Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-11-2019 Ran by Kruku (administrator) on KRUKU-PC (Gigabyte Technology Co., Ltd. Z270P-D3) (04-11-2019 13:03:01) Running from D:\Downloads Loaded Profiles: Kruku (Available Profiles: Kruku & kruku1) Platform: Windows 10 Pro Version 1809 17763.805 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft) C:\Program Files (x86)\GIGABYTE\CloudStation_Server\HomeCloud\HCLOUD.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft) C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe (Gigabyte Technology CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\Smart TimeLock\AlarmClock.exe (Gigabyte Technology CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Kruku\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®) C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (OpenOffice.org) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Solvusoft Corporation -> Solvusoft Corporation) C:\Program Files (x86)\Solvusoft\Tray\SolvusoftTray.exe (SoundMixer) [File not signed] C:\Users\Kruku\AppData\Roaming\Microsoft\SoundModule\SoundModule.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) D:\steam\Steam.exe (win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9198592 2017-02-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [winlogui] => C:\WINDOWS\system32\winlogui.exe [1803776 2019-02-26] (Microsoft Corporation) [File not signed] HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe [299504 2016-08-18] (Intel(R) USB eXtensible Host Controller Drivers -> Intel Corporation) HKLM-x32\...\Run: [CommonToolkitTray_Solvusoft] => C:\Program Files (x86)\Solvusoft\Tray\SolvusoftTray.exe [1685192 2018-03-15] (Solvusoft Corporation -> Solvusoft Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1694832792-2990361293-375382946-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [729704 2018-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd) HKU\S-1-5-21-1694832792-2990361293-375382946-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJFE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-1694832792-2990361293-375382946-1000\...\Run: [Spotify] => C:\Users\Kruku\AppData\Roaming\Spotify\Spotify.exe [25972968 2019-01-13] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-1694832792-2990361293-375382946-1000\...\Run: [Steam] => D:\steam\steam.exe [3278288 2019-10-30] (Valve -> Valve Corporation) HKU\S-1-5-21-1694832792-2990361293-375382946-1000\...\Run: [GalaxyClient] => [X] HKU\S-1-5-21-1694832792-2990361293-375382946-1000\...\MountPoints2: {0ecaf267-46cf-11e8-b35f-e0d55e819e9e} - "I:\autorun.exe" HKU\S-1-5-21-1694832792-2990361293-375382946-1000\...\MountPoints2: {59798eca-778e-11e8-a571-e0d55e819e9e} - "G:\autorun.exe" HKU\S-1-5-21-1694832792-2990361293-375382946-1000\...\MountPoints2: {abcbd8d6-3f28-11e9-ac10-e0d55e819e9e} - "H:\autorun.exe" HKU\S-1-5-21-1694832792-2990361293-375382946-1000\...\Winlogon: [Shell] %comspec% <==== ATTENTION HKU\S-1-5-21-1694832792-2990361293-375382946-1000\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundModule.exe" 2>NUL | find /I /N "SoundModule.exe">NUL && exit & if exist "C:\Users\Kruku\AppData\Roaming\Microsoft\SoundModule\SoundModule.exe" ( start /MIN "" "C:\Users\Kruku\AppData\Roaming\Microsoft\SoundModule\SoundModule.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.70\Installer\chrmstp.exe [2019-10-29] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> HKLM\Software\...\Authentication\Credential Providers: [{5EF9A232-5B5B-4768-95F2-3F601FB184E3}] -> C:\Windows\system32\AutoGreenCP.dll [2018-04-19] () [File not signed] Startup: C:\Users\Kruku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2019-05-31] ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () [File not signed] ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01C11A9C-2248-4899-B870-04023DDDA2E9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {02FCA433-649D-4487-A39D-B2D4158BA5B0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {0375EB0A-E7F3-42B9-B7EC-5D607E88950B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {0B4BEF59-A16D-4F1E-9AC5-2BBFE4D4A3A5} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790568 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {0D2EFD86-CC2A-43EC-AE93-83B94443DE71} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3724328 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {1AABFA26-1878-4617-9CF3-3006B6A54F0A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {20458454-1036-4E6B-9CF0-313FD2E2D45F} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2693C559-4A55-4F6A-8856-6A2DFBC5345A} - System32\Tasks\{E3C2C144-E60D-4DC6-81EB-FA3167829373} => C:\Windows\system32\pcalua.exe -a D:\wake_of_gods358\wog358f.part01.exe -d D:\wake_of_gods358 Task: {2D5ABA89-C111-41ED-A68B-D92E16B8845B} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {2E4B1490-0E48-4BFD-8015-B72C7E48482D} - System32\Tasks\SIV => C:\Program Files (x86)\GIGABYTE\SIV\thermald.exe [704432 2017-03-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) Task: {311E5F0C-01D8-4AEF-BF13-8DCCE93D5EC0} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [572456 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3B9DABB9-B991-4160-8D82-B612209CD35B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3C884BAA-B18C-47BA-A1C0-04668F8A3D4C} - System32\Tasks\V-Tuner => C:\Program Files (x86)\GIGABYTE\VTuner\VTuner.exe [829360 2017-03-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) Task: {3CB32E41-C433-4485-901E-EB372AAE3D3F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3D6127FB-3705-4944-80A1-5DE3C985C968} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {420F7D1E-2769-4C9F-BD69-CAB512F6D942} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {440F64E4-7A09-465D-9991-46CAC3F5D9E1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {467F8456-B2F3-4A76-A5EF-9489F56956DC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [702504 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {471DE71C-5734-4C47-BE23-D5C31CC6A2D1} - System32\Tasks\{659DA1BB-291F-4646-861C-20C4B32A26F8} => C:\Windows\system32\pcalua.exe -a D:\Downloads\epson374932eu.exe -d D:\Downloads Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {4E8151EE-8101-46EE-B1E8-D258EA98A960} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {53E12980-DAC6-49B1-AED0-C44580BBE51F} - System32\Tasks\GraphicsCardEngine => C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe [535472 2017-03-27] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) Task: {5752E336-34EE-4377-9542-3FA7AE46CBC1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {6720A8C3-4CDF-49D4-AF82-932A063334C0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems) Task: {6FC79259-91A1-4E15-B4B2-BEF608C301CD} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {77143DED-9116-4FD8-AE1F-3E6AA85492B4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {7ABEA7F4-2230-45DC-BD78-351DDD6AB6BD} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION Task: {85D4525A-7698-4EC8-9056-95606320CEAE} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {85E09B40-A48F-4083-AD29-F079838ED15E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {87ECF642-6687-4353-BBE0-702B02F58C1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-04-19] (Google Inc -> Google Inc.) Task: {8989640D-96F2-4A1E-9FAC-4420954D933B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8D4B7D2E-CE92-4554-9D94-DD95600EA60A} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {94A71FAF-2361-4AC0-A1C8-978B0E030DEA} - System32\Tasks\DriverDoc Auto Start => C:\Program Files (x86)\Solvusoft\DriverDoc\DriverDoc.exe Task: {98321FD1-A677-4A2E-BD39-486A337CFC50} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [840744 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A0B93357-4155-4199-91C2-14DE14E6EBDF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A61F0D5C-721E-441D-83D9-E8679F16F3CA} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {AE1C599F-ED01-4711-9C6F-F7E311C106F5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {AF9FAF8A-95D4-4E5C-860A-4FA44941B37B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {B4C81294-BCA7-426C-A034-C7D177469158} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [840744 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {B4D8AFAA-2350-4DA8-870E-294D7B4CAEB9} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [543536 2016-10-13] (Intel(R) Trust Services -> Intel(R) Corporation) Task: {B6B80DD8-AA5B-4A32-A1A5-B924A67F4138} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {C456833D-74B8-4290-9985-D18C6E615000} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {CC0CCDD6-A446-4363-966D-EBF8C545160D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {D3A506DB-1827-43A0-8342-4A059A1C00D2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {DB916551-6B77-4C6F-9EF8-0EAA145E6FC0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1694832792-2990361293-375382946-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} Task: {DC46FCCA-5B5A-4AA3-879A-F4F7C001B4F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-04-19] (Google Inc -> Google Inc.) Task: {E2E98F4A-F529-44D0-971B-97097786EF62} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790568 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E4DC3B51-B396-406B-AFE8-616B60944EAE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E857CE01-0FCF-4586-95A4-DDF13196F5FA} - System32\Tasks\EasyTune => C:\Program Files (x86)\GIGABYTE\EasyTune\etinit.exe [15792 2017-03-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) Task: {ED6564BF-B930-4D60-A6E5-2E485BF4ED9A} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION Task: {F04FC733-195F-45BE-925D-74335FEDB2F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {F172CBF6-4511-4E5C-9473-53277DD94731} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F5C8A80E-100E-4D8D-BE05-F9C5A9701D61} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DriverDoc Auto Start.job => C:\Program Files (x86)\Solvusoft\DriverDoc\DriverDoc.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{1CAF9739-6A81-40F4-B8E9-854F57168EA9}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-1694832792-2990361293-375382946-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00 BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2018-09-15] (Microsoft Windows -> Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2019-03-02] (Oracle America, Inc. -> Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2019-03-02] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2018-05-07] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.) Toolbar: HKLM - Smart Backup - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2018-09-15] (Microsoft Windows -> Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2019-03-02] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2019-03-02] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-16] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Notifications: Default -> hxxps://igg-games.com; hxxps://jbzdy.pl; hxxps://kfc.pl; hxxps://pizzaportal.pl; hxxps://www.epson.co.uk; hxxps://www.meczyki.pl; hxxps://www.reddit.com CHR Profile: C:\Users\Kruku\AppData\Local\Google\Chrome\User Data\Default [2019-11-04] CHR Extension: (Slides) - C:\Users\Kruku\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-19] CHR Extension: (Docs) - C:\Users\Kruku\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-19] CHR Extension: (Google Drive) - C:\Users\Kruku\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-19] CHR Extension: (YouTube) - C:\Users\Kruku\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-19] CHR Extension: (Adobe Acrobat) - C:\Users\Kruku\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-09-30] CHR Extension: (Sheets) - C:\Users\Kruku\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-19] CHR Extension: (Google Docs Offline) - C:\Users\Kruku\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21] CHR Extension: (AdBlock) - C:\Users\Kruku\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-10-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\Kruku\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03] CHR Extension: (Gmail) - C:\Users\Kruku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\Kruku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-29] CHR Profile: C:\Users\Kruku\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-11-04] CHR Profile: C:\Users\Kruku\AppData\Local\Google\Chrome\User Data\System Profile [2019-11-04] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> ) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3606120 2018-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2019-03-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 EasyTuneEngineService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe [144816 2017-03-27] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [791112 2019-06-12] (GOG Sp. z o.o. -> GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7170632 2019-06-12] (GOG Sp. z o.o. -> GOG.com) R2 Gservice; C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe [19888 2016-12-02] (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft) S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [118192 2017-03-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-10-13] (Intel(R) Trust Services -> Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [196200 2017-01-15] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation -> Microsoft Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790568 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790568 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) S2 OcButtonService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe [123312 2017-03-27] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2403120 2019-10-22] (Electronic Arts, Inc. -> Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3282736 2019-10-22] (Electronic Arts, Inc. -> Electronic Arts) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2019-03-02] (Even Balance, Inc. -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2019-10-04] (Microsoft Windows Publisher -> Microsoft Corporation) R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed] S2 Solvusoft Suite Service; C:\Program Files (x86)\Solvusoft\SuiteService.exe [1285320 2018-03-15] (Solvusoft Corporation -> Solvusoft Corporation) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation -> Microsoft Corporation) R2 tmInstall; C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [130056 2018-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-17] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-17] (Microsoft Corporation -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-04-24] (Disc Soft Ltd -> Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-04-24] (Disc Soft Ltd -> Disc Soft Ltd) R3 gdrv; C:\Windows\gdrv.sys [26192 2019-11-04] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-11-04] (Malwarebytes Corporation -> Malwarebytes) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edcffbdd101bbe5b\nvlddmkm.sys [20726016 2019-02-21] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation) S3 RTTEAMPT; C:\WINDOWS\system32\DRIVERS\RtTeam620.sys [59608 2014-09-02] (Realtek Semiconductor Corp -> Realtek Corporation) S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [48032 2018-12-03] (SteelSeries ApS -> SteelSeries ApS) S3 tmhidusb; C:\WINDOWS\system32\DRIVERS\tmhidusb.sys [340488 2018-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster) S3 tmwbulk; C:\WINDOWS\System32\Drivers\tmwbulk.sys [290824 2018-12-18] (Microsoft Windows Hardware Compatibility Publisher -> © Guillemot R&D, 2018. All rights reserved.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-11-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [328696 2018-11-17] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-17] (Microsoft Windows -> Microsoft Corporation) U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-11-04 12:46 - 2019-11-04 12:46 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-11-04 12:46 - 2019-11-04 12:46 - 000001927 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-11-04 12:46 - 2019-11-04 12:46 - 000001927 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2019-11-04 12:46 - 2019-11-04 12:46 - 000000000 ____D C:\Users\Kruku\AppData\Local\mbamtray 2019-11-04 12:46 - 2019-11-04 12:46 - 000000000 ____D C:\Users\Kruku\AppData\Local\mbam 2019-11-04 12:46 - 2019-11-04 12:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-11-04 12:46 - 2019-08-27 05:50 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-11-04 12:46 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-11-04 12:45 - 2019-11-04 12:45 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-11-04 12:45 - 2019-11-04 12:45 - 000000000 ____D C:\Program Files\Malwarebytes 2019-11-04 12:26 - 2019-11-04 13:05 - 000000000 ____D C:\FRST 2019-11-04 12:13 - 2019-11-04 12:21 - 000000000 ___HD C:\$WINDOWS.