Solved Windows Task Manager crashes after opening

[StankHamster]

So I did a search for crashing task managers and came across this page. I know those instructions are specific to that user so I went ahead and followed the instructions here. Avast found one threat: a [dot]url file included in an album I downloaded in 2014:

Severity: High
Status: Threat: INI:Shortcut-inf [Trj]
Action: Delete
Result: Action Successful

I deleted that and completed the FRST scan (logs below) and await further instruction. Thanks in advance for your assistance.

Just a side note before the logs: as soon as the task manager crashed (opened 3 times, crashed every time) I went ahead and updated my Malwarebytes Premium program and miraculously my task manager worked again/didn't crash anymore. I decided to google before performing a Malwarebytes scan. That's when I came across your site and realized it may very well be a virus/malware/etc, so I installed Avast and ran that scan as recommended (aka no Malwarebytes scan).

Malwarebytes typically updates on its own so I never feel inclined to do so manually. I run a weekly virus scan (full) every Tuesday when the computer is not in use. Malwarebytes never caught a virus up til this point (on this PC at least), but I've had success on previous PCs so I never felt the need to change programs. Anyway sorry for the long-windedness here are the logs (opps it seems both files are over 50,000 characters, I'll try to cut/paste in separate replies, sorry for the inconvenience!)

 

[StankHamster]

I can't post the log files even when I paste them in half (again, they're both over 50,000 characters) because it's still listed as spam. Is there another method of posting?

 

[StankHamster]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.04.2019
Ran by Gaspar (administrator) on BLACKBEARD (Micro-Star International Co., Ltd. MS-7A37) (28-04-2019 20:25:57)
Running from D:\Gaspar\Downloads
Loaded Profiles: Gaspar (Available Profiles: defaultuser0 & Gaspar & Administrator)
Platform: Windows 10 Pro Version 1809 17763.437 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1902.633.0_x64__8wekyb3d8bbwe\Time.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1902.42.0_x64__8wekyb3d8bbwe\Calculator.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19032.731.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] D:\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\RAMDisk\MSI_RAMDisk_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Shenzhen Huion Animation Technology Co., Ltd. -> Graphic Tablet Company Shenzhen) C:\PenTabletDriver\TabletDriver.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-11-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [TabletDriver] => C:\PenTabletDriver\TabletDriver.exe [655368 2017-04-19] (Shenzhen Huion Animation Technology Co., Ltd. -> Graphic Tablet Company Shenzhen)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-29] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26129592 2018-05-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\Gaspar\AppData\Local\slack\Update.exe [1569296 2019-04-23] (Slack Technologies, Inc. -> )
HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\Run: [Google Update] => C:\Users\Gaspar\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-28] (Google Inc -> Google LLC)
HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\RunOnce: [Application Restart #0] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-04] (Google LLC -> Google Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {087CF12B-EEF8-4A77-AE2C-BCB86DA7AAC0} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0B8A9D0A-A993-40FA-8BED-6B5F226238CD} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1538A011-FB7F-4FF9-9DA6-84140DE244A0} - System32\Tasks\Opera scheduled Autoupdate 1495737404 => c:\program files\opera\launcher.exe [1492568 2019-04-25] (Opera Software AS -> Opera Software)
Task: {2E999AFF-B5CE-4404-80E9-A92441311089} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [572456 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3978F431-3637-4946-B920-1F39306814CA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
Task: {47214DF4-4E2A-4947-8611-A6F752D46387} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {55F64627-9A18-4BE9-805B-8E3705B5BD9D} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3859587088-677505421-2901372731-500 => C:\Users\Gaspar\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {57759618-36FF-4452-9FA2-C9B425A548C1} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {583271BF-4073-4667-805E-11F5C0528064} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [36792 2016-07-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {7E856673-76D8-40A6-B1D3-FFBD52459ADA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-25] (Google Inc -> Google Inc.)
Task: {88FF338A-5F28-4829-AB68-6F673DA290A5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [840744 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9A474C6A-E309-4C97-B4FC-19F9ED97210A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK
Task: {9CF3B340-BEC8-4D1E-9D10-0D000ABE9E6F} - System32\Tasks\S-1-5-21-3859587088-677505421-2901372731-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [134144 2019-03-01] (Microsoft Windows -> Microsoft Corporation)
Task: {AA65E75B-F4CE-4C00-8279-B265DFF4D9E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859587088-677505421-2901372731-1001UA => C:\Users\Gaspar\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2018-04-26] (Google Inc -> Google Inc.)
Task: {AC8CD8E1-3C7A-4975-B988-AF398E5CF03F} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [3348432 2017-05-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {C1D80815-2106-4DC1-BAFD-E6AA7C8C0DCA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
Task: {C89C92C1-766A-441D-B3C1-161A8AE9F8A2} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2018-05-31] () [File not signed]
Task: {DDE99A5F-17B3-4AF2-919A-E6DA646B35DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-25] (Google Inc -> Google Inc.)
Task: {E40FDDD0-3CDF-4D0E-954A-4D1F2A42C5C4} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [36792 2016-07-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {E43A11B9-972E-42CB-B8DF-8598BCF44DD6} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [840744 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EC2D5BB7-1AF0-478D-956E-0825A2A5BE90} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F05FA159-4A73-466B-949E-34C9CF03A238} - System32\Tasks\MSISW_Host => C:\WINDOWS\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {F3CECFED-B6E6-41BB-9A2F-4E53EA415B8F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859587088-677505421-2901372731-1001Core => C:\Users\Gaspar\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2018-04-26] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a8b976b4-9109-4a48-9a95-7384daabf856}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-29] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-29] (Logitech Inc -> Logitech, Inc.)

FireFox:
========
FF DefaultProfile: qlou9cpa.default
FF ProfilePath: C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default [2019-04-28]
FF Homepage: Mozilla\Firefox\Profiles\qlou9cpa.default -> hxxps://www.google.com/
FF Extension: (Reddit Enhancement Suite) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2019-02-08]
FF Extension: (Japanese Language Pack) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\langpack-ja@firefox.mozilla.org.xpi [2019-03-23]
FF Extension: (Save Images) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\LDSI_plashcor@gmail.com.xpi [2017-10-12] [Legacy]
FF Extension: (Simage) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\LDSMGweb_plashcor@gmail.com.xpi [2018-06-23]
FF Extension: (LeechBlock NG) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\leechblockng@proginosko.com.xpi [2019-04-14]
FF Extension: (uBlock Origin) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\uBlock0@raymondhill.net.xpi [2019-04-03]
FF Extension: (Avast Online Security) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\wrc@avast.com.xpi [2019-04-28]
FF Extension: (Rikaichan) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}.xpi [2017-05-29] [Legacy]
FF Extension: (K-ON - Yui Hirasawa) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\{54881a7e-897b-4c28-8f6f-2dd9bb484845}.xpi [2019-03-21]
FF Extension: (Rikaichamp) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\{59812185-ea92-4cca-8ab7-cfcacee81281}.xpi [2019-04-03]
FF Extension: (NoScript) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-04-10]
FF Extension: (K-ON Yui Hirasawa S2) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\{ddd4ba89-f6ed-4c93-94f4-e862ce094888}.xpi [2019-03-21]
FF Extension: (Yui from K-on) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\{e5c72a8b-896e-464c-9d13-22e00afa6875}.xpi [2019-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-03-17] [not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3859587088-677505421-2901372731-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Gaspar\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-3859587088-677505421-2901372731-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Gaspar\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-3859587088-677505421-2901372731-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Gaspar\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-12-21] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default [2019-04-28]
CHR Extension: (Slides) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-25]
CHR Extension: (YouTube) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-25]
CHR Extension: (uBlock Origin) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-04-03]
CHR Extension: (Sheets) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-22]
CHR Extension: (Chrome Media Router) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-26]
CHR Profile: C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [47056 2017-02-17] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2016-10-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [80824 2017-06-14] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2306232 2018-05-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_RAMDisk_Service; C:\Program Files (x86)\MSI\RAMDisk\MSI_RAMDisk_Service.exe [70608 2017-05-15] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

 

[StankHamster]

Alright I wanted to post the rest of FRST.txt but it seems the "Drivers" section is considered spam. May I upload the txt files instead? Or perhaps use another service to paste the text? It says to contact an admin but I don't know who they are...

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Attach both files.

 

[StankHamster]

Will do, and thanks! (as a side note, it's getting late but I'll be sure to read your reply as soon as I wake up)

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[StankHamster]

Should I complete all scans in safe mode? If not, I just finished the RogueKiller scan in normal mode. I'll post those below and start the Malwarebytes scan soon (it typically takes 2-3 hours). As a side note, when I tried moving the rogue exe file to the desktop, Windows Explorer crashed... I tried a second time and moved the file successfully. Anyway see you in a few hours, I'll post the Malwarebytes log as soon as I have them.

RogueKiller Anti-Malware V13.1.10.0 (x64) [Apr 24 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : Gaspar [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190423_114402, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/04/29 13:06:19 (Duration : 00:07:01)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} -- [%SystemDrive%\Users\A Gaspar\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} -- [%SystemDrive%\Users\A Gaspar\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} -- [%SystemDrive%\Users\A Gaspar\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} -- [%SystemDrive%\Users\A Gaspar\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4} -- [%SystemDrive%\Users\A Gaspar\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{FA372A6E-149F-4E95-832D-8F698D40AD7F} -- [%localappdata%\Google\Chrome SxS\Application\76.0.3780.0\notification_helper.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-3859587088-677505421-2901372731-500\Software\Microsoft\Windows\CurrentVersion\Run|OneDrive -- [%SystemDrive%\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{9FEDACBD-5CA2-474B-AB03-D71ABAF4EE41}C:\users\gaspar\appdata\local\programs\python\python37-32\python.exe -- [%localappdata%\Programs\Python\python37-32\python.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{BBA506EE-D85D-42B3-B4FC-A418DBB4F13A}C:\users\gaspar\appdata\local\programs\python\python37-32\python.exe -- [%localappdata%\Programs\Python\python37-32\python.exe] -> Deleted

 

[Broni]

No need for safe mode.

