 19:45 - 002947416 _____ () \\?\C:\Users\abysal\AppData\Roaming\discord\0.0.304\modules\discord_contact_import\discord_contact_import.node
2019-02-07 19:45 - 2019-02-07 19:45 - 001297752 _____ () \\?\C:\Users\abysal\AppData\Roaming\discord\0.0.304\modules\discord_vigilante\discord_vigilante.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 02:31 - 2018-09-15 02:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\PuTTY\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\GNU\GnuPG\pub;C:\Program Files (x86)\Druide\Antidote 9\Application\Bin64\;C:\Program Files (x86)\Druide\Antidote 9\Application\Bin32\;%USERPROFILE%\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\
HKU\S-1-5-21-66705881-2455800333-246836714-1001\Control Panel\Desktop\\Wallpaper -> c:\users\abysal\downloads\untitzzzzzzzzzaaaaaaaaled.jpeg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7A243D99-E86C-445F-BDCE-9BFDC5D89886}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FC4EFE97-8D7B-4A84-BBC5-7539FBAF083E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D147E41D-F189-4186-8444-8FF75C4C23B0}] => (Allow) C:\Program Files\Opera\58.0.3135.53\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{0855C24B-43CE-41C3-8F0A-2C9396E755B2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{5AC0401E-6179-4AAD-91AE-2977F2372452}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A6F70F06-5478-4B76-B938-C1F201EEFDFE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4E251951-458E-4FC4-8AE8-D05271238874}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe ()
FirewallRules: [{ED163FA3-4CCD-4D00-8B55-8DCE91336EF3}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe ()
FirewallRules: [{E484D167-4742-4912-8B15-FB45066DAD3F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{AF7C1BC8-1007-40D8-B445-4487931B7690}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{5E469257-18AF-4B35-B8D6-AF3AD776FAC8}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{13F114D4-EFFD-4900-BC39-D3C7DBB97511}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{5A3D6C40-41C8-4414-9AAD-499029183B16}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{E66DA1B4-7B38-4A5E-BAE1-6BCCC86AA4FF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5B706E3B-141C-4E04-A9BD-241DBF8458E9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B89C65A6-E6D0-454E-AC56-B13C3D2D7A22}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{89B9C807-0B8E-4CA9-96A7-A71E36767AF5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{00D325D9-0EDF-45D6-87A5-66C2F14D70B7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{7659BC23-FE93-4972-88F1-E60CEC24021B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{D8FAF2C4-416E-4DC5-8BE7-5172052A65B5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{5E3D2D29-4E8A-423C-9E47-BA715C308B25}] => (Allow) C:\Program Files (x86)\Chromium\Application\chrome.exe (The Chromium Authors)
FirewallRules: [{A8545CA2-2AEE-4B67-849D-8940A52417A1}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3B3FF639-698C-4957-992D-3EBDF04BDFFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{737C43F9-0E9F-44E4-9479-DD15CB6283CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{E7A5D693-0626-4C10-800E-7A5FE6D33DEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC -> Futuremark)
FirewallRules: [{EAE6C6E8-D523-4E05-9DF3-D621BAAF007A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC -> Futuremark)
FirewallRules: [{8880F1F0-37DD-45D6-8BE2-C47002C993F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VoiceAttack\VoiceAttack.exe (VoiceAttack.com -> VoiceAttack.com)
FirewallRules: [{B7B411B5-0148-4BB8-AFB7-81242E6FCC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VoiceAttack\VoiceAttack.exe (VoiceAttack.com -> VoiceAttack.com)
FirewallRules: [{9A79029D-C014-46E3-A310-9CBACAF448AD}] => (Allow) H:\SteamLibrary\steamapps\common\Save Your Nuts\SaveYourNuts.exe (CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> )
