FRST
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Medicus (administrator) on MEDICUS-PC (10-04-2018 13:10:20)
Running from C:\Users\Medicus\Desktop
Loaded Profiles: Medicus (Available Profiles: Medicus & DefaultAppPool)
Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Program Files\Focusrite\VRM Box\VRMService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [455816 2017-02-02] (Power Software Ltd)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKU\S-1-5-21-1853789797-2485788889-945615179-1001\...\Run: [SRS Audio Sandbox] => C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [3676952 2010-01-07] (SRS Labs, Inc.)
HKU\S-1-5-21-1853789797-2485788889-945615179-1001\...\Run: [Bionix Wallpaper] => "C:\BioniX Wallpaper\Bionix Wallpaper.exe"
HKU\S-1-5-21-1853789797-2485788889-945615179-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-1853789797-2485788889-945615179-1001\...\MountPoints2: {fd7c6f85-2d0c-11e8-a9bf-002421557f16} - "L:\pushinst.exe"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6a154b51-bbd8-479f-b372-860276c4401f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c7bcd7c5-cb77-4171-b7eb-a53ab715f827}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{eec31bad-7002-422a-97f8-7e997865a26e}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131367649465989978&GUID=7B7B22BF-A640-47C8-9040-3B39AE0F9A27
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1853789797-2485788889-945615179-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131367649466046573&GUID=7B7B22BF-A640-47C8-9040-3B39AE0F9A27
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1853789797-2485788889-945615179-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1853789797-2485788889-945615179-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d7394fad&q={searchTerms}
DPF: HKLM-x32 {0EC4C9E3-EC6A-11CF-8E3B-444553540000} file:///J:/setup/RiffLick.cab
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1853789797-2485788889-945615179-1001 -> hxxp://www.google.com
FireFox:
========
FF DefaultProfile: hlt46v0m.default
FF ProfilePath: C:\Users\Medicus\AppData\Roaming\Mozilla\Firefox\Profiles\hlt46v0m.default [2018-04-10]
FF Homepage: Mozilla\Firefox\Profiles\hlt46v0m.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\hlt46v0m.default -> about:newtab
FF NetworkProxy: Mozilla\Firefox\Profiles\hlt46v0m.default -> type", 0
FF Extension: (All Downloader Professional) - C:\Users\Medicus\AppData\Roaming\Mozilla\Firefox\Profiles\hlt46v0m.default\Extensions\alldownloader@link64.xpi [2017-08-22]
FF Extension: (Proxtube) - C:\Users\Medicus\AppData\Roaming\Mozilla\Firefox\Profiles\hlt46v0m.default\Extensions\ich@maltegoetz.de.xpi [2018-01-22]
FF Extension: (Google Images Downloader) - C:\Users\Medicus\AppData\Roaming\Mozilla\Firefox\Profiles\hlt46v0m.default\Extensions\rushikesh988@gmail.com.xpi [2018-02-24]
FF Extension: (YouTube Best Video Downloader 2) - C:\Users\Medicus\AppData\Roaming\Mozilla\Firefox\Profiles\hlt46v0m.default\Extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi [2018-03-25]
FF Extension: (Download Youtube Video) - C:\Users\Medicus\AppData\Roaming\Mozilla\Firefox\Profiles\hlt46v0m.default\Extensions\{579822b5-d5d0-4316-8b71-83a53c756378}.xpi [2017-09-07]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Medicus\AppData\Roaming\Mozilla\Firefox\Profiles\hlt46v0m.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2018-03-28]
FF Extension: (Video DownloadHelper) - C:\Users\Medicus\AppData\Roaming\Mozilla\Firefox\Profiles\hlt46v0m.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-04-03]
FF Extension: (Adblock Plus) - C:\Users\Medicus\AppData\Roaming\Mozilla\Firefox\Profiles\hlt46v0m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Medicus\AppData\Roaming\Mozilla\Firefox\Profiles\hlt46v0m.default\features\{5585737b-0f91-45d7-b5b2-22ea2162bd47}\tls13-version-fallback-rollout-bug1448176@mozilla.org.xpi [2018-04-04] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1486344 2017-03-07] ()
S4 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [391656 2016-07-22] (Digital Wave Ltd.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [400656 2017-09-22] (EasyAntiCheat Ltd)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-08-08] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
R2 VRMService; C:\Program Files\Focusrite\VRM Box\VRMService.exe [194048 2012-01-12] () [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices)
R1 AvgAsC64; C:\WINDOWS\System32\DRIVERS\AvgAsC64.sys [14072 2007-05-30] (GRISOFT, s.r.o.)