 

[StankHamster]

Thanks. Also it seems Malwarebytes' Threat Scan is a lot faster than full: finished in 8 mins... no threats but I'll post the log anyway. On to the final scan

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/29/19
Scan Time: 1:18 PM
Log File: c953d524-6aa2-11e9-a7ed-4ccc6afeda0a.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10390
License: Premium

-System Information-
OS: Windows 10 (Build 17763.437)
CPU: x64
File System: NTFS
User: BLACKBEARD\Gaspar

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 353906
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 8 min, 3 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[StankHamster]

Nice, scan complete in 19 secs. Also what the heck I had no idea AdwCleaner was another product of Malwarebytes; I just assumed Premium had everything! Guess I'll look into that... No threats detected, but it did say I could run an optional "Basic Repair" that will reset "Winsock and other settings to their default values". Should I do that, too? Here's the log:

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-03.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-29-2019
# Duration: 00:00:17
# OS: Windows 10 Pro
# Scanned: 27198
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

[StankHamster]

Drats, it seems task manager is crashing again. Not sure what to do at this point

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[StankHamster]

Both files are over 50k characters so I'll attach them. I noticed a few apps/drivers were outdated so I went ahead and updated those in the mean time. Sorry if I should've waited first:

Updated:

-Nvidia drivers (I don't game so I never install the Geforce experience app)
-AMD Chipset drivers
-MSI Gaming App (which I later removed since it always has a "Very High" power usage)
-Realtek HD audio drivers
-Realtek PCIE Network Drivers

Uninstalled:

-MSI Gaming App
-Anime Studio Pro 11 (an old animation software)
-Storyboarder
-Workflowy

Task manager typically crashes at startup but after updating/uninstalling (had to restart the PC like 5 times), it didn't crash anymore. Just to sum up, after my "Drats, it seems task manager is crashing again." message, I went ahead and updated/removed apps and it seems things are back to normal. I'll probably jinx it but for now I await further instruction.

 

[Broni]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.04.2019
Ran by Gaspar (administrator) on BLACKBEARD (Micro-Star International Co., Ltd. MS-7A37) (30-04-2019 11:53:49)
Running from C:\Users\Gaspar\Desktop
Loaded Profiles: defaultuser0 & Gaspar & Administrator (Available Profiles: defaultuser0 & Gaspar & Administrator)
Platform: Windows 10 Pro Version 1809 17763.437 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1902.633.0_x64__8wekyb3d8bbwe\Time.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1902.42.0_x64__8wekyb3d8bbwe\Calculator.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19032.731.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] D:\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google Inc -> Google Inc.) C:\Users\Gaspar\AppData\Local\Google\Update\GoogleUpdate.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Shenzhen Huion Animation Technology Co., Ltd. -> Graphic Tablet Company Shenzhen) C:\PenTabletDriver\TabletDriver.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269120 2019-01-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [TabletDriver] => C:\PenTabletDriver\TabletDriver.exe [655368 2017-04-19] (Shenzhen Huion Animation Technology Co., Ltd. -> Graphic Tablet Company Shenzhen)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-29] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26278576 2019-04-17] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKU\S-1-5-21-3859587088-677505421-2901372731-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\Gaspar\AppData\Local\slack\Update.exe [1569296 2019-04-23] (Slack Technologies, Inc. -> )
HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\Run: [Google Update] => C:\Users\Gaspar\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-28] (Google Inc -> Google LLC)
HKU\S-1-5-21-3859587088-677505421-2901372731-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-04] (Google LLC -> Google Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0160BF98-2CAC-4B01-BB3A-C4662024DD42} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {06D6EA3B-FDF9-4A3B-A0E8-B2809CB6C65A} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [33953848 2019-04-24] (Adlice -> )
Task: {117E69F1-F86B-4BF1-B2B7-5A2609B89E89} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1538A011-FB7F-4FF9-9DA6-84140DE244A0} - System32\Tasks\Opera scheduled Autoupdate 1495737404 => c:\program files\opera\launcher.exe [1492568 2019-04-25] (Opera Software AS -> Opera Software)
Task: {3978F431-3637-4946-B920-1F39306814CA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
Task: {47214DF4-4E2A-4947-8611-A6F752D46387} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {55F64627-9A18-4BE9-805B-8E3705B5BD9D} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3859587088-677505421-2901372731-500 => C:\Users\Gaspar\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {61361AA5-195E-4021-88CE-03C1922ECF66} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7E856673-76D8-40A6-B1D3-FFBD52459ADA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-25] (Google Inc -> Google Inc.)
Task: {902E0483-EF4D-473D-BF6E-6B41DF3A1278} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {9CF3B340-BEC8-4D1E-9D10-0D000ABE9E6F} - System32\Tasks\S-1-5-21-3859587088-677505421-2901372731-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [134144 2019-03-01] (Microsoft Windows -> Microsoft Corporation)
Task: {AA21DC4A-6FE3-467C-B4DF-5FC394B8BDD4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AA65E75B-F4CE-4C00-8279-B265DFF4D9E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859587088-677505421-2901372731-1001UA => C:\Users\Gaspar\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2018-04-26] (Google Inc -> Google Inc.)
Task: {B379DFB5-5726-44C7-A938-F6B3D418D047} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B5743FDC-B002-4B0F-A9EE-110369093239} - System32\Tasks\MSISW_Host => C:\WINDOWS\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {B601CAD6-5576-44A0-BAC5-9212DC0B5509} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C1D80815-2106-4DC1-BAFD-E6AA7C8C0DCA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
Task: {C89C92C1-766A-441D-B3C1-161A8AE9F8A2} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2018-05-31] () [File not signed]
Task: {CAE69D75-0D8E-4D08-9F7A-118EABE26BB7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DDE99A5F-17B3-4AF2-919A-E6DA646B35DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-25] (Google Inc -> Google Inc.)
Task: {F3CECFED-B6E6-41BB-9A2F-4E53EA415B8F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859587088-677505421-2901372731-1001Core => C:\Users\Gaspar\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2018-04-26] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a8b976b4-9109-4a48-9a95-7384daabf856}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-29] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-29] (Logitech Inc -> Logitech, Inc.)

FireFox:
========
FF DefaultProfile: qlou9cpa.default
FF ProfilePath: C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default [2019-04-30]
FF Homepage: Mozilla\Firefox\Profiles\qlou9cpa.default -> hxxps://www.google.com/
FF Extension: (Reddit Enhancement Suite) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2019-02-08]
FF Extension: (Japanese Language Pack) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\langpack-ja@firefox.mozilla.org.xpi [2019-03-23]
FF Extension: (Save Images) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\LDSI_plashcor@gmail.com.xpi [2017-10-12] [Legacy]
FF Extension: (Simage) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\LDSMGweb_plashcor@gmail.com.xpi [2018-06-23]
FF Extension: (LeechBlock NG) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\leechblockng@proginosko.com.xpi [2019-04-14]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\sp@avast.com.xpi [2019-04-30]
FF Extension: (uBlock Origin) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\uBlock0@raymondhill.net.xpi [2019-04-03]
FF Extension: (Avast Online Security) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\wrc@avast.com.xpi [2019-04-30]
FF Extension: (Rikaichan) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}.xpi [2017-05-29] [Legacy]
FF Extension: (K-ON - Yui Hirasawa) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\{54881a7e-897b-4c28-8f6f-2dd9bb484845}.xpi [2019-03-21]
FF Extension: (Rikaichamp) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\{59812185-ea92-4cca-8ab7-cfcacee81281}.xpi [2019-04-03]
FF Extension: (NoScript) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-04-10]
FF Extension: (K-ON Yui Hirasawa S2) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\{ddd4ba89-f6ed-4c93-94f4-e862ce094888}.xpi [2019-03-21]
FF Extension: (Yui from K-on) - C:\Users\Gaspar\AppData\Roaming\Mozilla\Firefox\Profiles\qlou9cpa.default\Extensions\{e5c72a8b-896e-464c-9d13-22e00afa6875}.xpi [2019-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-03-17] [not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3859587088-677505421-2901372731-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Gaspar\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-3859587088-677505421-2901372731-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Gaspar\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-3859587088-677505421-2901372731-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Gaspar\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-12-21] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default [2019-04-30]
CHR Extension: (Slides) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-25]
CHR Extension: (YouTube) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-25]
CHR Extension: (uBlock Origin) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-04-03]
CHR Extension: (Sheets) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-22]
CHR Extension: (Chrome Media Router) - C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-26]
CHR Profile: C:\Users\Gaspar\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2323120 2019-04-15] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34568 2018-11-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [24288 2018-10-03] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31712 2019-01-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137688 2018-10-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205400 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [254128 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196000 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320624 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [57888 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-04-28] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [257832 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166848 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1031000 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [476776 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [220640 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385848 2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [199472 2015-07-28] (Broadcom Corporation -> Broadcom Corporation.)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [214328 2015-07-28] (Broadcom Corporation -> Broadcom Corporation.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-04-05] (Logitech Inc -> Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-04-05] (Logitech -> Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-04-29] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-04-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-04-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-04-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [117344 2019-04-29] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ed316ebc2bdc1c66\nvlddmkm.sys [21657024 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1122200 2018-08-30] (Realtek Semiconductor Corp. -> Realtek )
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-04-29] (Adlice -> )
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2014-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-04-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344544 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-30 11:53 - 2019-04-30 11:54 - 000027480 _____ C:\Users\Gaspar\Desktop\FRST.txt
2019-04-30 11:53 - 2019-04-30 11:53 - 002429952 _____ (Farbar) C:\Users\Gaspar\Desktop\FRST64(1).exe
2019-04-29 20:04 - 2019-04-30 03:41 - 000002148 _____ C:\WINDOWS\System32\Tasks\MSISW_Host
2019-04-29 20:04 - 2015-08-18 09:51 - 001692840 _____ (MSI) C:\WINDOWS\SysWOW64\muachost.exe
2019-04-29 19:57 - 2019-04-29 19:57 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-29 19:57 - 2019-04-29 19:57 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-04-29 19:57 - 2019-04-29 19:57 - 000117344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-04-29 19:57 - 2019-04-29 19:57 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-04-29 19:56 - 2018-08-30 22:55 - 001122200 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2019-04-29 19:52 - 2019-04-29 19:52 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2019-04-29 19:51 - 2019-04-29 19:52 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-04-29 19:51 - 2019-01-31 04:12 - 072520608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2019-04-29 19:51 - 2019-01-31 04:12 - 007178360 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2019-04-29 19:51 - 2019-01-31 04:12 - 007101640 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2019-04-29 19:51 - 2019-01-31 04:12 - 006566904 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2019-04-29 19:51 - 2019-01-31 04:12 - 006270088 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2019-04-29 19:51 - 2019-01-31 04:12 - 003677288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2019-04-29 19:51 - 2019-01-31 04:12 - 003159880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2019-04-29 19:51 - 2019-01-31 04:12 - 002930048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2019-04-29 19:51 - 2019-01-31 04:12 - 001159080 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2019-04-29 19:51 - 2019-01-31 04:12 - 000416400 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2019-04-29 19:51 - 2019-01-31 04:12 - 000378280 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2019-04-29 19:51 - 2019-01-31 04:12 - 000266656 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2019-04-29 19:51 - 2019-01-31 04:12 - 000154256 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2019-04-29 19:51 - 2019-01-31 04:12 - 000122216 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2019-04-29 19:51 - 2019-01-31 04:12 - 000118488 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2019-04-29 19:51 - 2019-01-31 04:12 - 000105200 _____ C:\WINDOWS\system32\audioLibVc.dll
2019-04-29 19:51 - 2019-01-31 04:12 - 000023584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 015218720 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE3.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 003306920 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 003168488 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 002198088 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 001435248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 001382336 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 001337744 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 000873568 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 000852232 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 000604904 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 000541224 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 000467264 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 000447280 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 000381512 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 000341256 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 000341256 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 000230808 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 000218376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 000175048 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 000158800 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2019-04-29 19:51 - 2019-01-31 00:13 - 000075640 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 007748616 _____ (ICEpower A/S) C:\WINDOWS\system32\ICEsoundAPO64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 005346888 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 003764912 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 003445848 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 003340512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 003283512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 002992080 _____ (Audyssey Labs) C:\WINDOWS\system32\AudysseyEfx.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 002444576 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001971264 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001965048 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001787848 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001610848 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyAPOv251gm.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001598288 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001544144 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001516160 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001396272 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001372280 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001353424 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001318952 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001287496 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyAPOvlldpgm.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001282656 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001259624 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001180624 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001110280 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001073776 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 001027928 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000965128 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000751192 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000734664 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000715544 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000692272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll

 

[Broni]

2019-04-29 19:51 - 2019-01-31 00:12 - 000511536 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000453168 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000452632 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000448496 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000406344 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000392976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000367504 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000366016 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000360240 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000343808 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000332904 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000327376 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000327168 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000315872 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000278160 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000261128 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000261096 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000260104 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000232024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000220496 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000203736 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000193080 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000190824 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000190824 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000184216 _____ (ASUSTeK COMPUTER INC.) C:\WINDOWS\system32\ATKWMI.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000179488 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000157240 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000139648 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000116640 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000094032 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000091016 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000090064 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000088424 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2019-04-29 19:51 - 2019-01-31 00:12 - 000083728 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2019-04-29 19:51 - 2019-01-30 23:48 - 026612405 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2019-04-29 19:51 - 2018-01-15 14:40 - 002856800 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2019-04-29 19:42 - 2019-04-29 19:42 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2019-04-29 19:41 - 2019-01-02 00:07 - 000031712 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AMDPCIDev.sys
2019-04-29 19:41 - 2018-11-12 23:39 - 000034568 _____ (Advanced Micro Devices, Inc) C:\WINDOWS\system32\Drivers\amdgpio2.sys
2019-04-29 19:41 - 2018-10-03 04:18 - 000466312 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\tbaseregistry64.dll
2019-04-29 19:41 - 2018-10-03 04:18 - 000421448 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\t-base_client_api.dll
2019-04-29 19:41 - 2018-10-03 04:18 - 000368008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\tbaseregistry32.dll
2019-04-29 19:41 - 2018-10-03 04:18 - 000336456 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\t-base_client_api.dll
2019-04-29 19:41 - 2018-10-03 04:18 - 000137688 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\Drivers\amdpsp.sys
2019-04-29 19:41 - 2018-10-03 04:06 - 000024288 _____ (Advanced Micro Devices, Inc) C:\WINDOWS\system32\Drivers\amdgpio3.sys
2019-04-29 19:39 - 2019-04-29 19:39 - 000002036 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk
2019-04-29 19:34 - 2019-04-29 19:34 - 000000000 ____D C:\Users\Gaspar\AppData\Local\workflowy-updater
2019-04-29 18:47 - 2019-04-29 18:47 - 000000000 ____D C:\Users\Gaspar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crucial Storage Executive
2019-04-29 18:25 - 2019-04-29 19:45 - 000000000 ____D C:\Users\Gaspar\AppData\Local\NVIDIA Corporation
2019-04-29 18:10 - 2019-04-30 03:41 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-29 18:10 - 2019-04-30 03:41 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-29 18:10 - 2019-04-30 03:41 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-29 18:10 - 2019-04-30 03:41 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-29 18:10 - 2019-04-30 03:41 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-29 18:10 - 2019-04-30 03:41 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-29 18:10 - 2019-04-30 03:41 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-29 18:09 - 2019-04-29 18:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2019-04-29 18:09 - 2019-04-17 17:08 - 005432360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-04-29 18:09 - 2019-04-17 17:08 - 002637808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-04-29 18:09 - 2019-04-17 17:08 - 001767280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-04-29 18:09 - 2019-04-17 17:08 - 000651248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-04-29 18:09 - 2019-04-17 17:08 - 000450872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-04-29 18:09 - 2019-04-17 17:08 - 000125424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-04-29 18:09 - 2019-04-17 17:08 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-04-29 18:09 - 2019-04-14 01:20 - 008557932 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-04-29 18:09 - 2019-03-06 12:55 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-04-29 18:07 - 2019-04-18 13:04 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-04-29 18:07 - 2019-04-18 13:04 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-04-29 18:07 - 2019-04-18 13:04 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-04-29 18:07 - 2019-04-18 13:04 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-04-29 18:07 - 2019-04-18 13:04 - 000552328 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-04-29 18:07 - 2019-04-18 13:04 - 000456904 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-04-29 18:07 - 2019-04-18 13:04 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-04-29 18:07 - 2019-04-18 13:04 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-04-29 18:07 - 2019-04-18 13:04 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-04-29 18:07 - 2019-04-18 13:04 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-04-29 18:07 - 2019-04-18 13:03 - 011048896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-04-29 18:07 - 2019-04-18 13:03 - 009485192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-04-29 18:07 - 2019-04-18 13:02 - 002039176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-04-29 18:07 - 2019-04-18 13:02 - 001722064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443039.dll
2019-04-29 18:07 - 2019-04-18 13:02 - 001540032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-04-29 18:07 - 2019-04-18 13:02 - 001470208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-04-29 18:07 - 2019-04-18 13:02 - 001467648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443039.dll
2019-04-29 18:07 - 2019-04-18 13:02 - 001162176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-04-29 18:07 - 2019-04-18 13:02 - 001134288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-04-29 18:07 - 2019-04-18 13:02 - 000911808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-04-29 18:07 - 2019-04-18 13:02 - 000821128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-04-29 18:07 - 2019-04-18 13:02 - 000808656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-04-29 18:07 - 2019-04-18 13:02 - 000675024 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-04-29 18:07 - 2019-04-18 13:02 - 000654272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-04-29 18:07 - 2019-04-18 13:02 - 000631040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-04-29 18:07 - 2019-04-18 13:02 - 000541904 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-04-29 18:07 - 2019-04-18 13:02 - 000522120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-04-29 18:07 - 2019-04-18 13:01 - 040412368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-04-29 18:07 - 2019-04-18 13:01 - 035269568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-04-29 18:07 - 2019-04-18 13:01 - 020187584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-04-29 18:07 - 2019-04-18 13:01 - 017464712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-04-29 18:07 - 2019-04-18 13:01 - 005421768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-04-29 18:07 - 2019-04-18 13:01 - 004758736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-04-29 18:07 - 2019-04-18 09:57 - 005083376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-04-29 18:07 - 2019-04-18 09:57 - 004340480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-04-29 18:07 - 2019-04-17 19:25 - 001682368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2019-04-29 18:07 - 2019-04-17 19:25 - 000228608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2019-04-29 18:07 - 2019-04-17 19:25 - 000052255 _____ C:\WINDOWS\system32\nvinfo.pb
2019-04-29 18:07 - 2019-04-17 19:25 - 000046848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-04-29 16:48 - 2019-04-30 03:41 - 000002588 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2019-04-29 13:52 - 2019-04-29 13:54 - 000000000 ____D C:\AdwCleaner
2019-04-29 13:52 - 2019-04-29 13:52 - 007025360 _____ (Malwarebytes) C:\Users\Gaspar\Desktop\AdwCleaner.exe
2019-04-29 13:50 - 2019-04-29 13:50 - 000001228 _____ C:\Users\Gaspar\Desktop\mbytes_log.txt
2019-04-29 13:17 - 2019-04-29 13:17 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-04-29 13:16 - 2019-04-29 13:16 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-29 13:16 - 2019-04-29 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-29 13:16 - 2019-04-29 13:15 - 063194536 _____ (Malwarebytes ) C:\Users\Gaspar\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.586-1.0.10374.exe
2019-04-29 13:16 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-04-29 13:16 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-29 12:57 - 2019-04-29 12:57 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2019-04-29 12:56 - 2019-04-30 11:48 - 000003144 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
2019-04-29 12:56 - 2019-04-29 13:08 - 000000000 ____D C:\Program Files\RogueKiller
2019-04-29 12:56 - 2019-04-29 12:56 - 000000000 ____D C:\ProgramData\RogueKiller
2019-04-29 12:56 - 2019-04-29 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-04-29 12:54 - 2019-04-29 12:53 - 029937376 _____ (Adlice Software ) C:\Users\Gaspar\Desktop\RogueKiller_setup_ref3.exe
2019-04-28 20:25 - 2019-04-30 11:53 - 000000000 ____D C:\FRST
2019-04-28 17:52 - 2019-04-30 03:41 - 000003288 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1495737404
2019-04-28 17:52 - 2019-04-28 17:52 - 000001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-04-28 17:49 - 2019-04-30 03:39 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-04-28 17:49 - 2019-04-28 17:49 - 000476776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-04-28 17:49 - 2019-04-28 17:49 - 000385848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-04-28 17:49 - 2019-04-28 17:49 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-04-28 17:49 - 2019-04-28 17:49 - 000002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2019-04-28 17:49 - 2019-04-28 17:49 - 000002154 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-04-28 17:49 - 2019-04-28 17:49 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2019-04-28 17:49 - 2019-04-28 17:49 - 000000000 ____D C:\Users\Gaspar\AppData\Roaming\AVAST Software
2019-04-28 17:49 - 2019-04-28 17:49 - 000000000 ____D C:\Users\Gaspar\AppData\Local\AVAST Software
2019-04-28 17:49 - 2019-04-28 17:48 - 001031000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-04-28 17:49 - 2019-04-28 17:48 - 000320624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-04-28 17:49 - 2019-04-28 17:48 - 000257832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-04-28 17:49 - 2019-04-28 17:48 - 000254128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-04-28 17:49 - 2019-04-28 17:48 - 000220640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-04-28 17:49 - 2019-04-28 17:48 - 000205400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-04-28 17:49 - 2019-04-28 17:48 - 000196000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-04-28 17:49 - 2019-04-28 17:48 - 000166848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-04-28 17:49 - 2019-04-28 17:48 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-04-28 17:49 - 2019-04-28 17:48 - 000088160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-04-28 17:49 - 2019-04-28 17:48 - 000057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-04-28 17:49 - 2019-04-28 17:48 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-04-28 17:49 - 2019-04-28 17:48 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-04-28 17:49 - 2019-04-28 17:48 - 000015488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2019-04-28 17:48 - 2019-04-28 17:48 - 000362888 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-04-28 17:48 - 2019-04-28 17:48 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-28 17:48 - 2019-04-28 17:48 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-04-28 17:48 - 2019-04-28 17:48 - 000000000 ____D C:\Program Files\AVAST Software
2019-04-23 13:33 - 2019-04-23 13:33 - 000002202 _____ C:\Users\Gaspar\Desktop\Slack.lnk
2019-04-12 00:59 - 2019-04-12 00:59 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-10 18:53 - 2019-04-28 01:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-04-10 14:14 - 2019-04-10 14:14 - 026810368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 023440896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 020815360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 019025408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 012843520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 012139008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-10 14:14 - 2019-04-10 14:14 - 007877120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 007645608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 006544824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 006071296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 004660224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 004588536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-04-10 14:14 - 2019-04-10 14:14 - 003904512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 003657728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-10 14:14 - 2019-04-10 14:14 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 002925880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-10 14:14 - 2019-04-10 14:14 - 002720256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-10 14:14 - 2019-04-10 14:14 - 002469376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-10 14:14 - 2019-04-10 14:14 - 002438368 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 002022304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001830200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001672704 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001590064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001496576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001478968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001467344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001256448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-10 14:14 - 2019-04-10 14:14 - 001221944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001072640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 001054200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-10 14:14 - 2019-04-10 14:14 - 001044280 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-10 14:14 - 2019-04-10 14:14 - 001019392 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000865784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000793832 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000725928 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000653040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-04-10 14:14 - 2019-04-10 14:14 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000474928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-04-10 14:14 - 2019-04-10 14:14 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-10 14:14 - 2019-04-10 14:14 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000263600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-10 14:14 - 2019-04-10 14:14 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000090424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-10 14:14 - 2019-04-10 14:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-04-10 14:14 - 2019-04-10 14:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-04-10 14:14 - 2019-04-10 14:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-04-10 14:14 - 2019-04-10 14:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-04-10 14:14 - 2019-04-10 14:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-04-10 14:14 - 2019-04-10 14:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-04-10 14:14 - 2019-04-10 14:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-04-10 14:14 - 2019-04-10 14:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-04-10 14:11 - 2019-04-01 14:02 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-10 14:11 - 2019-04-01 14:02 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-03 12:47 - 2019-04-03 12:47 - 015223296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 008898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 007919104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 006925824 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 006440960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 006309040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 005765120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 005205448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 004527624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 003690496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 003602944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 003496448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AI.MachineLearning.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 003421696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 002942464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 002777224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 002701304 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 002689024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 002627384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-03 12:47 - 2019-04-03 12:47 - 002346496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 002275896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 002127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001994768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001969464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-04-03 12:47 - 2019-04-03 12:47 - 001860096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001760768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001711104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001697752 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-03 12:47 - 2019-04-03 12:47 - 001687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001647632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001615872 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuin.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001506304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001468952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 001459080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001458056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001370624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001360184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-04-03 12:47 - 2019-04-03 12:47 - 001342400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-03 12:47 - 2019-04-03 12:47 - 001297120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001294520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001259320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-04-03 12:47 - 2019-04-03 12:47 - 001249280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001179680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 001155072 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001072424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000981816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-04-03 12:47 - 2019-04-03 12:47 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000964096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000909840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000828728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000821048 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000772608 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-04-03 12:47 - 2019-04-03 12:47 - 000762880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000731648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000730936 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000730112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000672256 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000620560 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessManager.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000617784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000598544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000553784 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000540448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000461112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000460800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000454144 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-04-03 12:47 - 2019-04-03 12:47 - 000408528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe

 

[Broni]

2019-04-03 12:47 - 2019-04-03 12:47 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000317240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-04-03 12:47 - 2019-04-03 12:47 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000312632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000147496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000143880 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000115360 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000107832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvsetup.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssecuser.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000071208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscapi.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfts.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfts.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2019-04-03 12:47 - 2019-04-03 12:47 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-03 12:47 - 2019-04-03 12:47 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscdll.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 017513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 004991112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AI.MachineLearning.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 004704272 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 004304896 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 003557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 003377976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 003334496 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 002842624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 002592816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 002042368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 002017792 _____ C:\WINDOWS\system32\rdpnano.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001918464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001856000 ____R (The ICU Project) C:\WINDOWS\system32\icuin.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001844448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001671680 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001641400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001616384 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001567232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001311232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001259320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 001213752 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001191728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001133568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2019-04-03 12:46 - 2019-04-03 12:46 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-03 12:46 - 2019-04-03 12:46 - 001053192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 001035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001022616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000998712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-04-03 12:46 - 2019-04-03 12:46 - 000984888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-04-03 12:46 - 2019-04-03 12:46 - 000982880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000974352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000882176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-04-03 12:46 - 2019-04-03 12:46 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000871792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2019-04-03 12:46 - 2019-04-03 12:46 - 000809784 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000807424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 000799568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000761280 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000757664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-03 12:46 - 2019-04-03 12:46 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000675096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000651792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 000651064 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-04-03 12:46 - 2019-04-03 12:46 - 000611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000609792 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000568632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000552448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-04-03 12:46 - 2019-04-03 12:46 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000513040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000508208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000506168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_PCDisplay.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000485192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000407504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000404792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000386872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000386360 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000384312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000343984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000306488 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000283032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiCloudStore.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000257696 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000255128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmBroker.exe
2019-04-03 12:46 - 2019-04-03 12:46 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000234808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 000195896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.CredentialProvider.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000169784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-04-03 12:46 - 2019-04-03 12:46 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000159272 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-03 12:46 - 2019-04-03 12:46 - 000159112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winquic.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000157496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winquic.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000134456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000131384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-04-03 12:46 - 2019-04-03 12:46 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000098664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000097808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-04-03 12:46 - 2019-04-03 12:46 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscapi.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000039736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WppRecorder.sys
2019-04-03 12:46 - 2019-04-03 12:46 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-04-03 12:46 - 2019-04-03 12:46 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscdll.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-03 12:46 - 2019-04-03 12:46 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-01 12:59 - 2019-04-01 12:59 - 000001027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2019-04-01 12:59 - 2019-04-01 12:59 - 000001003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-30 11:52 - 2017-09-03 17:23 - 000000000 ____D C:\Program Files (x86)\PC-FAXReceive
2019-04-30 11:51 - 2018-04-26 19:15 - 000002557 _____ C:\Users\Gaspar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2019-04-30 11:51 - 2018-04-26 19:15 - 000002520 _____ C:\Users\Gaspar\Desktop\Google Chrome Canary.lnk
2019-04-30 11:50 - 2018-04-17 21:35 - 000000000 ____D C:\Users\Gaspar\AppData\Roaming\Slack
2019-04-30 11:50 - 2017-05-25 12:55 - 000000000 ____D C:\Users\Gaspar\AppData\LocalLow\Mozilla
2019-04-30 11:48 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-30 04:15 - 2017-05-27 03:22 - 000000000 ____D C:\ProgramData\NVIDIA
2019-04-30 04:15 - 2017-05-25 23:59 - 000000000 ____D C:\Users\Gaspar\AppData\Roaming\MusicBee
2019-04-30 03:41 - 2019-02-22 00:33 - 000003520 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859587088-677505421-2901372731-1001UA
2019-04-30 03:41 - 2019-02-22 00:33 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-04-30 03:41 - 2019-02-22 00:33 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-30 03:41 - 2019-02-22 00:33 - 000003252 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859587088-677505421-2901372731-1001Core
2019-04-30 03:41 - 2019-02-22 00:33 - 000003180 _____ C:\WINDOWS\System32\Tasks\klcp_update
2019-04-30 03:41 - 2019-02-22 00:33 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-30 03:41 - 2019-02-22 00:33 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3859587088-677505421-2901372731-500
2019-04-30 02:26 - 2017-05-28 02:47 - 000000000 ____D C:\Users\Gaspar\AppData\Roaming\discord
2019-04-30 01:51 - 2019-02-22 00:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-29 21:57 - 2017-05-27 03:21 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-04-29 20:45 - 2017-05-28 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2019-04-29 20:45 - 2017-05-28 15:22 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2019-04-29 20:31 - 2018-09-15 03:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-29 20:08 - 2017-05-25 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2019-04-29 20:08 - 2017-05-25 13:01 - 000000000 ____D C:\Program Files (x86)\MSI
2019-04-29 20:08 - 2017-05-25 13:01 - 000000000 ____D C:\MSI
2019-04-29 20:06 - 2017-06-13 10:36 - 000000000 ____D C:\Users\Gaspar\AppData\Local\CrashDumps
2019-04-29 20:04 - 2019-02-22 00:24 - 001371812 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-29 20:04 - 2019-02-21 23:49 - 000460204 _____ C:\WINDOWS\system32\perfh011.dat
2019-04-29 20:04 - 2019-02-21 23:49 - 000124928 _____ C:\WINDOWS\system32\perfc011.dat
2019-04-29 20:04 - 2018-09-15 03:31 - 000000000 ____D C:\WINDOWS\INF
2019-04-29 20:04 - 2017-05-25 04:58 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-29 19:57 - 2019-02-22 00:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-29 19:57 - 2018-09-15 02:09 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-04-29 19:56 - 2017-05-25 13:07 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-04-29 19:52 - 2017-05-25 13:07 - 000000000 ___HD C:\Program Files (x86)\Temp
2019-04-29 19:52 - 2017-05-25 13:07 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-04-29 19:52 - 2017-05-25 13:07 - 000000000 ____D C:\WINDOWS\system32\DAX3
2019-04-29 19:52 - 2017-05-25 13:07 - 000000000 ____D C:\WINDOWS\system32\DAX2
2019-04-29 19:42 - 2017-06-27 23:24 - 000000000 ____D C:\Program Files (x86)\AMD
2019-04-29 19:37 - 2018-12-31 06:00 - 000000000 ____D C:\Users\Gaspar\AppData\Roaming\Dynalist
2019-04-29 19:34 - 2017-10-07 18:20 - 000000000 ____D C:\Users\Gaspar\AppData\Roaming\WorkFlowy
2019-04-29 18:49 - 2017-05-25 13:45 - 000000000 ____D C:\Users\Gaspar\AppData\Local\JxBrowser
2019-04-29 18:10 - 2017-05-27 03:21 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-04-29 18:10 - 2017-05-27 03:19 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-04-29 18:09 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\Help
2019-04-29 18:08 - 2018-01-23 02:53 - 000000000 ____D C:\Users\Gaspar\AppData\Local\NVIDIA
2019-04-29 16:48 - 2017-05-26 16:05 - 000000000 ____D C:\Users\Gaspar\AppData\Local\ElevatedDiagnostics
2019-04-29 15:49 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-04-29 13:16 - 2018-09-15 03:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-29 13:16 - 2017-05-25 14:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-29 12:55 - 2017-09-03 17:22 - 000008051 _____ C:\WINDOWS\BRRBCOM.INI
2019-04-29 01:53 - 2018-09-15 03:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-29 01:53 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-28 17:52 - 2017-05-25 14:35 - 000000000 ____D C:\Program Files\Opera
2019-04-28 17:51 - 2017-06-01 23:13 - 000000000 ____D C:\Program Files\IrfanView
2019-04-28 17:51 - 2017-05-25 13:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-04-28 17:51 - 2017-05-25 13:44 - 000000000 ____D C:\Program Files\7-Zip
2019-04-28 17:15 - 2017-07-16 02:40 - 000000000 ____D C:\Users\Gaspar\AppData\Roaming\qBittorrent
2019-04-28 01:29 - 2017-05-25 12:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-24 15:49 - 2018-07-10 04:49 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2019-04-24 15:49 - 2017-05-27 02:32 - 000000000 ____D C:\Users\Gaspar\AppData\Roaming\Notepad++
2019-04-24 15:49 - 2017-05-27 02:32 - 000000000 ____D C:\Program Files\Notepad++
2019-04-23 13:36 - 2018-02-14 01:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-23 13:33 - 2018-04-17 21:35 - 000000000 ____D C:\Users\Gaspar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2019-04-23 13:33 - 2018-04-17 21:35 - 000000000 ____D C:\Users\Gaspar\AppData\Local\slack
2019-04-23 13:33 - 2017-05-28 02:47 - 000000000 ____D C:\Users\Gaspar\AppData\Local\SquirrelTemp
2019-04-22 00:48 - 2017-05-25 14:36 - 000000000 ____D C:\Users\Gaspar\AppData\Local\Opera Software
2019-04-17 17:58 - 2018-06-13 00:45 - 000000000 ____D C:\Users\Gaspar\Desktop\shortcuts_2
2019-04-13 20:06 - 2017-05-27 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawpile
2019-04-13 20:06 - 2017-05-27 19:29 - 000000000 ____D C:\Program Files\Drawpile
2019-04-11 23:25 - 2017-05-27 17:56 - 000000000 ____D C:\Users\Gaspar\Spine
2019-04-11 07:19 - 2017-05-25 12:55 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-04-10 14:17 - 2019-02-22 00:17 - 000511040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-10 14:16 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-10 14:11 - 2017-05-25 04:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-10 14:10 - 2017-05-25 04:04 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-09 02:38 - 2017-05-28 03:15 - 000000000 ____D C:\Users\Gaspar\AppData\Local\Spotify
2019-04-09 02:21 - 2017-05-28 03:15 - 000000000 ____D C:\Users\Gaspar\AppData\Roaming\Spotify
2019-04-04 22:37 - 2017-05-25 14:32 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-03 12:53 - 2018-09-15 05:11 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-04-03 12:53 - 2018-09-15 03:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-04-03 12:53 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-04-03 12:53 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-04-03 12:53 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-04-03 12:53 - 2018-09-15 02:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-04-01 13:06 - 2017-05-25 21:03 - 000000000 ____D C:\Users\Gaspar\AppData\Roaming\Toon Boom Animation
2019-04-01 12:59 - 2018-06-01 15:50 - 000000000 ____D C:\Program Files\FreeFileSync
2019-03-31 04:06 - 2017-10-29 01:27 - 000000000 ____D C:\Users\Gaspar\AppData\Local\RealVNC