FirewallRules: [{80A31196-6807-44B4-9788-6100BE890879}] => (Allow) H:\SteamLibrary\steamapps\common\Save Your Nuts\SaveYourNuts.exe (CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> )
FirewallRules: [{11167C9E-C91C-4854-B570-F7A5FFB8E529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destination Primus Vita Episode 1\DPVE1.exe ()
FirewallRules: [{90305B48-6426-4124-8E7D-827301219A27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destination Primus Vita Episode 1\DPVE1.exe ()
FirewallRules: [{82BF81C5-65D7-46F8-8A28-5A9BA697B056}] => (Allow) H:\SteamLibrary\steamapps\common\TxP\TormentorXPunisher.exe ( )
FirewallRules: [{66CF902F-0694-4C54-AD16-52BEC96F488D}] => (Allow) H:\SteamLibrary\steamapps\common\TxP\TormentorXPunisher.exe ( )
FirewallRules: [{3AD3DA0A-D9B4-4C33-AD7B-9EB3C5F4DE1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdom New Lands\Kingdom.exe ()
FirewallRules: [{9077C646-4379-4525-A451-0C3D9D031DDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdom New Lands\Kingdom.exe ()
FirewallRules: [{3119E3DE-477E-41D0-B6E3-640F07AF2422}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The First Spark\TheFirstSpark.exe (Unity Technologies SF -> )
FirewallRules: [{8FEF1FFD-3E75-4BFB-948A-4F7EE6E596A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The First Spark\TheFirstSpark.exe (Unity Technologies SF -> )
FirewallRules: [{69A2EEFC-4C37-4425-94AB-F52556130985}] => (Allow) H:\SteamLibrary\steamapps\common\Rivals of Aether\RivalsofAether.exe (Dan Fornace)
FirewallRules: [{8E236A64-10E1-40CC-9116-6F642ECCD7B9}] => (Allow) H:\SteamLibrary\steamapps\common\Rivals of Aether\RivalsofAether.exe (Dan Fornace)
FirewallRules: [{1FB0ECFF-9D9B-44C2-8EB4-AF92D987F3CB}] => (Allow) H:\SteamLibrary\steamapps\common\Besiege\Besiege.exe ()
FirewallRules: [{1E425BEC-B12E-4AFC-8117-824FC207D1D1}] => (Allow) H:\SteamLibrary\steamapps\common\Besiege\Besiege.exe ()
FirewallRules: [{6B4D7D40-AA0A-494F-BF0E-BC59D2C7FEDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BIT.TRIP RUNNER\RUNNER.exe ()
FirewallRules: [{6F03B631-8F2B-44C2-817C-6E85AD128484}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BIT.TRIP RUNNER\RUNNER.exe ()
FirewallRules: [{2B1DE9EE-BF86-4603-B88F-91C66C846D1D}] => (Allow) H:\SteamLibrary\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe ()
FirewallRules: [{BD7820BB-0AA4-48A0-B59F-AF662275B8FD}] => (Allow) H:\SteamLibrary\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe ()
FirewallRules: [{13E8D750-FA59-4E36-BCBF-EDDB045398B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe ()
FirewallRules: [{E45B89F3-DDC7-42EA-BC09-91D0162D17B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe ()
FirewallRules: [{5F3FF1BC-0C05-42AD-BF72-BC8B5C23AAA2}] => (Allow) H:\SteamLibrary\steamapps\common\Broforce\Broforce_beta.exe ()
FirewallRules: [{5CEA48D0-6AC0-484A-99CB-4C66DDF3634F}] => (Allow) H:\SteamLibrary\steamapps\common\Broforce\Broforce_beta.exe ()
FirewallRules: [{7212FE2B-3E79-48BD-BE7D-4147AB8CFE6D}] => (Allow) H:\SteamLibrary\steamapps\common\Robocraft\Robocraft.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{84E32B1C-A684-457C-B43A-6F2C91B2FD6E}] => (Allow) H:\SteamLibrary\steamapps\common\Robocraft\Robocraft.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0261A33B-D80C-49AC-8511-84D862360E7F}] => (Allow) H:\SteamLibrary\steamapps\common\Trove\GlyphClient.exe (gamigo AG -> Trion Worlds Inc.)
FirewallRules: [{C59FFB88-EA0B-453A-9099-172C5276EFA0}] => (Allow) H:\SteamLibrary\steamapps\common\Trove\GlyphClient.exe (gamigo AG -> Trion Worlds Inc.)
FirewallRules: [{8972B00B-E581-4250-8C75-2712F5F42234}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KHOLAT\Kholat.exe ()
FirewallRules: [{A151E18D-0623-44DE-82FF-9D0D622B55A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KHOLAT\Kholat.exe ()
FirewallRules: [{59638EBF-22D4-4BF3-8596-898160CB897E}] => (Allow) H:\SteamLibrary\steamapps\common\Angry Birds Space\AngryBirdsSpace.exe (Rovio Entertainment Ltd.)
FirewallRules: [{094A18F7-FE5A-46A4-8C82-3CF6D26DA7B5}] => (Allow) H:\SteamLibrary\steamapps\common\Angry Birds Space\AngryBirdsSpace.exe (Rovio Entertainment Ltd.)