S3 avmeject; C:\WINDOWS\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 fwlanusbn; C:\WINDOWS\system32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-08-02] ()
S3 koreavs; C:\WINDOWS\System32\Drivers\koreavs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 koreusb_svc; C:\WINDOWS\System32\Drivers\koreusb.sys [122728 2012-12-18] (Native Instruments GmbH)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-04] (Malwarebytes)
R1 MpKsl769049e6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{081E5B2C-E409-4BD0-8F6E-A675E27AEF93}\MpKsl769049e6.sys [58120 2018-04-04] (Microsoft Corporation)
R1 MpKsl7b16f3a2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{543C02D1-853B-4027-8E2E-B017B0D687FB}\MpKsl7b16f3a2.sys [58120 2018-04-09] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 silabenm; C:\WINDOWS\system32\DRIVERS\silabenm.sys [27336 2014-08-01] (Silicon Laboratories) [File not signed]
S3 silabser; C:\WINDOWS\system32\DRIVERS\silabser.sys [73216 2014-08-01] (Silicon Laboratories) [File not signed]
R3 SRS_SSCFilter; C:\WINDOWS\system32\drivers\srs_sscfilter_amd64.sys [346992 2009-12-15] ()
S3 VBoxDrv; C:\WINDOWS\system32\drivers\VBoxDrv.sys [68288 2017-04-07] ()
R3 vrm; C:\WINDOWS\system32\DRIVERS\vrm.sys [228864 2012-01-12] (Focusrite Audio Engineering Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 motubus; \SystemRoot\system32\drivers\MotuBus64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-10 13:10 - 2018-04-10 13:12 - 000013379 _____ C:\Users\Medicus\Desktop\FRST.txt
2018-04-10 11:35 - 2018-04-10 11:35 - 008222496 _____ (Malwarebytes) C:\Users\Medicus\Downloads\AdwCleaner_7.0.8.0(1).exe
2018-04-10 11:16 - 2010-07-06 22:09 - 000000000 ____D C:\Users\Medicus\Desktop\x64
2018-04-10 11:15 - 2018-04-10 11:15 - 000113964 _____ C:\Users\Medicus\Downloads\unlocker1.9.0-portable.zip
2018-04-10 09:34 - 2018-04-10 13:10 - 000000000 ____D C:\FRST
2018-04-10 09:34 - 2018-04-10 09:34 - 002403328 _____ (Farbar) C:\Users\Medicus\Desktop\FRST64.exe
2018-04-10 09:33 - 2018-04-10 09:33 - 009328501 _____ C:\Users\Medicus\Downloads\RevoUninstaller05_Portable.zip
2018-04-10 09:14 - 2018-04-10 09:15 - 000000000 ____D C:\Program Files\CCleaner
2018-04-10 09:14 - 2018-04-10 09:14 - 012467224 _____ (Piriform Ltd) C:\Users\Medicus\Downloads\ccsetup541_slim.exe
2018-04-10 09:14 - 2018-04-10 09:14 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-04-10 09:14 - 2018-04-10 09:14 - 000002864 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-04-10 09:14 - 2018-04-10 09:14 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-10 09:14 - 2018-04-10 09:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-04-06 14:25 - 2009-09-21 23:51 - 000412307 _____ () C:\Users\Medicus\Desktop\LickByNeck-ChordVoicings-Basic-4notes-M7-Using-CM7.exe
2018-04-05 22:04 - 2018-04-05 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2018-04-05 22:01 - 2018-04-05 22:02 - 078785920 _____ (Riot Games, Inc) C:\Users\Medicus\Downloads\League of Legends installer EUW.exe
2018-04-05 13:43 - 2018-04-05 13:43 - 000000000 ____D C:\Users\Medicus\Documents\League of Legends
2018-04-05 13:33 - 2018-04-05 13:33 - 000000000 ____D C:\ProgramData\Riot Games
2018-04-05 13:32 - 2008-07-12 08:18 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2018-04-05 13:32 - 2008-07-12 08:18 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2018-04-05 13:32 - 2008-07-12 08:18 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2018-04-04 20:38 - 2018-04-04 20:38 - 013529381 _____ C:\Users\Medicus\Downloads\Scenery - Joseph Jacobs.mp4
2018-04-04 13:29 - 2018-04-04 13:29 - 000000911 _____ C:\Users\Medicus\Desktop\VZ - Shortcut.lnk
2018-04-04 12:51 - 2018-04-04 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2018-04-04 12:51 - 2018-04-04 12:51 - 000000000 ____D C:\Program Files (x86)\FFMPEG Core Files
2018-04-04 12:51 - 2018-04-04 12:51 - 000000000 ____D C:\Program Files (x86)\AC3Filter
2018-04-04 12:50 - 2018-04-04 12:50 - 000000000 ____D C:\Users\Medicus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2018-04-04 12:50 - 2018-04-04 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2018-04-04 12:50 - 2018-04-04 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-04-04 12:50 - 2018-04-04 12:50 - 000000000 ____D C:\Program Files (x86)\MadVR
2018-04-04 12:50 - 2018-04-04 12:50 - 000000000 ____D C:\Program Files (x86)\DirectVobSub
2018-04-04 12:50 - 2018-04-04 12:50 - 000000000 ____D C:\Program Files (x86)\DCoder Image Source
2018-04-04 12:50 - 2018-04-04 12:50 - 000000000 ____D C:\Program Files (x86)\7-Zip
2018-04-04 12:50 - 2018-04-04 12:50 - 000000000 ____D C:\Program Files (x86)\3DYD Youtube Source
2018-04-04 12:48 - 2018-04-04 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2018-04-04 12:48 - 2018-04-04 12:49 - 000000000 ____D C:\Program Files (x86)\LAV Filters
2018-04-04 12:48 - 2018-04-04 12:48 - 000002042 _____ C:\Users\Public\Desktop\Zoom Player MAX.lnk
2018-04-04 12:48 - 2018-04-04 12:48 - 000000000 ____D C:\Program Files (x86)\Bass Audio Decoder
2018-04-04 12:47 - 2018-04-04 14:16 - 000000000 ____D C:\ProgramData\Zoom Player
2018-04-04 12:47 - 2018-04-04 12:48 - 000000000 ____D C:\Program Files (x86)\Zoom Player
2018-04-04 12:47 - 2018-04-04 12:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player
2018-04-04 12:46 - 2018-04-04 12:46 - 031005912 _____ C:\Users\Medicus\Downloads\zp1410max(1).exe
2018-04-04 11:32 - 2018-04-04 11:32 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-04 11:31 - 2018-04-04 11:31 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-04 11:31 - 2018-04-04 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-04 11:31 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-04 11:30 - 2018-04-04 11:30 - 072135408 _____ (Malwarebytes ) C:\Users\Medicus\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4576.exe
2018-04-03 22:53 - 2018-04-03 22:53 - 000307330 _____ C:\Users\Medicus\Downloads\Bundle3.zip
2018-04-03 22:07 - 2018-04-03 22:07 - 000715743 _____ C:\Users\Medicus\Downloads\FHCH Bundle 4.zip
2018-04-03 15:44 - 2018-04-03 15:44 - 005542326 _____ C:\Users\Medicus\Downloads\L'indécis - Soulful.mp4
2018-04-02 18:04 - 2018-04-02 18:05 - 053267050 _____ C:\Users\Medicus\Downloads\UniBe@t - heartbeat.mp4
2018-04-02 17:46 - 2018-04-02 17:46 - 019026909 _____ C:\Users\Medicus\Downloads\bl00dwave - Nothing Lasts Forever.mp4
2018-04-02 17:37 - 2018-04-02 17:38 - 021562764 _____ C:\Users\Medicus\Downloads\Night Tempo - Universe.mp4
2018-04-02 11:43 - 2009-09-21 23:51 - 000429844 _____ () C:\Users\Medicus\Desktop\LickByNeck-ChordVoicings-Basic-4notes-Major-Using-CMajor.exe
2018-04-02 11:43 - 2009-09-21 23:51 - 000404786 _____ () C:\Users\Medicus\Desktop\LickByNeck-ChordVoicings-Basic-4notes-Minor-Using-DMinor.exe
2018-03-31 10:33 - 2018-03-31 10:33 - 008222496 _____ (Malwarebytes) C:\Users\Medicus\Downloads\adwcleaner_7.0.8.0.exe