==================== Files in the root of some directories =======

2018-09-05 00:32 - 2018-09-11 17:29 - 000000600 _____ () C:\Users\Gaspar\AppData\Local\PUTTY.RND
2018-08-24 15:03 - 2018-08-24 15:03 - 000000218 _____ () C:\Users\Gaspar\AppData\Local\recently-used.xbel
2017-07-10 12:58 - 2017-07-10 12:58 - 000007602 _____ () C:\Users\Gaspar\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

 

[Broni]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.04.2019
Ran by Gaspar (30-04-2019 11:54:54)
Running from C:\Users\Gaspar\Desktop
Windows 10 Pro Version 1809 17763.437 (X64) (2019-02-22 04:33:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3859587088-677505421-2901372731-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3859587088-677505421-2901372731-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3859587088-677505421-2901372731-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gaspar (S-1-5-21-3859587088-677505421-2901372731-1001 - Administrator - Enabled) => C:\Users\Gaspar
Guest (S-1-5-21-3859587088-677505421-2901372731-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3859587088-677505421-2901372731-1020 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3859587088-677505421-2901372731-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.5 (HKLM\...\{180B9AE1-F87B-4107-8C68-4265E927D6A8}) (Version: 4.5.0.2482 - Open Media LLC)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.50.16.01 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version: - )
Atom (HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\atom) (Version: 1.35.1 - GitHub Inc.)
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
Balanced (HKLM-x32\...\{EFD0705E-598B-46D4-8D5B-4539431764B8}) (Version: 2.02.0000 - Advanced Micro Devices, Inc.) Hidden
BrLauncher (HKLM-x32\...\{C661197A-6B93-4E37-9E3F-2A1DFCD64234}) (Version: 1.1.15.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Port Driver (HKLM-x32\...\{A1562B01-0760-40EB-BCA7-5A15CE039B6B}) (Version: 1.1.8.8 - Brother Industries Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{A17C3197-24C9-493B-BB9A-A73800A0B61A}) (Version: 1.6.0.1 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{AE0056FC-36C2-4C09-B9BB-9111617914EA}) (Version: 1.0.11.11 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (HKLM-x32\...\{F8F9EB58-33BA-4FF8-80E7-66D87D2E0C3C}) (Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
CLIP STUDIO 1.8.6 (HKLM-x32\...\{49274EB8-4598-47E6-8039-9BB7CE07627E}) (Version: 1.8.6 - CELSYS)
CLIP STUDIO PAINT 1.8.8 (HKLM-x32\...\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}) (Version: 1.8.8 - CELSYS)
ComicRack v0.9.178 (HKLM\...\ComicRack) (Version: v0.9.178 - cYo Soft)
ControlCenter4 (HKLM-x32\...\{9ADB625A-7F6D-4C48-9058-4767A55D5424}) (Version: 4.2.438.1 - Brother Insutries Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{1BAE50D4-5F2A-4E34-BD81-B4555109F7C2}) (Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden
Crucial Storage Executive (HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\Crucial Storage Executive 3.60.082018.04) (Version: 3.65.012019.06 - Crucial)
Debloater (HKLM-x32\...\{2045C97A-8D9A-47E2-A76A-E6A69CB7030B}) (Version: 3.90 - Gatesjunior Developer)
DeviceDetect (HKLM-x32\...\{FF45CD35-CEAA-4B57-81DA-8F215B9249CB}) (Version: 1.4.2.0 - Brother Industries Ltd.) Hidden
Discord (HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Drawpile 2.1.7 (HKLM\...\{DC47B534-E365-4054-85F0-2E7C6CCB76CC}_is1) (Version: 2.1.7 - )
Dynalist 1.0.4 (only current user) (HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\1e78cdbc-7a18-5e02-93fd-c98dee19d9b8) (Version: 1.0.4 - Dynalist Inc.)
Etcher 1.4.4 (only current user) (HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\573339af-d9e1-5dd3-804c-e0162fac1f41) (Version: 1.4.4 - Resin Inc.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FreeFileSync 10.10 (HKLM-x32\...\FreeFileSync_is1) (Version: 10.10 - FreeFileSync.org)
Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\Google Chrome SxS) (Version: 76.0.3781.0 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 3.0.2.0 - Google LLC.)
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
Inkscape 0.92.2 (HKLM-x32\...\Inkscape) (Version: 0.92.2 - Inkscape Project)
IrfanView 4.52 (64-bit) (HKLM\...\IrfanView64) (Version: 4.52 - Irfan Skiljan)
K-Lite Mega Codec Pack 14.9.2 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.9.2 - KLCP)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LibreOffice 6.1.3.2 (HKLM\...\{70F02214-8FF6-48DF-AF3E-7D1A5F7A6BAC}) (Version: 6.1.3.2 - The Document Foundation)
LINE (HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\LINE) (Version: 5.16.1.1930 - LINE Corporation)
Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.123 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3859587088-677505421-2901372731-500\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 66.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.3 (x64 en-US)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.56 - MSI)
MusicBee 3.2 (HKLM-x32\...\MusicBee) (Version: 3.2 - Steven Mayall)
NetworkRepairTool (HKLM-x32\...\{4694AD3E-D4A2-4D98-9848-662A0475E872}) (Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
Node.js (HKLM\...\{81FDC114-BADF-47AA-8A08-B03661FB4991}) (Version: 8.11.4 - Node.js Foundation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6.6 - Notepad++ Team)
NVIDIA Graphics Driver 430.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 430.39 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Opera Stable 60.0.3255.70 (HKLM-x32\...\Opera 60.0.3255.70) (Version: 60.0.3255.70 - Opera Software)
PC-FAXReceive (HKLM-x32\...\{DD40894F-7575-4905-90AB-695FD827E358}) (Version: 1.4.24.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{63530B2D-3A34-4D79-A52D-F3EB5D99A7C1}) (Version: 1.1.1.1 - Brother Industries Ltd.) Hidden
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
Python 3.6.2 Add to Path (64-bit) (HKLM\...\{61F0B6BA-8654-4B98-879E-DAC80FD6C6AF}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Core Interpreter (64-bit) (HKLM\...\{DBBB1BBC-A398-4262-9C25-D7A6E9B06841}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Development Libraries (64-bit) (HKLM\...\{7EC331E8-5683-4B2B-A22B-5925DBE5E06E}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Documentation (64-bit) (HKLM\...\{978543A0-731D-4BEF-9CB6-9835B1DFFB33}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Executables (64-bit) (HKLM\...\{90A9D089-DB6E-48DC-9EEC-7F2229B2DFF0}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 pip Bootstrap (64-bit) (HKLM\...\{4FF902DF-D960-4A78-9C04-9D8E1CC33149}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Standard Library (64-bit) (HKLM\...\{1D2E9660-8DD7-4830-AFA6-5EC160F37A4E}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Tcl/Tk Support (64-bit) (HKLM\...\{27B26342-82FB-4CA4-9ADB-D09982631CB0}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Test Suite (64-bit) (HKLM\...\{9EE8E58D-3021-40C5-8FBB-BF3A91A0B44D}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Utility Scripts (64-bit) (HKLM\...\{907B8BA6-C91D-4A8E-8237-828BFAB77C63}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 (32-bit) (HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\{0f40e78b-67e1-4e0c-a2fd-e9325d9dfc82}) (Version: 3.7.2150.0 - Python Software Foundation)
Python 3.7.2 Add to Path (32-bit) (HKLM-x32\...\{A0253733-D4C4-4964-AB97-C5C80FCD580F}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Core Interpreter (32-bit) (HKLM-x32\...\{3A09B849-4D48-41AA-9461-112E6CEC405D}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Development Libraries (32-bit) (HKLM-x32\...\{A14E7090-5888-460B-9003-1C3DA5AD3D35}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Documentation (32-bit) (HKLM-x32\...\{D2FA452F-4742-4805-BEB1-AC81ED48F4A8}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Executables (32-bit) (HKLM-x32\...\{D6FF50CC-E41E-4FFB-B7B9-72D71BF00C55}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 pip Bootstrap (32-bit) (HKLM-x32\...\{0D2B3674-3B1E-4281-B5FD-37D700602129}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Standard Library (32-bit) (HKLM-x32\...\{667226B8-23CA-47C1-A070-D3B85E8C9292}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{34AD493A-01AA-4D6A-9229-BF0406F22D14}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Test Suite (32-bit) (HKLM-x32\...\{F0B6A6E9-C7E1-4730-A29D-71C02B800028}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Utility Scripts (32-bit) (HKLM-x32\...\{06CE3F8B-A658-462C-AD3D-FA7142297E97}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{FA2A3867-8965-4CF7-83E2-C8960652F5AD}) (Version: 3.7.6565.0 - Python Software Foundation)
qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8627 - Realtek Semiconductor Corp.)
RemoteSetup (HKLM-x32\...\{BDD8C463-1183-4A91-9EC8-BF68E4ECA9B6}) (Version: 3.9.2.1 - Brother Industries Ltd.) Hidden
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
RogueKiller version 13.1.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.1.10.0 - Adlice Software)
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
SD Card Formatter (HKLM-x32\...\{A61131DC-B92D-4AD8-A925-E2D6D5FE217C}) (Version: 5.0.1 - SD Association)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Shotcut (HKLM-x32\...\Shotcut) (Version: 18.10.08 - Meltytech, LLC)
Slack (HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\slack) (Version: 3.4.0 - Slack Technologies)
Spine (HKLM-x32\...\Product) (Version: - )
Spotify (HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\Spotify) (Version: 1.0.94.262.g3d5c231c - Spotify AB)
StatusMonitor (HKLM-x32\...\{86D16055-3C14-44C6-BCD7-5514B83BAD34}) (Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
Toon Boom Harmony 15.0 Essentials (HKLM-x32\...\{3C04C001-16E0-420F-8588-54F4DC883781}) (Version: 15.0.5 - Toon Boom Animation)
UninstallTabletDeviceDriver (HKLM\...\{39089688-F09E-4DAD-8C80-647D3DF68630}_is1) (Version: 12.3.7 - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
UsbRepairTool (HKLM-x32\...\{523276A4-5779-4105-9163-CA1CF94EC533}) (Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
VNC Viewer 6.19.107 (HKLM\...\{3F90FEAD-B83F-44BC-BCE0-7C8D260B1BDB}) (Version: 6.19.107.39927 - RealVNC Ltd)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation)
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Zoom (HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3859587088-677505421-2901372731-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Gaspar\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3859587088-677505421-2901372731-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Gaspar\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859587088-677505421-2901372731-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gaspar\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3859587088-677505421-2901372731-1001_Classes\CLSID\{FA372A6E-149F-4E95-832D-8F698D40AD7F}\localserver32 -> C:\Users\Gaspar\AppData\Local\Google\Chrome SxS\Application\76.0.3781.0\notification_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-28] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Gaspar\Desktop\drawpile-srv - Shortcut.lnk -> C:\Program Files\Drawpile\drawpile-srv.exe () -> --gui --remote hxxp://datanimeswag.mooo.com:8081/