FirewallRules: [{0ED4AD76-D767-49DA-9432-E0EFF01D9D5E}] => (Allow) H:\SteamLibrary\steamapps\common\Crawl\Crawl.exe ()
FirewallRules: [{664A7726-2627-4F6A-BDF9-7C4D2A3CB584}] => (Allow) H:\SteamLibrary\steamapps\common\Crawl\Crawl.exe ()
FirewallRules: [{45581325-65EF-45AC-A408-BEF61A0EF0D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DeathRoadToCanada\prog.exe ()
FirewallRules: [{1E60B073-2E6C-49C3-A955-FF3DE522AB54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DeathRoadToCanada\prog.exe ()
FirewallRules: [{A7DB9F43-EDE4-4D8E-9FB2-43D26B483B9D}] => (Allow) H:\SteamLibrary\steamapps\common\SUPERHOT\SUPERHOT.exe (SUPERHOT Sp z o.o.)
FirewallRules: [{932B5DB0-98D1-4A7E-B48D-9FD177BCE005}] => (Allow) H:\SteamLibrary\steamapps\common\SUPERHOT\SUPERHOT.exe (SUPERHOT Sp z o.o.)
FirewallRules: [{DAE7839E-836A-4EA1-880C-7B661D2E09D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DrinkBox_Game4\Game.exe ()
FirewallRules: [{D161D089-BDE2-46D6-BDE8-C1E39277C5C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DrinkBox_Game4\Game.exe ()
FirewallRules: [{A5E59A8C-556B-412E-93C1-7CD1508C1469}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe ()
FirewallRules: [{78B955B3-4005-4B21-AD19-6AF919E4C618}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe ()
FirewallRules: [{AA09E063-2039-4EFF-941D-E79B1B5AE502}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe (Epic Games, Inc.)
FirewallRules: [{1B3274AC-93DE-45EB-8EC0-74C674DF2CA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe (Epic Games, Inc.)
FirewallRules: [{18905369-31FB-4B78-AE7E-41CC15AF147A}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{441E8B12-3907-475B-8636-D82FD8B97A48}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{3395921F-B027-451B-984B-F14F6EC75CFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe ()
FirewallRules: [{7E502D60-72AA-4A38-9B24-E4F820083759}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe ()
FirewallRules: [{94B00E24-1F0E-4733-9739-644A3CF35156}] => (Allow) H:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{D634410C-EE35-4DB6-BD33-5F90DAE0BF19}] => (Allow) H:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{B811BB83-D098-4DF7-AC90-13FD90C643D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riptide GP Renegade\Game_x64.exe ()
FirewallRules: [{6140F153-4DF3-4B92-8E48-62F5BD0D5543}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riptide GP Renegade\Game_x64.exe ()
FirewallRules: [{EB3D2C72-7FC5-4B58-AC58-322E51F9E2B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nyan Cat Lost In Space\bin_x86\NyanCat.exe ()
FirewallRules: [{5E9AA0B9-AB48-44AC-86DF-4413111496AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nyan Cat Lost In Space\bin_x86\NyanCat.exe ()
FirewallRules: [{9CEA6541-3537-41BB-9FB9-599E39A344FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe (Gearbox Software)
FirewallRules: [{97875E5C-E0C9-4268-B8CA-825B33602FB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe (Gearbox Software)
FirewallRules: [{47F65C31-5BF9-42AA-8067-9A135F775971}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{B77D29F9-FD2B-4252-BABA-DF57330BF61A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{F48436BD-612D-4657-A9CA-E4EF856A2DCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (FUTUREMARK INC -> )
FirewallRules: [{025AB352-9786-4650-8376-FE510EBE283B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (FUTUREMARK INC -> )
FirewallRules: [{47A69530-C6CB-4F9C-8339-5E217C9BE6EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (FUTUREMARK INC -> )
FirewallRules: [{1E6997F1-1443-425A-80ED-FAD4882494EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (FUTUREMARK INC -> )
FirewallRules: [{03F5D4BA-4AE5-4591-A0CC-67586DDBF126}] => (Allow) H:\SteamLibrary\steamapps\common\MXGP\MXGP.exe (Milestone S.r.l.)
FirewallRules: [{B16C6778-1840-4324-8A02-334DC53797BB}] => (Allow) H:\SteamLibrary\steamapps\common\MXGP\MXGP.exe (Milestone S.r.l.)