2018-03-30 22:23 - 2018-03-30 22:23 - 019862742 _____ C:\Users\Medicus\Downloads\Hey Arnold! Complete Ending Theme _ Canción de los créditos de Oye Arnold!.mp4
2018-03-30 18:09 - 2018-03-30 18:09 - 000001427 _____ C:\Users\Medicus\Desktop\Bass - Shortcut.lnk
2018-03-29 00:24 - 2018-03-29 00:32 - 825730594 _____ C:\Users\Medicus\Downloads\Night Tempo LIVE Walkman Set.mp4
2018-03-28 22:28 - 2018-03-28 22:28 - 000038399 _____ C:\Users\Medicus\Downloads\Phil Collins - In The Air Tonight.gp3
2018-03-28 22:26 - 2018-03-28 22:27 - 000038399 _____ C:\Users\Medicus\Downloads\collins_phil-in_the_air_tonight.gp3
2018-03-28 19:41 - 2018-03-28 19:42 - 097890144 _____ C:\Users\Medicus\Downloads\Agrume - Lost in the vapor.mp4
2018-03-28 19:36 - 2018-03-28 19:37 - 054208748 _____ C:\Users\Medicus\Downloads\VANTAGE __ - Happiness Deluxe Pt.2.mp4
2018-03-28 19:10 - 2018-03-28 19:10 - 092660993 _____ C:\Users\Medicus\Downloads\Agrume - Take You Higher.mp4
2018-03-28 19:08 - 2018-03-28 19:09 - 039818273 _____ C:\Users\Medicus\Downloads\ナイトNaito - Saxxx.mp4
2018-03-28 19:08 - 2018-03-28 19:09 - 033628056 _____ C:\Users\Medicus\Downloads\Agrume - You Know It.mp4
2018-03-28 18:50 - 2018-03-28 18:50 - 023984273 _____ C:\Users\Medicus\Downloads\Kuno-chan - Drop Down!.mp4
2018-03-28 18:45 - 2018-03-28 18:45 - 028264566 _____ C:\Users\Medicus\Downloads\nukumachi - lights out.mp4
2018-03-28 14:01 - 2018-03-28 14:01 - 031503082 _____ C:\Users\Medicus\Downloads\Night Tempo - Just Be Yourself.mp4
2018-03-28 11:17 - 2018-03-28 11:18 - 030082293 _____ C:\Users\Medicus\Downloads\M A R Iマリくん - Star Stalker スターストーカー.mp4
2018-03-28 01:05 - 2018-03-28 01:05 - 000001266 _____ C:\Users\Medicus\Desktop\Guitar-method-de - Shortcut.lnk
2018-03-27 23:55 - 2018-03-27 23:55 - 017452396 _____ C:\Users\Medicus\Downloads\My NamE - Night Call.mp4
2018-03-27 23:35 - 2018-03-27 23:35 - 030283092 _____ C:\Users\Medicus\Downloads\bansheebeat x YUNG BAE - SUMMER VI.mp4
2018-03-26 19:42 - 2018-03-26 19:42 - 003230742 _____ C:\Users\Medicus\Downloads\Persona 1 PSP - Pandora (Last Battle).mp4
2018-03-26 18:33 - 2018-03-26 18:33 - 005386952 _____ C:\Users\Medicus\Downloads\[Adult Swim] Elevator (FULL SONG).mp4
2018-03-25 18:48 - 2018-03-25 18:48 - 004246208 _____ C:\Users\Medicus\Downloads\TA KU - Night 11.mp4
2018-03-25 18:44 - 2018-03-25 18:44 - 005715737 _____ C:\Users\Medicus\Downloads\Persona Q OST 1-27 Memories of the School -in the Labyrinth-.mp4
2018-03-25 18:34 - 2018-03-25 18:39 - 039826646 _____ C:\Users\Medicus\Downloads\Persona 3 Portable ost - Sun [Extended].mp4
2018-03-25 18:08 - 2018-03-25 18:10 - 025293799 _____ C:\Users\Medicus\Downloads\Watching the City-Joseph Jacobs.mp4
2018-03-25 04:06 - 2012-08-29 12:23 - 012708016 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_def.dll
2018-03-25 04:06 - 2012-08-29 12:23 - 012474544 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_core.dll
2018-03-25 04:06 - 2012-08-29 12:23 - 009917616 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_intel_thread.dll
2018-03-25 04:06 - 2012-08-29 12:23 - 000529072 _____ (Intel Corporation) C:\WINDOWS\system32\libiomp5md.dll
2018-03-25 04:06 - 2012-08-29 12:23 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\msvcp71.dll
2018-03-25 04:06 - 2012-08-29 12:23 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\msvcr71.dll
2018-03-25 04:06 - 2009-08-28 10:54 - 003462320 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_sequential.dll
2018-03-25 04:05 - 2018-03-25 04:05 - 000000000 ____D C:\Program Files\Common Files\VST3
2018-03-25 04:04 - 2018-03-25 04:05 - 000000000 ____D C:\Program Files\VstPlugIns
2018-03-24 17:27 - 2018-03-24 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
2018-03-24 17:27 - 2018-03-24 17:27 - 000000000 ____D C:\Program Files (x86)\avmwlanstick
2018-03-24 17:17 - 2018-03-24 17:24 - 000000000 ____D C:\Program Files (x86)\AVM_update
2018-03-24 17:02 - 2018-03-24 17:02 - 000000000 ____D C:\Users\Medicus\AVM_Driver
2018-03-14 12:02 - 2018-03-01 09:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-14 12:02 - 2018-03-01 09:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-14 12:02 - 2018-03-01 09:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 12:02 - 2018-03-01 09:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 12:02 - 2018-03-01 09:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 12:02 - 2018-03-01 09:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-14 12:02 - 2018-03-01 09:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 12:02 - 2018-03-01 09:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-14 12:02 - 2018-03-01 09:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-14 12:02 - 2018-03-01 09:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-14 12:02 - 2018-03-01 09:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 12:02 - 2018-03-01 09:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 12:02 - 2018-03-01 09:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 12:02 - 2018-03-01 09:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 12:02 - 2018-03-01 09:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 12:02 - 2018-03-01 09:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 12:02 - 2018-03-01 09:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 12:02 - 2018-03-01 09:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-14 12:02 - 2018-03-01 08:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-14 12:02 - 2018-03-01 08:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-14 12:02 - 2018-03-01 08:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-14 12:02 - 2018-03-01 08:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-14 12:02 - 2018-03-01 08:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-14 12:02 - 2018-03-01 08:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-14 12:02 - 2018-03-01 08:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-14 12:02 - 2018-03-01 08:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-14 12:02 - 2018-03-01 08:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-14 12:02 - 2018-03-01 08:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-14 12:02 - 2018-03-01 08:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-14 12:02 - 2018-03-01 08:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-14 12:02 - 2018-03-01 08:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-14 12:02 - 2018-03-01 08:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-14 12:02 - 2018-03-01 08:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-14 12:02 - 2018-03-01 08:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-14 12:02 - 2018-03-01 08:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-14 12:02 - 2018-03-01 08:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-14 12:02 - 2018-03-01 07:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-14 12:02 - 2018-03-01 07:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-14 12:02 - 2018-03-01 07:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-14 