~BT 2019-11-04 12:02 - 2019-11-04 12:02 - 000000000 ___HD C:\$Windows.~WS 2019-11-03 21:15 - 2019-11-03 21:15 - 000001295 _____ C:\Users\Kruku\Desktop\Continue Your File Is Ready To Installation.lnk 2019-11-03 21:11 - 2019-11-03 21:19 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll 2019-11-03 21:11 - 2019-11-03 21:19 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll 2019-11-03 21:11 - 2019-11-03 21:19 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll 2019-11-03 21:11 - 2019-11-03 21:19 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll 2019-11-03 21:10 - 2019-11-03 21:19 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll 2019-11-03 21:10 - 2019-11-03 21:19 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll 2019-11-03 21:10 - 2019-11-03 21:18 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2019-11-03 21:10 - 2019-11-03 21:18 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2019-11-03 21:10 - 2019-11-03 21:18 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll 2019-11-03 21:10 - 2019-11-03 21:18 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll 2019-11-03 20:19 - 2019-11-03 20:19 - 000032768 _____ C:\Users\Public\Documents\crash_dump.bin 2019-11-03 20:19 - 2019-11-03 20:19 - 000032768 _____ C:\ProgramData\Documents\crash_dump.bin 2019-11-03 17:33 - 2019-11-03 17:33 - 000000000 ____D C:\Users\Kruku\AppData\Local\UnrealEngine 2019-11-03 17:31 - 2019-11-03 17:33 - 000001456 _____ C:\Users\Kruku\Desktop\Borderlands3 - Shortcut.lnk 2019-11-03 17:29 - 2019-11-03 17:29 - 000000465 _____ C:\Users\Public\Desktop\Borderlands 3.lnk 2019-11-03 17:29 - 2019-11-03 17:29 - 000000465 _____ C:\Users\Kruku\AppData\Roaming\Microsoft\Windows\Start Menu\Borderlands 3.lnk 2019-11-03 17:29 - 2019-11-03 17:29 - 000000465 _____ C:\ProgramData\Desktop\Borderlands 3.lnk 2019-11-03 11:57 - 2019-11-03 22:01 - 000000000 ____D C:\Users\Kruku\AppData\LocalLow\uTorrent 2019-11-03 11:56 - 2019-11-03 11:56 - 000000000 ___HD C:\OneDriveTemp 2019-10-27 23:08 - 2019-10-27 23:08 - 014717673 _____ C:\Users\Kruku\Desktop\laboratorium.pdf 2019-10-20 07:53 - 2019-10-20 07:53 - 000000000 ____D C:\Users\Kruku\AppData\Local\FortniteGame 2019-10-09 15:53 - 2019-10-09 15:53 - 026806784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 024616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 023455744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 019284992 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 019014144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 015220224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 012960768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 012259840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 008903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 007872000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 004873728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 004628992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 003702784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 003614720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 002699768 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 002699264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 002429768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL 2019-10-09 15:53 - 2019-10-09 15:53 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 002160160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL 2019-10-09 15:53 - 2019-10-09 15:53 - 002072176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 001918792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 001701880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-10-09 15:53 - 2019-10-09 15:53 - 001677816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 001590072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 001472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-10-09 15:53 - 2019-10-09 15:53 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 001344960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-10-09 15:53 - 2019-10-09 15:53 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 001291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 001289192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 001247560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2019-10-09 15:53 - 2019-10-09 15:53 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 001201136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-10-09 15:53 - 2019-10-09 15:53 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 001024712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000917816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000860160 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2019-10-09 15:53 - 2019-10-09 15:53 - 000843264 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000805296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe 2019-10-09 15:53 - 2019-10-09 15:53 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2019-10-09 15:53 - 2019-10-09 15:53 - 000764216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000522104 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2019-10-09 