==================== Restore Points =========================

07-02-2019 18:32:23 Windows Update
08-02-2019 18:48:44 Windows Modules Installer

==================== Faulty Device Manager Devices =============

Name: Microsoft Visual Studio Location Simulator Sensor
Description: Microsoft Visual Studio Location Simulator Sensor
Class Guid: {5175d334-c371-4806-b3ba-71fd53c9258d}
Manufacturer: Microsoft Corporation
Service: SensorsSimulatorDriver
Problem: : Windows is removing this device. (Code 21)
Resolution: Wait several seconds, and then press the F5 key to update the Device Manager view.
If that does not resolve the problem, restart your computer.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2019 07:59:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 8.2.2019.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 134c

Start Time: 01d4c0db7da29d27

Termination Time: 4294967295

Application Path: C:\Users\abysal\Documents\MEGAsync Downloads\FRST64.exe

Report Id: 01e1d4af-b974-499a-85db-c8a8e823361b

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (02/09/2019 07:59:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 8.2.2019.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1554

Start Time: 01d4c0db7dbf0c55

Termination Time: 4294967295

Application Path: C:\Users\abysal\Documents\MEGAsync Downloads\FRST64.exe

Report Id: f3634865-a452-46e9-b430-12b1054a0a9e

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (02/08/2019 07:47:31 PM) (Source: MsiInstaller) (EventID: 11500) (User: DESKTOP-DG4P113)
Description: Produit : WordQ 4 -- Erreur 1500. Une autre installation est en cours. Vous devez la terminer avant de poursuivre cette installation.

Error: (02/08/2019 07:42:51 PM) (Source: MsiInstaller) (EventID: 11500) (User: DESKTOP-DG4P113)
Description: Produit : WordQ 4 -- Erreur 1500. Une autre installation est en cours. Vous devez la terminer avant de poursuivre cette installation.

Error: (02/08/2019 07:42:44 PM) (Source: MsiInstaller) (EventID: 11500) (User: DESKTOP-DG4P113)
Description: Produit : WordQ 4 -- Erreur 1500. Une autre installation est en cours. Vous devez la terminer avant de poursuivre cette installation.

Error: (02/08/2019 07:42:44 PM) (Source: MsiInstaller) (EventID: 11500) (User: DESKTOP-DG4P113)
Description: Produit : WordQ 4 -- Erreur 1500. Une autre installation est en cours. Vous devez la terminer avant de poursuivre cette installation.

Error: (02/08/2019 07:42:43 PM) (Source: MsiInstaller) (EventID: 11500) (User: DESKTOP-DG4P113)
Description: Produit : WordQ 4 -- Erreur 1500. Une autre installation est en cours. Vous devez la terminer avant de poursuivre cette installation.

Error: (02/08/2019 07:42:37 PM) (Source: MsiInstaller) (EventID: 11500) (User: DESKTOP-DG4P113)
Description: Produit : WordQ 4 -- Erreur 1500. Une autre installation est en cours. Vous devez la terminer avant de poursuivre cette installation.


System errors:
=============
Error: (02/09/2019 03:32:52 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-DG4P113)
Description: Unable to start a DCOM Server: Microsoft.LockApp_10.0.17763.1_neutral__cw5n1h2txyewy!WindowsDefaultLockScreen as Unavailable/Unavailable. The error:
"0"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca

Error: (02/08/2019 08:02:24 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-DG4P113)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-DG4P113\abysal SID (S-1-5-21-66705881-2455800333-246836714-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/08/2019 07:53:10 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error:
An instance of the service is already running.

Error: (02/08/2019 07:51:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (02/08/2019 06:36:04 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-DG4P113)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-DG4P113\abysal SID (S-1-5-21-66705881-2455800333-246836714-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/08/2019 06:30:36 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-DG4P113)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-DG4P113\abysal SID (S-1-5-21-66705881-2455800333-246836714-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/08/2019 06:30:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-DG4P113)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-DG4P113\abysal SID (S-1-5-21-66705881-2455800333-246836714-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/08/2019 06:10:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-DG4P113)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-DG4P113\abysal SID (S-1-5-21-66705881-2455800333-246836714-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-02-09 19:54:57.683
Description:
Windows Defender Antivirus has detected a suspicious behavior.
Name: Behavior:Win32/DroppedKnownMalware
ID: 4236051168
Severity: Low
Category: Suspicious Behavior
Path Found: file:_C:\Windows\AutoKMS\AutoKMS.exe; process:_12816
Detection Origin: Local machine
Detection Type: Suspicious
Detection Source: Real-Time Protection
Status: Executing
Process Name: C:\Windows\AutoKMS\AutoKMS.exe
Signature ID: 41453017067075
Signature Version: AV: 1.285.1230.0, AS: 1.285.1230.0
Engine Version: 1.1.15700.7
Fidelity Label: Low
Target File Name: C:\Windows\Temp\SppExtComObjHook.dll