12:02 - 2018-03-01 07:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-14 12:02 - 2018-03-01 07:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-14 12:02 - 2018-03-01 07:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-14 12:02 - 2018-03-01 07:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-14 12:02 - 2018-03-01 07:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-14 12:02 - 2018-03-01 07:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-14 12:02 - 2018-03-01 07:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 12:02 - 2018-03-01 07:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 12:02 - 2018-03-01 07:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-14 12:02 - 2018-03-01 07:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-14 12:02 - 2018-03-01 07:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 12:02 - 2018-03-01 07:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-14 12:02 - 2018-03-01 07:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-14 12:02 - 2018-03-01 07:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 12:02 - 2018-03-01 07:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-14 12:02 - 2018-03-01 07:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 12:02 - 2018-03-01 07:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-14 12:02 - 2018-03-01 07:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 12:02 - 2018-03-01 07:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 12:02 - 2018-03-01 07:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 12:02 - 2018-03-01 07:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 12:02 - 2018-03-01 07:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 12:02 - 2018-03-01 07:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 12:02 - 2018-03-01 07:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-14 12:02 - 2018-03-01 07:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-14 12:02 - 2018-03-01 07:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-14 12:02 - 2018-03-01 07:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 12:02 - 2018-03-01 07:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-14 12:02 - 2018-03-01 07:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 12:02 - 2018-03-01 07:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 12:02 - 2018-03-01 07:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 12:02 - 2018-03-01 07:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 12:02 - 2018-03-01 07:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-14 12:02 - 2018-03-01 07:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-14 12:02 - 2018-03-01 07:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-14 12:02 - 2018-03-01 07:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-14 12:02 - 2018-02-22 04:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-14 12:02 - 2018-02-22 04:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-14 12:02 - 2018-02-22 04:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 12:02 - 2018-02-22 04:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 12:02 - 2018-02-22 04:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-14 12:02 - 2018-02-22 04:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-14 12:02 - 2018-02-22 04:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 12:02 - 2018-02-22 04:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 12:02 - 2018-02-22 04:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 12:02 - 2018-02-22 04:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 12:02 - 2018-02-22 04:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 12:02 - 2018-02-22 03:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 12:02 - 2018-02-22 03:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 12:02 - 2018-02-22 03:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-14 12:02 - 2018-02-22 03:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 12:02 - 2018-02-22 03:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 12:02 - 2018-02-22 02:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 12:02 - 2018-02-22 02:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-14 12:02 - 2018-02-22 02:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 12:01 - 2018-03-02 05:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 12:01 - 2018-03-02 05:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 12:01 - 2018-03-02 05:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 12:01 - 2018-03-02 05:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 12:01 - 2018-03-02 05:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-14 12:01 - 2018-03-02 05:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 12:01 - 2018-03-02 04:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 12:01 - 2018-03-01 22:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-14 12:01 - 2018-03-01 09:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-14 12:01 - 2018-03-01 09:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-14 12:01 - 2018-03-01 09:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-14 12:01 - 2018-03-01 09:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-14 12:01 - 2018-03-01 09:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 12:01 - 2018-03-01 09:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-14 12:01 - 2018-03-01 09:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-14 12:01 - 2018-03-01 09:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 12:01 - 2018-03-01 09:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 12:01 - 2018-03-01 09:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-14 12:01 - 2018-03-01 09:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-14 12:01 - 2018-03-01 09:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-14 12:01 - 2018-03-01 09:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 12:01 - 2018-03-01 09:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 12:01 - 2018-03-01 09:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-14 12:01 - 2018-03-01 09:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-14 12:01 - 2018-03-01 09:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 12:01 - 2018-03-01 09:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 12:01 - 2018-03-01 09:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 12:01 - 2018-03-01 09:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 12:01 - 2018-03-01 09:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-14 12:01 - 2018-03-01 09:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 12:01 - 2018-03-01 09:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 12:01 - 2018-03-01 09:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 12:01 - 2018-03-01 08:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-14 12:01 - 2018-03-01 08:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-14 12:01 - 2018-03-01 08:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-14 12:01 - 2018-03-01 08:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-14 12:01 - 2018-03-01 08:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-14 12:01 - 2018-03-01 08:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-14 12:01 - 2018-03-01 08:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-14 12:01 - 2018-03-01 08:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-14 12:01 - 2018-03-01 07:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 12:01 - 2018-03-01 07:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-14 12:01 - 2018-03-01 07:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-14 12:01 - 2018-03-01 07:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-14 12:01 - 2018-03-01 07:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 12:01 - 2018-03-01 07:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 12:01 - 2018-03-01 07:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 12:01 - 2018-03-01 07:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 12:01 - 2018-03-01 07:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 12:01 - 2018-03-01 07:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 12:01 - 2018-03-01 07:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 12:01 - 2018-03-01 07:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-14 12:01 - 2018-03-01 07:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 12:01 - 2018-03-01 07:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-14 12:01 - 2018-03-01 07:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-14 12:01 - 2018-03-01 07:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 12:01 - 2018-03-01 07:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 12:01 - 2018-03-01 07:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 12:01 - 2018-03-01 07:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 12:01 - 2018-03-01 07:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 12:01 - 2018-03-01 07:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 12:01 - 2018-03-01 07:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 12:01 - 2018-03-01 07:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 12:01 - 2018-03-01 07:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 12:01 - 2018-03-01 07:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 12:01 - 2018-03-01 07:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-14 12:01 - 2018-03-01 07:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-14 12:01 - 2018-03-01 07:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-14 12:01 - 2018-03-01 07:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 12:01 - 2018-03-01 07:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 12:01 - 2018-03-01 07:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 12:01 - 2018-03-01 07:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 12:01 - 2018-03-01 07:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-14 12:01 - 2018-03-01 07:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-14 12:01 - 2018-02-22 04:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-14 12:01 - 2018-02-22 04:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-14 12:01 - 2018-02-22 04:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-14 12:01 - 2018-02-22 04:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-14 12:01 - 2018-02-22 04:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 12:01 - 2018-02-22 03:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-14 12:01 - 2018-02-22 03:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 12:01 - 2018-02-22 03:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 12:01 - 2018-02-22 02:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-14 12:01 - 2018-02-22 02:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 12:01 - 2018-02-22 02:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 12:01 - 2018-02-22 02:26 - 000441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2018-03-14 12:01 - 2018-02-22 02:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-14 12:01 - 2018-02-22 02:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-14 12:01 - 2018-02-22 02:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-14 11:46 - 2018-04-10 12:36 - 000004582 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
====================
--- --- ---
--- --- ---
--- --- --- Code:
--- --- ---
One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-10 13:10 - 2016-06-24 14:53 - 000000000 ____D C:\Users\Medicus\AppData\Roaming\MPC-HC
2018-04-10 12:36 - 2018-01-27 17:50 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-04-10 12:36 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-04-10 12:36 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-04-10 12:18 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-10 10:42 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-10 10:42 - 2017-04-16 13:17 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-10 09:45 - 2016-09-29 11:00 - 000000000 ____D C:\Users\Medicus\Desktop\RevoUninstaller_Portable
2018-04-10 09:41 - 2016-12-16 18:51 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2018-04-10 09:41 - 2016-12-16 18:50 - 000000000 ____D C:\Program Files\Rockstar Games
2018-04-10 09:40 - 2016-08-06 10:52 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2018-04-10 09:18 - 2016-06-24 02:18 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-10 09:17 - 2016-07-08 19:55 - 000000000 ____D C:\Users\Medicus\AppData\Local\CrashDumps
2018-04-10 08:50 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-10 08:50 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-10 08:48 - 2017-11-23 11:32 - 000004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5477657D-517D-4626-934E-DE6FD4255CFE}
2018-04-10 08:41 - 2016-09-23 18:17 - 000000000 ____D C:\Users\Medicus\AppData\LocalLow\Mozilla
2018-04-09 23:03 - 2017-11-23 11:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-07 12:47 - 2016-10-20 14:23 - 000000000 ____D C:\Users\Medicus\AppData\Roaming\Anvsoft
2018-04-06 12:11 - 2017-03-09 01:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-04-06 05:48 - 2017-12-16 00:25 - 000000000 ____D C:\Users\Medicus\AppData\Local\PlaceholderTileLogoFolder
2018-04-04 11:29 - 2016-06-24 02:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-04 11:23 - 2017-11-23 11:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-04 11:22 - 2017-09-29 10:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-04-03 00:12 - 2017-11-23 11:10 - 001953966 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-02 13:19 - 2016-07-02 00:33 - 000000016 _____ C:\Users\Medicus\AppData\Roaming\msregsvv.dll
2018-04-02 13:19 - 2016-07-02 00:33 - 000000016 _____ C:\ProgramData\autobk.inc
2018-03-31 18:17 - 2017-12-08 04:14 - 000000000 ____D C:\Users\Medicus\Desktop\MP3
2018-03-31 10:37 - 2017-04-25 17:10 - 000000000 ____D C:\AdwCleaner
2018-03-28 09:45 - 2017-11-23 11:16 - 000000000 ____D C:\Users\Medicus\AppData\Local\Packages