==================== Loaded Modules (Whitelisted) ==============

2017-05-26 15:44 - 2010-11-12 05:00 - 000302080 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNCALAN.DLL
2017-05-26 15:44 - 2012-03-14 05:00 - 000385024 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMLMAN.DLL
2018-06-09 13:55 - 2018-01-18 15:39 - 000314368 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
2019-02-21 21:00 - 2019-02-21 21:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-04-06 14:29 - 2018-04-06 14:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\ssleay32.dll
2018-04-06 14:29 - 2018-04-06 14:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LIBEAY32.dll
2019-01-13 20:10 - 2018-11-06 15:22 - 000093720 _____ () [File not signed] C:\Program Files\Git\mingw64\bin\ZLIB1.dll
2018-06-09 13:55 - 2018-01-19 11:26 - 002976256 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
2019-04-29 19:39 - 2005-07-18 13:43 - 000160256 _____ () [File not signed] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2009-02-27 16:38 - 2009-02-27 16:38 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-06-09 13:55 - 2018-01-18 15:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2018-06-09 13:55 - 2017-12-22 12:53 - 000122880 _____ ( ) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2018-06-09 13:55 - 2017-12-22 12:53 - 000025299 _____ () [File not signed] C:\Program Files (x86)\Browny02\brlm03a.dll
2018-06-09 13:55 - 2018-01-18 15:39 - 001720832 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2018-06-09 13:55 - 2018-01-18 15:39 - 000208896 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3859587088-677505421-2901372731-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3859587088-677505421-2901372731-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gaspar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3859587088-677505421-2901372731-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "MSIRegister"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-3859587088-677505421-2901372731-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{72FDEA4A-D38F-462B-885A-1DEF91CCDAD3}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{08DCCD9A-81BC-4CE3-B2B9-3D2E9F9CDC24}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{C843CFA4-C919-49D2-8092-614429E57945}C:\users\gaspar\appdata\local\atom\app-1.33.1\atom.exe] => (Allow) C:\users\gaspar\appdata\local\atom\app-1.33.1\atom.exe (GitHub, Inc. -> GitHub, Inc.)
FirewallRules: [TCP Query User{F4E708A6-9DB8-484F-9DC1-96A86C512449}C:\users\gaspar\appdata\local\atom\app-1.33.1\atom.exe] => (Allow) C:\users\gaspar\appdata\local\atom\app-1.33.1\atom.exe (GitHub, Inc. -> GitHub, Inc.)
FirewallRules: [UDP Query User{0B2277B3-2F04-4EB0-9CF4-80B4CB7EA2AE}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [TCP Query User{64067411-03B4-415F-8994-7A3F1B2080F9}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [UDP Query User{8950788A-898B-46C4-8CF9-C2AD52CBEB3D}C:\program files (x86)\toon boom animation\toon boom harmony 15.0 essentials\win64\bin\harmonyessentials.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 15.0 essentials\win64\bin\harmonyessentials.exe (Toon Boom Animation Inc -> Toon Boom Animation Inc.)
FirewallRules: [TCP Query User{3F5BD11B-6BD2-4D78-8A01-91993E15B475}C:\program files (x86)\toon boom animation\toon boom harmony 15.0 essentials\win64\bin\harmonyessentials.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 15.0 essentials\win64\bin\harmonyessentials.exe (Toon Boom Animation Inc -> Toon Boom Animation Inc.)
FirewallRules: [UDP Query User{5BAEB659-6225-48D4-858F-2B1297CA9790}C:\program files\storyboarder\storyboarder.exe] => (Allow) C:\program files\storyboarder\storyboarder.exe No File
FirewallRules: [TCP Query User{32016180-B3FC-4B5A-9ACE-CD6A10F3965D}C:\program files\storyboarder\storyboarder.exe] => (Allow) C:\program files\storyboarder\storyboarder.exe No File
FirewallRules: [UDP Query User{453F88D5-FC94-40EB-93B0-226855332082}D:\a gaspar\documents\rom_test\bgb\bgb.exe] => (Allow) D:\gaspar\documents\rom_test\bgb\bgb.exe No File
FirewallRules: [TCP Query User{998B4E6B-8539-4396-AAE6-88706FF2CDA8}D:\a gaspar\documents\rom_test\bgb\bgb.exe] => (Allow) D:\gaspar\documents\rom_test\bgb\bgb.exe No File
FirewallRules: [{B0C83063-865F-4632-9ABF-73552DB42F85}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{49491773-00E5-43E1-ADA1-47B3C3EA052A}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [UDP Query User{28C717F8-98FF-4414-B3E1-BC1F4796239C}C:\users\a gaspar\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\gaspar\appdata\local\amazon music\amazon music helper.exe No File
FirewallRules: [TCP Query User{B7F6DE35-AC95-47EF-A8B2-D38ADCABC58C}C:\users\a gaspar\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\gaspar\appdata\local\amazon music\amazon music helper.exe No File
FirewallRules: [{EFF39D0F-355A-4DEC-A17B-35DD76D1EBAA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3BDE85AB-81AE-4A02-8CD2-57BBC94E79EC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{E997593E-BA0C-436B-AA04-D1FF1110A352}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{0D143E52-4298-41A5-9BF9-FA26EDD1414C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{39C772B3-7A7E-40C2-9259-C10DD65CAC81}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe () [File not signed]
FirewallRules: [TCP Query User{304A375B-D790-400F-AFDC-9C88CD789C3E}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe () [File not signed]
FirewallRules: [UDP Query User{9723506F-32C7-4BDF-BBD5-BB1F976D8A4D}C:\users\a gaspar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gaspar\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{6F076BE8-3D1A-40D8-B58E-3055233EE4E9}C:\users\a gaspar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gaspar\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A8F9C3C0-C804-4744-B9CD-0D688A544B11}] => (Block) C:\program files (x86)\toon boom animation\toon boom harmony 14.0 essentials\win64\bin\harmonyessentials.exe No File
FirewallRules: [{AE274189-C257-4F17-AAF4-0977DF1F4E6B}] => (Block) C:\program files (x86)\toon boom animation\toon boom harmony 14.0 essentials\win64\bin\harmonyessentials.exe No File
FirewallRules: [UDP Query User{B9A14A2A-F66B-4F11-8679-E7B18C755BBD}C:\program files (x86)\toon boom animation\toon boom harmony 14.0 essentials\win64\bin\harmonyessentials.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 14.0 essentials\win64\bin\harmonyessentials.exe No File
FirewallRules: [TCP Query User{E8FFF627-21E7-4F26-A64D-21AF6254E861}C:\program files (x86)\toon boom animation\toon boom harmony 14.0 essentials\win64\bin\harmonyessentials.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 14.0 essentials\win64\bin\harmonyessentials.exe No File
FirewallRules: [{172CA395-F4FE-463A-A4EF-2F41E76F9A7F}] => (Block) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [{118AFE96-33E9-4402-A2AF-21AE3902B50B}] => (Block) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{8E70AFD2-9CE9-4696-B089-23AE2909B75F}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{42422459-B436-42A9-B037-34D84CBCA331}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{30069BCB-F068-4C77-9A6F-9DF05E50FD90}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe No File