15:53 - 2019-10-09 15:53 - 000519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2019-10-09 15:53 - 2019-10-09 15:53 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000453432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2019-10-09 15:53 - 2019-10-09 15:53 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileHistory.exe 2019-10-09 15:53 - 2019-10-09 15:53 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000224568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2019-10-09 15:53 - 2019-10-09 15:53 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2019-10-09 15:53 - 2019-10-09 15:53 - 000201736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2019-10-09 15:53 - 2019-10-09 15:53 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2019-10-09 15:53 - 2019-10-09 15:53 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnscmmc.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2019-10-09 15:53 - 2019-10-09 15:53 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhuxgraphics.dll 2019-10-09 15:53 - 2019-10-09 15:53 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NAPCRYPT.DLL 2019-10-09 15:52 - 2019-10-09 15:53 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 017485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 009680400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 004057088 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 003567104 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 002437344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 002421760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-10-09 15:52 - 2019-10-09 15:52 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 002110472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 002050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 002015400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 001904128 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 001830200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 001751432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 001666232 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 001087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 001056056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 001048888 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000895560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000851272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000848896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL 2019-10-09 15:52 - 2019-10-09 15:52 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000750592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000681720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000662024 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 000605496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000604336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe 2019-10-09 15:52 - 2019-10-09 15:52 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000508728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 000506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000462136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000449368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000444728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2019-10-09 15:52 - 2019-10-09 15:52 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000385336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000376568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000294512 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000282424 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000213304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 000193336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 000163232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000147944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000104464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys 2019-10-09 15:52 - 2019-10-09 15:52 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe 2019-10-09 15:52 - 2019-10-09 15:52 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000039304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000033056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll 2019-10-09 15:52 - 2019-10-09 15:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin 2019-10-09 15:52 - 2019-10-09 15:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin 2019-10-09 15:52 - 2019-10-09 15:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin 2019-10-09 15:52 - 2019-10-09 15:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin 2019-10-09 15:52 - 2019-10-09 15:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin 2019-10-09 15:52 - 2019-10-09 15:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin 2019-10-09 15:52 - 2019-10-09 15:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin 2019-10-09 15:52 - 2019-10-09 15:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin 2019-10-08 19:51 - 2019-10-08 19:53 - 000000000 ____D C:\Users\Kruku\AppData\Local\Riot Games 2019-10-07 11:56 - 2019-11-03 13:41 - 000000000 ____D C:\Users\Kruku\AppData\Local\log 2019-10-06 16:28 - 2019-11-03 12:55 - 000000000 ____D C:\Users\Kruku\AppData\Roaming\Blitz-helpers 2019-10-06 16:00 - 2019-10-06 16:00 - 000000000 ____D C:\Users\Kruku\AppData\Roaming\dvdcss ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-11-04 13:03 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-11-04 12:47 - 2018-11-17 22:35 - 000000000 ____D C:\Users\Kruku\AppData\Local\D3DSCache 