2018-03-27 18:15 - 2017-06-24 15:53 - 000000000 ____D C:\Program Files (x86)\Riffstation Trial
2018-03-26 20:29 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-26 19:50 - 2017-06-08 14:34 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-25 17:15 - 2017-11-23 11:15 - 000000000 ____D C:\Users\Medicus
2018-03-25 04:06 - 2016-07-16 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2018-03-25 03:51 - 2017-06-17 14:18 - 000000000 ____D C:\Program Files\IK Multimedia
2018-03-25 03:51 - 2016-07-16 21:55 - 000000000 ____D C:\Program Files (x86)\IK Multimedia
2018-03-20 20:08 - 2017-11-23 11:32 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1853789797-2485788889-945615179-1001
2018-03-20 20:08 - 2016-07-27 11:16 - 000002409 _____ C:\Users\Medicus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-20 20:07 - 2016-07-27 11:16 - 000000000 ___RD C:\Users\Medicus\OneDrive
2018-03-17 17:18 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-15 12:57 - 2017-09-29 15:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-15 12:50 - 2017-11-23 11:36 - 000000000 ___RD C:\Users\Medicus\3D Objects
2018-03-15 12:50 - 2016-04-27 08:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-15 12:48 - 2017-11-23 11:07 - 000221968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-15 03:44 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-15 03:44 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-15 03:44 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-15 03:44 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-14 22:47 - 2017-02-28 21:15 - 000187904 _____ C:\Users\Medicus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-03-14 12:13 - 2016-07-28 13:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-14 12:08 - 2017-10-11 13:35 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 12:08 - 2016-07-28 13:55 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-14 12:03 - 2017-09-29 15:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 12:03 - 2017-09-29 15:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
==================== Files in the root of some directories =======
2016-07-02 00:33 - 2018-04-02 13:19 - 000000016 _____ () C:\Users\Medicus\AppData\Roaming\msregsvv.dll
2017-02-28 21:15 - 2018-03-14 22:47 - 000187904 _____ () C:\Users\Medicus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-01 21:37 - 2017-02-10 02:01 - 000007590 _____ () C:\Users\Medicus\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-04-03 23:38
==================== End of FRST.txt ============================
[CODE]Additional
FRST Logfile:
FRST Logfile: Code:
scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Medicus (10-04-2018 13:14:10)
Running from C:\Users\Medicus\Desktop
Windows 10 Pro Version 1709 16299.309 (X64) (2017-11-23 09:36:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1853789797-2485788889-945615179-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1853789797-2485788889-945615179-503 - Limited - Disabled)
Guest (S-1-5-21-1853789797-2485788889-945615179-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1853789797-2485788889-945615179-1002 - Limited - Enabled)
Medicus (S-1-5-21-1853789797-2485788889-945615179-1001 - Administrator - Enabled) => C:\Users\Medicus
WDAGUtilityAccount (S-1-5-21-1853789797-2485788889-945615179-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3DYD Youtube Source (remove only) (HKLM-x32\...\3DYD Youtube Source) (Version: - )
7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AmpliTube 4 version 4.2.0 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.2.0 - IK Multimedia)
Any Video Converter 6.0.4 (HKLM-x32\...\Any Video Converter) (Version: 6.0.4 - Anvsoft)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version: - )
DirectVobSub (remove only) (HKLM-x32\...\DirectVobSub) (Version: - )
ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - )
FFMPEG Core Files (remove only) (HKLM-x32\...\FFMPEG Core Files) (Version: - )
Focusrite USB Audio Driver 1.10 (HKLM\...\Focusrite USB Audio Driver_is1) (Version: 1.10 - Focusrite Audio Engineering Ltd.)
GetDataBack for NTFS (HKLM-x32\...\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 4.33.000 - Runtime Software)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
GST 2.3.8.4 (HKLM-x32\...\GuitarSpeedTrainer_is1) (Version: - GuitarSpeed.com)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
K-Lite Mega Codec Pack 12.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.0.5 - KLCP)
LAV Filters 0.71 (HKLM-x32\...\lavfilters_is1) (Version: 0.71 - Hendrik Leppkes)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
MadVR (remove only) (HKLM-x32\...\MadVR) (Version: - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1853789797-2485788889-945615179-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 60.0 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0 (x64 en-US)) (Version: 60.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.0.6668 - Mozilla)
Native Instruments Balinese Gamelan (HKLM-x32\...\Native Instruments Balinese Gamelan) (Version: - Native Instruments)
Native Instruments Berlin Concert Grand (HKLM-x32\...\Native Instruments Berlin Concert Grand) (Version: - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Pro Library for Maschine (HKLM-x32\...\Native Instruments Guitar Rig Pro Library for Maschine) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Komplete 9 Ultimate (HKLM-x32\...\Native Instruments Komplete 9 Ultimate) (Version: - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.2.1.6382 - Native Instruments)
Native Instruments Kore Controller Driver (HKLM-x32\...\Native Instruments Kore Controller Driver) (Version: - Native Instruments)
Native Instruments Rammfire (HKLM-x32\...\Native Instruments Rammfire) (Version: - Native Instruments)
Native Instruments Rammfire for Maschine (HKLM-x32\...\Native Instruments Rammfire for Maschine) (Version: - Native Instruments)
Native Instruments Reflektor (HKLM-x32\...\Native Instruments Reflektor) (Version: - Native Instruments)
Native Instruments Reflektor for Maschine (HKLM-x32\...\Native Instruments Reflektor for Maschine) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Scarbee Vintage Keys (HKLM-x32\...\Native Instruments Scarbee Vintage Keys) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.0.1093 - Native Instruments)
Native Instruments The Giant (HKLM-x32\...\Native Instruments The Giant) (Version: - Native Instruments)
Native Instruments Traktors 12 (HKLM-x32\...\Native Instruments Traktors 12) (Version: - Native Instruments)
Native Instruments Traktors 12 for Maschine (HKLM-x32\...\Native Instruments Traktors 12 for Maschine) (Version: - Native Instruments)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0033 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
SRS Audio Sandbox (HKLM\...\{542C6F13-6861-4010-9EBC-6F068D397AD8}) (Version: 1.10.0200 - SRS Labs, Inc.)