Date: 2019-02-09 19:53:00.877
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in32/AutoKMS&threatid=2147685180&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: High
Category: Tool
Path: file:_C:\Windows\Temp\SppExtComObjHook.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\AutoKMS\AutoKMS.exe
Signature Version: AV: 1.285.1230.0, AS: 1.285.1230.0, NIS: 1.285.1230.0
Engine Version: AM: 1.1.15700.7, NIS: 1.1.15700.7

Date: 2019-02-08 21:18:59.735
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8B039190-0582-4DA4-B747-DA71BD718BC6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-08 20:07:18.311
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {434C94F6-C6D9-441A-93D7-09E0D5729BE4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-07 19:46:37.509
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in32/AutoKMS&threatid=2147685180&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: High
Category: Tool
Path: file:_C:\Windows\Temp\SppExtComObjHook.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\AutoKMS\AutoKMS.exe
Signature Version: AV: 1.285.1087.0, AS: 1.285.1087.0, NIS: 1.285.1087.0
Engine Version: AM: 1.1.15700.7, NIS: 1.1.15700.7

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 52%
Total physical RAM: 8102.89 MB
Available physical RAM: 3855.45 MB
Total Virtual: 10022.89 MB
Available Virtual: 3810.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:434.11 GB) (Free:223.84 GB) NTFS
Drive d: (System) (Fixed) (Total:1 GB) (Free:0.99 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:10.91 GB) (Free:10.87 GB) NTFS
Drive h: (a7) (Fixed) (Total:111.66 GB) (Free:4.08 GB) NTFS

\\?\Volume{6bcf7f91-6c88-4b37-a93a-60c63e79bb76}\ () (Fixed) (Total:0.87 GB) (Free:0.34 GB) NTFS
\\?\Volume{72ede0df-2710-0000-e682-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: 09428284)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 0E1E0C3B)

Partition: GPT.

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.1 KB · Views: 1
Fix result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by abysal (09-02-2019 20:38:05) Run:1
Running from C:\Users\abysal\Documents\MEGAsync Downloads\New folder
Loaded Profiles: abysal (Available Profiles: abysal)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-66705881-2455800333-246836714-1001\...\Run: [AdobeBridge] => [X]
2019-02-08 19:55 - 2019-02-08 20:32 - 000004096 _____ () C:\Users\abysal\AppData\Local\Temp\dateinj01.dll
2019-02-07 18:59 - 2019-02-07 18:59 - 001037720 _____ (Microsoft Corporation) C:\Users\abysal\AppData\Local\Temp\PidGenX.dll
CustomCLSID: HKU\S-1-5-21-66705881-2455800333-246836714-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\abysal\AppData\Local\Microsoft\OneDrive\18.240.1202.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-66705881-2455800333-246836714-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\abysal\AppData\Local\Microsoft\OneDrive\18.240.1202.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-66705881-2455800333-246836714-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\abysal\AppData\Local\Microsoft\OneDrive\18.240.1202.0004\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

*****************

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-66705881-2455800333-246836714-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
C:\Users\abysal\AppData\Local\Temp\dateinj01.dll => moved successfully
C:\Users\abysal\AppData\Local\Temp\PidGenX.dll => moved successfully
HKU\S-1-5-21-66705881-2455800333-246836714-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-66705881-2455800333-246836714-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-66705881-2455800333-246836714-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found

==== End of Fixlog 20:38:15 ====
 
You must log in or register to reply here.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
476
eriksnyman1
E
AGenericFool
Help - Valid Windows 10 Licenses deactivate after two days?!
Replies
1
Views
314
Nelson28
N
midian182
OpenAI introduces Sora, a text-to-video generator that can create realistic 60-second...
Replies
11
Views
269
erickmendes
erickmendes

Latest posts

Back