2019-11-04 12:46 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-11-04 12:39 - 2018-04-19 17:07 - 000000000 ____D C:\ProgramData\NVIDIA 2019-11-04 12:38 - 2019-01-18 20:16 - 001033224 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-11-04 12:38 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF 2019-11-04 12:34 - 2018-11-17 18:34 - 000000000 ___RD C:\Users\Kruku\OneDrive 2019-11-04 12:33 - 2019-01-18 20:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-11-04 12:33 - 2018-04-19 18:30 - 000026192 _____ (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys 2019-11-04 12:32 - 2018-09-15 07:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-11-04 12:31 - 2019-01-18 20:02 - 000000000 ____D C:\Users\Kruku 2019-11-04 12:21 - 2019-01-18 20:17 - 000001908 _____ C:\WINDOWS\diagwrn.xml 2019-11-04 12:21 - 2019-01-18 20:17 - 000001908 _____ C:\WINDOWS\diagerr.xml 2019-11-04 12:21 - 2019-01-18 18:45 - 000000000 ___DC C:\WINDOWS\Panther 2019-11-04 12:14 - 2018-04-19 19:43 - 000000000 ____D C:\Users\Kruku\AppData\Local\CrashDumps 2019-11-04 12:13 - 2018-11-17 17:13 - 000000000 ____D C:\ESD 2019-11-04 11:44 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-11-04 11:37 - 2019-01-18 19:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-11-03 22:01 - 2018-04-24 19:26 - 000000000 ____D C:\Users\Kruku\AppData\Roaming\uTorrent 2019-11-03 21:56 - 2019-04-25 14:45 - 000000000 ____D C:\Users\Kruku\AppData\Roaming\Blitz 2019-11-03 17:33 - 2018-06-20 13:45 - 000000000 ____D C:\Users\Kruku\Documents\My Games 2019-11-03 12:52 - 2019-04-25 14:45 - 000002236 _____ C:\Users\Kruku\Desktop\Blitz.lnk 2019-11-03 12:52 - 2019-04-25 14:45 - 000000000 ____D C:\Users\Kruku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blitz Inc 2019-11-03 12:52 - 2019-04-25 14:45 - 000000000 ____D C:\Users\Kruku\AppData\Local\Blitz 2019-11-03 12:06 - 2018-11-17 18:45 - 000000000 ____D C:\ProgramData\Packages 2019-11-03 12:06 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps 2019-11-03 12:06 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-11-03 11:56 - 2019-06-29 20:49 - 000000000 ____D C:\Users\Kruku\Desktop\dbl 2019-11-03 11:56 - 2019-01-18 20:18 - 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1694832792-2990361293-375382946-1000 2019-11-03 11:55 - 2019-01-18 20:02 - 000002378 _____ C:\Users\Kruku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-10-31 01:36 - 2018-04-25 23:03 - 000000000 ____D C:\Users\Kruku\AppData\Roaming\vlc 2019-10-30 18:01 - 2019-03-01 23:57 - 000000000 ____D C:\Program Files (x86)\Origin 2019-10-29 13:42 - 2018-04-19 16:59 - 000002316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-10-29 13:42 - 2018-04-19 16:59 - 000002275 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-10-29 13:42 - 2018-04-19 16:59 - 000002275 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2019-10-25 18:36 - 2018-06-17 11:04 - 000000000 ____D C:\Users\Kruku\Documents\Euro Truck Simulator 2 2019-10-24 16:17 - 2018-05-08 08:27 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-10-23 20:18 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-10-20 16:25 - 2018-04-19 22:47 - 000000000 ____D C:\Users\Kruku\AppData\Local\ElevatedDiagnostics 2019-10-19 11:24 - 2018-11-17 18:25 - 000000000 ____D C:\Users\Kruku\AppData\Local\Packages 2019-10-18 13:40 - 2019-01-18 20:18 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2019-10-14 21:51 - 2018-05-08 08:26 - 000000000 ____D C:\Users\Kruku\AppData\Local\Adobe 2019-10-09 22:58 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2019-10-09 22:58 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2019-10-09 22:58 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2019-10-09 22:58 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2019-10-09 22:58 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-10-09 22:58 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\inetsrv 2019-10-09 22:58 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-10-09 22:58 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-10-09 22:58 - 2018-09-15 07:09 - 000000000 ____D C:\WINDOWS\system32\Dism 2019-10-09 16:04 - 2018-11-17 20:59 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-10-09 15:57 - 2018-11-17 20:59 - 127230528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-10-09 15:52 - 2018-04-20 02:18 - 000408638 __RSH C:\bootmgr 2019-10-08 19:52 - 2018-05-08 16:07 - 000000000 ____D C:\ProgramData\Riot Games 2019-10-07 21:24 - 2019-01-18 20:18 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2019-10-07 21:24 - 2019-01-18 20:18 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2019-10-07 21:24 - 2018-04-19 16:59 - 000000000 ____D C:\Program Files (x86)\Google 2019-10-05 11:36 - 2018-11-17 18:25 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-10-05 11:36 - 2018-11-17 18:25 - 000000000 ___RD C:\Users\Kruku\3D Objects 2019-10-05 11:35 - 2019-01-18 19:55 - 000525400 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-10-05 11:30 - 2018-09-15 10:11 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-10-05 11:30 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions ==================== Files in the root of some directories ======== 2018-10-26 22:41 - 2018-10-26 22:41 - 000000000 ___SH () C:\Users\Kruku\AppData\Local\LumaEmu 2018-04-21 14:24 - 2018-04-21 14:24 - 000007597 _____ () C:\Users\Kruku\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ATTENTION: ==> Could not access BCD. -> 0 ==================== End of FRST.txt ========================