SRS Audio Sandbox (HKLM\...\{C3CBE4AD-CC84-484F-8E44-CFB303BFDA4D}) (Version: 1.09.0004 - SRS Labs, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Thrustmaster FFB Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 1.FFD.2009 - Thrustmaster)
VRM Box 1.2 (HKLM\...\VRM Box_is1) (Version: 0 - Focusrite Audio Engineering Ltd.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version: 14.1 - Inmatrix LTD)
Zoom Player deutsche Sprachdateien (entfernen) (HKLM-x32\...\ZoomPlayer_German) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers1-x32: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers4-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers4-x32: [ZPShellExt] -> {ABE00001-0123-ABED-1248-0248ADFA1909} => C:\Program Files (x86)\Zoom Player\zpshlext64.dll [2017-07-05] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers6-x32: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0DF2059C-37B5-413E-BC08-2BACC2A9594D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0FDD946C-8B9F-449F-B500-CB9E3F0AF96D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {16272DCC-439B-48E6-AC1B-D5D6738F1628} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {17FC356E-384F-4E73-95CC-61F8E10A06A1} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {1C82FB50-F7AD-4439-9D26-D848FDBF2517} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {26F8B7D7-5041-486E-AF33-8902A0085C46} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {2B9A126B-A65E-4A15-835E-F144F8F367FD} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {33C2C9A8-BECE-4D0B-9522-404547B7A79D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {37FB6FEB-6C8E-4419-94C4-E52A2E19E8B2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3A3ECAB9-8ADE-48AD-8E3B-300978E02D8B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {3E784B52-0211-4FD5-96E7-E44A4AE0CE32} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {51A4F67D-3941-41AC-A1B7-68DC693619D4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5A4B63C0-81CB-49CD-A22D-00E46D8B2765} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {5E72AABA-AFB4-489C-9C77-502E4767E299} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {60C6AA12-E027-47C8-81D0-F5D50B3AABB5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {60D981AA-2D52-473E-8495-DB1148F0CC27} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {76D5E0BE-CD99-415A-B8C5-A289C06C83CC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {790503DB-FB8D-481F-AA0D-0E63FCC206DB} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {96AED945-C994-4511-8A78-8B2DC6A87A32} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {96E0B9FB-C845-49F6-BC74-1DEA14FF437D} - System32\Tasks\Win Update => c:\Intell\POOL\russian.vbs
Task: {A35332EF-4A43-46F6-9CAF-98BFF8D73808} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A8EEF1E1-9075-435E-8F67-71CC5C460596} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A9422A14-7A6C-4438-91C3-EF72956F96D5} - System32\Tasks\{6CC31CFE-0B37-46CF-ACE2-B8DDCB5059D1} => C:\WINDOWS\system32\pcalua.exe
Task: {B8FD22B4-8193-4365-9929-50859218200D} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {BAC2559F-4726-442E-9462-973B26B74F0B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {D0C3E02D-85C3-4747-BB77-4C47B9E79942} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {D592A344-DC22-47F6-B21B-831FC62ADD96} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {D7A45714-9741-46F7-A359-901FEF531B52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {DC8D4D4D-5951-4CBD-95AE-D4A5307D1800} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {E14C97B8-2A84-4B4E-8D41-9EF561E453A2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E8837F47-ED7C-403F-BE47-CF56E34E87E4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EBB7A4FA-D6DC-4296-A198-43132E8B46F3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EF209259-BEBC-4016-B352-2A7063850E3E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {F03723C4-5D65-4015-B995-1B8C116D5BA0} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {F0B9DFC6-E1CC-46AD-9290-197E8F90B507} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F3EB4259-CE20-489D-943F-62F83FF92398} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-08-07 14:44 - 2016-08-08 20:36 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-06-24 02:10 - 2012-01-12 15:56 - 000194048 _____ () C:\Program Files\Focusrite\VRM Box\VRMService.exe
2018-04-04 11:31 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-29 15:41 - 2017-09-29 15:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-14 12:01 - 2018-02-22 02:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 12:02 - 2018-02-22 02:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-06 23:58 - 2018-03-06 23:58 - 000087936 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2018-03-24 12:11 - 2018-03-24 12:11 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-24 12:11 - 2018-03-24 12:11 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-24 12:11 - 2018-03-24 12:11 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-24 12:11 - 2018-03-24 12:11 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\skypert.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1853789797-2485788889-945615179-1001\...\localhost -> localhost