FirewallRules: [UDP Query User{105C2C6C-4ACF-4D87-8BCF-4465861C289D}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe No File
FirewallRules: [TCP Query User{FDE85E5B-3284-41CD-8F38-08D592E152AA}C:\users\a gaspar\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\gaspar\appdata\local\google\chrome sxs\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{F6234EDD-FA9E-42F5-9E89-157180C85B60}C:\users\a gaspar\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\gaspar\appdata\local\google\chrome sxs\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{9686A533-3B6D-4537-87E5-D9CE2C61F6BF}] => (Allow) C:\Users\Gaspar\AppData\Local\LINE\bin\5.14.0.1893\LINE.exe No File
FirewallRules: [{27C6368F-F6B7-4592-8BA4-9D5389D10401}] => (Allow) C:\Users\Gaspar\AppData\Local\LINE\bin\5.14.0.1893\LINE.exe No File
FirewallRules: [{1172239D-40C7-42F5-AAD7-075D03964E9B}] => (Allow) C:\Users\Gaspar\AppData\Local\LINE\bin\5.14.0.1893\LineUpdater.exe No File
FirewallRules: [{A348F133-7DE4-452B-B677-27C9A4581073}] => (Allow) C:\Users\Gaspar\AppData\Local\LINE\bin\5.14.0.1893\LineUpdater.exe No File
FirewallRules: [TCP Query User{FB0D6D24-0347-46E7-B6C8-9156FAA32078}C:\program files\realvnc\vnc viewer\vncviewer.exe] => (Allow) C:\program files\realvnc\vnc viewer\vncviewer.exe (RealVNC Ltd -> RealVNC Ltd)
FirewallRules: [UDP Query User{BBFC82F6-8A03-4B7E-BD43-6B1C68E5DE8B}C:\program files\realvnc\vnc viewer\vncviewer.exe] => (Allow) C:\program files\realvnc\vnc viewer\vncviewer.exe (RealVNC Ltd -> RealVNC Ltd)
FirewallRules: [{510EF7EF-40E2-42F7-A4FC-27AD091166BB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{0C818383-2591-4097-B888-A40229499588}] => (Allow) C:\Program Files\Opera\60.0.3255.59\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{C874B9B8-AE7F-426A-BD83-728551D0A5ED}] => (Allow) c:\program files\opera\60.0.3255.70\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{BECCE704-873F-4D9D-B22D-A52E81A3945C}] => (Allow) LPort=26789

==================== Restore Points =========================

19-04-2019 11:43:25 Scheduled Checkpoint
28-04-2019 18:09:01 Scheduled Checkpoint
29-04-2019 19:41:46 Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429

==================== Faulty Device Manager Devices =============

 

[Broni]

==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2019 08:06:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GamingApp.exe, version: 6.2.0.83, time stamp: 0x5bcfcd30
Faulting module name: KERNELBASE.dll, version: 10.0.17763.404, time stamp: 0x3424aead
Exception code: 0xc000041d
Fault offset: 0x0011c6f2
Faulting process id: 0x1fb8
Faulting application start time: 0x01d4fee84b95a02f
Faulting application path: C:\Program Files (x86)\MSI\Gaming APP\GamingApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: ba924df5-c8df-424a-a14d-7220829ecfd8
Faulting package full name:
Faulting package-relative application ID:

Error: (04/29/2019 08:06:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GamingApp.exe, version: 6.2.0.83, time stamp: 0x5bcfcd30
Faulting module name: KERNELBASE.dll, version: 10.0.17763.404, time stamp: 0x3424aead
Exception code: 0xc0020001
Fault offset: 0x0011c6f2
Faulting process id: 0x1fb8
Faulting application start time: 0x01d4fee84b95a02f
Faulting application path: C:\Program Files (x86)\MSI\Gaming APP\GamingApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: e7e5c7db-03fc-48ac-9679-0e4a744c9162
Faulting package full name:
Faulting package-relative application ID:

Error: (04/29/2019 08:06:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GamingApp.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0020001, exception address 7748C6F2
Stack:
at System.Environment._Exit(Int32)
at System.Environment.Exit(Int32)
at Gaming_APP.App.CloseAPP()
at Gaming_APP.Window_Combo_2.Button_Close_Click(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs)
at System.Windows.Controls.Primitives.ButtonBase.OnClick()
at System.Windows.Controls.Button.OnClick()
at System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(System.Windows.Input.MouseButtonEventArgs)
at System.Windows.UIElement.OnMouseLeftButtonUpThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)
at System.Windows.Input.MouseButtonEventArgs.InvokeEventHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.ReRaiseEventAs(System.Windows.DependencyObject, System.Windows.RoutedEventArgs, System.Windows.RoutedEvent)
at System.Windows.UIElement.OnMouseUpThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)
at System.Windows.Input.MouseButtonEventArgs.InvokeEventHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs)
at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs, Boolean)
at System.Windows.Input.InputManager.ProcessStagingArea()
at System.Windows.Input.InputManager.ProcessInput(System.Windows.Input.InputEventArgs)
at System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport)
at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32)
at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at System.Windows.Application.Run()
at Gaming_APP.App.Main()

Error: (04/29/2019 04:26:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskmgr.exe, version: 10.0.17763.168, time stamp: 0x350c537c
Faulting module name: DUI70.dll, version: 10.0.17763.1, time stamp: 0x0e9bcc11
Exception code: 0xc000041d
Fault offset: 0x000000000001da43
Faulting process id: 0x35ac
Faulting application start time: 0x01d4fec9d224c951
Faulting application path: C:\WINDOWS\system32\taskmgr.exe
Faulting module path: C:\WINDOWS\system32\DUI70.dll
Report Id: f591e6a9-88ea-42c4-9564-d30b9e03c6b8
Faulting package full name:
Faulting package-relative application ID:

Error: (04/29/2019 04:26:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskmgr.exe, version: 10.0.17763.168, time stamp: 0x350c537c
Faulting module name: DUI70.dll, version: 10.0.17763.1, time stamp: 0x0e9bcc11
Exception code: 0xc0000005
Fault offset: 0x000000000001da43
Faulting process id: 0x35ac
Faulting application start time: 0x01d4fec9d224c951
Faulting application path: C:\WINDOWS\system32\taskmgr.exe
Faulting module path: C:\WINDOWS\system32\DUI70.dll
Report Id: 1753f4a1-ab8b-4570-bdbc-b46ae7b9caf4
Faulting package full name:
Faulting package-relative application ID:

Error: (04/29/2019 03:54:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.17763.348, time stamp: 0x03d46193
Faulting module name: DUI70.dll, version: 10.0.17763.1, time stamp: 0x0e9bcc11
Exception code: 0xc0000005
Fault offset: 0x000000000001da06
Faulting process id: 0x28d0
Faulting application start time: 0x01d4feae5ee27ca8
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\system32\DUI70.dll
Report Id: 5a49a26d-0941-40d8-ace9-be5cd102171e
Faulting package full name:
Faulting package-relative application ID:

Error: (04/29/2019 02:25:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskmgr.exe, version: 10.0.17763.168, time stamp: 0x350c537c
Faulting module name: DUI70.dll, version: 10.0.17763.1, time stamp: 0x0e9bcc11
Exception code: 0xc0000005
Fault offset: 0x000000000001da70
Faulting process id: 0x21e0
Faulting application start time: 0x01d4feb8f2cc263d
Faulting application path: C:\WINDOWS\system32\taskmgr.exe
Faulting module path: C:\WINDOWS\system32\DUI70.dll
Report Id: aa310a4c-445d-45cd-b13c-13b76ef2464a
Faulting package full name:
Faulting package-relative application ID:

Error: (04/29/2019 02:01:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskmgr.exe, version: 10.0.17763.168, time stamp: 0x350c537c
Faulting module name: DUI70.dll, version: 10.0.17763.1, time stamp: 0x0e9bcc11
Exception code: 0xc0000005
Fault offset: 0x000000000001da43
Faulting process id: 0x4168
Faulting application start time: 0x01d4feb5815f6e97
Faulting application path: C:\WINDOWS\system32\taskmgr.exe
Faulting module path: C:\WINDOWS\system32\DUI70.dll
Report Id: 706cc6ac-55c4-4990-9ab4-a857eaff91c3
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (04/30/2019 11:53:03 AM) (Source: DCOM) (EventID: 10016) (User: BLACKBEARD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user BLACKBEARD\Gaspar SID (S-1-5-21-3859587088-677505421-2901372731-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/30/2019 11:53:03 AM) (Source: DCOM) (EventID: 10016) (User: BLACKBEARD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user BLACKBEARD\Gaspar SID (S-1-5-21-3859587088-677505421-2901372731-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/30/2019 11:50:51 AM) (Source: DCOM) (EventID: 10016) (User: BLACKBEARD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user BLACKBEARD\Gaspar SID (S-1-5-21-3859587088-677505421-2901372731-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/30/2019 11:50:51 AM) (Source: DCOM) (EventID: 10016) (User: BLACKBEARD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user BLACKBEARD\Gaspar SID (S-1-5-21-3859587088-677505421-2901372731-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/30/2019 11:50:48 AM) (Source: DCOM) (EventID: 10016) (User: BLACKBEARD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user BLACKBEARD\Gaspar SID (S-1-5-21-3859587088-677505421-2901372731-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/30/2019 11:50:48 AM) (Source: DCOM) (EventID: 10016) (User: BLACKBEARD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user BLACKBEARD\Gaspar SID (S-1-5-21-3859587088-677505421-2901372731-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/30/2019 11:50:46 AM) (Source: DCOM) (EventID: 10016) (User: BLACKBEARD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user BLACKBEARD\Gaspar SID (S-1-5-21-3859587088-677505421-2901372731-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/30/2019 11:50:45 AM) (Source: DCOM) (EventID: 10016) (User: BLACKBEARD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user BLACKBEARD\Gaspar SID (S-1-5-21-3859587088-677505421-2901372731-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-04-04 13:35:25.211
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6046C454-838B-4738-925F-04C57519245F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-04 12:56:30.567
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A90BAEA4-230D-4132-BBE9-EA75DC157E57}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2019-04-29 19:57:44.065
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-29 19:57:44.063
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-29 19:57:44.059
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-29 19:57:44.038
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-29 19:57:44.012
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-29 19:57:43.950
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-29 19:57:43.925
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-29 19:57:43.923
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. A.I0 01/22/2019
Motherboard: Micro-Star International Co., Ltd. B350M MORTAR ARCTIC (MS-7A37)
Processor: AMD Ryzen 7 1700 Eight-Core Processor
Percentage of memory in use: 31%
Total physical RAM: 16334.89 MB
Available physical RAM: 11107.96 MB
Total Virtual: 18766.89 MB
Available Virtual: 11672.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:255.62 GB) (Free:166.49 GB) NTFS
Drive d: (storage) (Fixed) (Total:931.51 GB) (Free:228.84 GB) NTFS

\\?\Volume{2c032ef2-8ef8-4dc0-81bd-8bf729bb0c2e}\ () (Fixed) (Total:0.44 GB) (Free:0.03 GB) NTFS
\\?\Volume{51deaa15-b168-4a73-ab7d-48f6f20fa5bb}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D4CD3D39)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Good news

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[StankHamster]

Here you go! (it's less than 50k so this should work)

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.04.2019
Ran by Gaspar (30-04-2019 12:57:28) Run:1
Running from C:\Users\Gaspar\Desktop
Loaded Profiles: defaultuser0 & Gaspar & Administrator (Available Profiles: defaultuser0 & Gaspar & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
2018-09-05 00:32 - 2018-09-11 17:29 - 000000600 _____ () C:\Users\Gaspar\AppData\Local\PUTTY.RND
2018-08-24 15:03 - 2018-08-24 15:03 - 000000218 _____ () C:\Users\Gaspar\AppData\Local\recently-used.xbel
2017-07-10 12:58 - 2017-07-10 12:58 - 000007602 _____ () C:\Users\Gaspar\AppData\Local\Resmon.ResmonCfg
CustomCLSID: HKU\S-1-5-21-3859587088-677505421-2901372731-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Gaspar\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
FirewallRules: [UDP Query User{5BAEB659-6225-48D4-858F-2B1297CA9790}C:\program files\storyboarder\storyboarder.exe] => (Allow) C:\program files\storyboarder\storyboarder.exe No File
FirewallRules: [TCP Query User{32016180-B3FC-4B5A-9ACE-CD6A10F3965D}C:\program files\storyboarder\storyboarder.exe] => (Allow) C:\program files\storyboarder\storyboarder.exe No File
FirewallRules: [UDP Query User{453F88D5-FC94-40EB-93B0-226855332082}D:\a gaspar\documents\rom_test\bgb\bgb.exe] => (Allow) D:\gaspar\documents\rom_test\bgb\bgb.exe No File
FirewallRules: [TCP Query User{998B4E6B-8539-4396-AAE6-88706FF2CDA8}D:\a gaspar\documents\rom_test\bgb\bgb.exe] => (Allow) D:\gaspar\documents\rom_test\bgb\bgb.exe No File
FirewallRules: [UDP Query User{28C717F8-98FF-4414-B3E1-BC1F4796239C}C:\users\a gaspar\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\gaspar\appdata\local\amazon music\amazon music helper.exe No File
FirewallRules: [TCP Query User{B7F6DE35-AC95-47EF-A8B2-D38ADCABC58C}C:\users\a gaspar\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\gaspar\appdata\local\amazon music\amazon music helper.exe No File
FirewallRules: [{A8F9C3C0-C804-4744-B9CD-0D688A544B11}] => (Block) C:\program files (x86)\toon boom animation\toon boom harmony 14.0 essentials\win64\bin\harmonyessentials.exe No File
FirewallRules: [{AE274189-C257-4F17-AAF4-0977DF1F4E6B}] => (Block) C:\program files (x86)\toon boom animation\toon boom harmony 14.0 essentials\win64\bin\harmonyessentials.exe No File
FirewallRules: [UDP Query User{B9A14A2A-F66B-4F11-8679-E7B18C755BBD}C:\program files (x86)\toon boom animation\toon boom harmony 14.0 essentials\win64\bin\harmonyessentials.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 14.0 essentials\win64\bin\harmonyessentials.exe No File
FirewallRules: [TCP Query User{E8FFF627-21E7-4F26-A64D-21AF6254E861}C:\program files (x86)\toon boom animation\toon boom harmony 14.0 essentials\win64\bin\harmonyessentials.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 14.0 essentials\win64\bin\harmonyessentials.exe No File
FirewallRules: [TCP Query User{30069BCB-F068-4C77-9A6F-9DF05E50FD90}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe No File
FirewallRules: [UDP Query User{105C2C6C-4ACF-4D87-8BCF-4465861C289D}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe No File
FirewallRules: [{9686A533-3B6D-4537-87E5-D9CE2C61F6BF}] => (Allow) C:\Users\Gaspar\AppData\Local\LINE\bin\5.14.0.1893\LINE.exe No File
FirewallRules: [{27C6368F-F6B7-4592-8BA4-9D5389D10401}] => (Allow) C:\Users\Gaspar\AppData\Local\LINE\bin\5.14.0.1893\LINE.exe No File
FirewallRules: [{1172239D-40C7-42F5-AAD7-075D03964E9B}] => (Allow) C:\Users\Gaspar\AppData\Local\LINE\bin\5.14.0.1893\LineUpdater.exe No File
FirewallRules: [{A348F133-7DE4-452B-B677-27C9A4581073}] => (Allow) C:\Users\Gaspar\AppData\Local\LINE\bin\5.14.0.1893\LineUpdater.exe No File

*****************

HKLM\SOFTWARE\Policies\Mozilla => removed successfully
C:\Users\Gaspar\AppData\Local\PUTTY.RND => moved successfully
C:\Users\Gaspar\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Gaspar\AppData\Local\Resmon.ResmonCfg => moved successfully
HKU\S-1-5-21-3859587088-677505421-2901372731-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5BAEB659-6225-48D4-858F-2B1297CA9790}C:\program files\storyboarder\storyboarder.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{32016180-B3FC-4B5A-9ACE-CD6A10F3965D}C:\program files\storyboarder\storyboarder.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{453F88D5-FC94-40EB-93B0-226855332082}D:\a gaspar\documents\rom_test\bgb\bgb.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{998B4E6B-8539-4396-AAE6-88706FF2CDA8}D:\a gaspar\documents\rom_test\bgb\bgb.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{28C717F8-98FF-4414-B3E1-BC1F4796239C}C:\users\a gaspar\appdata\local\amazon music\amazon music helper.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B7F6DE35-AC95-47EF-A8B2-D38ADCABC58C}C:\users\a gaspar\appdata\local\amazon music\amazon music helper.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8F9C3C0-C804-4744-B9CD-0D688A544B11}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE274189-C257-4F17-AAF4-0977DF1F4E6B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B9A14A2A-F66B-4F11-8679-E7B18C755BBD}C:\program files (x86)\toon boom animation\toon boom harmony 14.0 essentials\win64\bin\harmonyessentials.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E8FFF627-21E7-4F26-A64D-21AF6254E861}C:\program files (x86)\toon boom animation\toon boom harmony 14.0 essentials\win64\bin\harmonyessentials.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{30069BCB-F068-4C77-9A6F-9DF05E50FD90}C:\program files (x86)\brackets\node.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{105C2C6C-4ACF-4D87-8BCF-4465861C289D}C:\program files (x86)\brackets\node.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9686A533-3B6D-4537-87E5-D9CE2C61F6BF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27C6368F-F6B7-4592-8BA4-9D5389D10401}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1172239D-40C7-42F5-AAD7-075D03964E9B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A348F133-7DE4-452B-B677-27C9A4581073}" => removed successfully

==== End of Fixlog 12:58:00 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[StankHamster]

Will do, first up is Security Check:

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (73.0.3683.103)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
system32 AvastSvc.exe -?-
AVAST Software Avast aswEngSrv.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[StankHamster]

Farbar Service Scanner Version: 27-01-2016
Ran by Gaspar (administrator) on 30-04-2019 at 13:22:42
Running from "C:\Users\Gaspar\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[StankHamster]

Temp File Cleaner complete.

I tried downloading Sophos Free Virus Removal Tool but it asks me to register my name and email... is that necessary? If so I'll do it.