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2016-08-11 22:29 - 000000835 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1853789797-2485788889-945615179-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Medicus\Desktop\landscape.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: DigitalWave.Update.Service => 2
MSCONFIG\Services: MOTU_ZeroConf => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "MOTU Pedal Service.lnk"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-1853789797-2485788889-945615179-1001\...\StartupApproved\StartupFolder: => "Sticky Notes.lnk"
HKU\S-1-5-21-1853789797-2485788889-945615179-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1853789797-2485788889-945615179-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-1853789797-2485788889-945615179-1001\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-1853789797-2485788889-945615179-1001\...\StartupApproved\Run: => "World of Tanks"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{6FA39520-5D6F-4B19-B48F-DBBD9A05846A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{20403924-BD42-419E-ADE2-36119143784B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{DD94E3BB-CB74-47AC-A368-68FA61063BA0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B864011A-23B2-4A9B-A8CC-8B26141BF5C6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [UDP Query User{F8C261F6-A856-4225-92F7-5248E7A53E96}D:\steamlibrary\steamapps\common\dirty bomb\binaries\win32\shootergame-win32-shipping.exe] => (Block) D:\steamlibrary\steamapps\common\dirty bomb\binaries\win32\shootergame-win32-shipping.exe
FirewallRules: [TCP Query User{21C26BD8-9590-42F3-98C1-33C7B0832F80}D:\steamlibrary\steamapps\common\dirty bomb\binaries\win32\shootergame-win32-shipping.exe] => (Block) D:\steamlibrary\steamapps\common\dirty bomb\binaries\win32\shootergame-win32-shipping.exe
FirewallRules: [{C3BFE218-FBD4-4895-BCD3-AD7639787F77}] => (Allow) D:\SteamLibrary\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{F79AA323-D8F1-4E8B-855F-48C4886813A5}] => (Allow) D:\SteamLibrary\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{CC97C140-AF2C-4F50-BA24-8673931DEDA0}] => (Allow) D:\SteamLibrary\steamapps\common\pirates, vikings and knights ii\sdkbase_pvkii\hl2.exe
FirewallRules: [{7F320B26-1634-42ED-813E-9C416106618D}] => (Allow) D:\SteamLibrary\steamapps\common\pirates, vikings and knights ii\sdkbase_pvkii\hl2.exe
FirewallRules: [{FEA1242B-02BE-4ADF-8B59-968E55418465}] => (Allow) D:\SteamLibrary\steamapps\common\The Pirate Caribbean Hunt\ThePirate.exe
FirewallRules: [{4CD2FD76-CAEF-47D7-8927-923AD59A4768}] => (Allow) D:\SteamLibrary\steamapps\common\The Pirate Caribbean Hunt\ThePirate.exe
FirewallRules: [{1EBA1560-CAD6-407B-A9D1-0354BB808535}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{7FC610EC-87FD-42AD-AEAA-12135F94572D}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [UDP Query User{EBD9239A-353F-49E6-AF66-14C0A8ABB0D2}D:\program files (x86)\kodi\kodi.exe] => (Allow) D:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{140BCF6F-CE18-49B5-BDCE-09EC99B10CAA}D:\program files (x86)\kodi\kodi.exe] => (Allow) D:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{63213D95-5C81-4139-86B6-D97CE7F168AB}E:2\steamlibrary\steamapps\common\fistful of frags\sdk\hl2.exe] => (Block) E:2\steamlibrary\steamapps\common\fistful of frags\sdk\hl2.exe
FirewallRules: [TCP Query User{D9D2B78D-E9AD-43A6-8F08-D219B430B2E9}E:2\steamlibrary\steamapps\common\fistful of frags\sdk\hl2.exe] => (Block) E:2\steamlibrary\steamapps\common\fistful of frags\sdk\hl2.exe
FirewallRules: [{C54D9812-5B73-4345-A3FD-3835D3BEF55B}] => (Allow) E:1\SteamLibrary\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{CE223C2A-87C0-4B2F-8470-12EBDD3FF770}] => (Allow) E:1\SteamLibrary\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{6730BC33-D207-4199-BC90-0CFC55D4B146}] => (Allow) E:1\SteamLibrary\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{7004A60D-0A27-455F-9057-F1D6E7CD3972}] => (Allow) E:1\SteamLibrary\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{E4A14C11-8283-4A9D-8005-4E9C81DD023C}] => (Allow) G:\SteamLibrary\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{A2E7A9A4-72A1-4968-BF83-3F37A19CB5DF}] => (Allow) G:\SteamLibrary\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{AACFF99C-4432-45F1-8BA9-0EBE12D8BCCC}] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{6F67B30C-E02A-48A0-B28F-863DDB17B1B8}] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{C9EDA305-73D3-4EAC-AEAC-B9435C58894C}] => (Allow) L:\SteamLibrary\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{D9D18F2A-FD60-4F52-9F15-C0A04B10F77D}] => (Allow) L:\SteamLibrary\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [UDP Query User{0BA5DF00-9654-480E-9DB5-4A47D67E99BD}L:\steamlibrary\steamapps\common\war thunder\launcher.exe] => (Allow) L:\steamlibrary\steamapps\common\war thunder\launcher.exe
FirewallRules: [TCP Query User{90C25D3A-8717-4547-B519-F9A8D8A8FFC0}L:\steamlibrary\steamapps\common\war thunder\launcher.exe] => (Allow) L:\steamlibrary\steamapps\common\war thunder\launcher.exe
FirewallRules: [{29F8EF73-F80A-423E-81D2-241CBCEA395B}] => (Allow) L:\SteamLibrary\steamapps\common\Red Orchestra 2\Binaries\Win32\HotwLauncher.exe
FirewallRules: [{AC492730-7815-480F-8A8A-1BC172A88343}] => (Allow) L:\SteamLibrary\steamapps\common\Red Orchestra 2\Binaries\Win32\HotwLauncher.exe
FirewallRules: [{5B4F1875-C1DC-4DB7-9D07-55AD89D2DEBB}] => (Allow) L:\SteamLibrary\steamapps\common\Hawken\Binaries\Win64\HawkenGame-Win64-Shipping.exe
FirewallRules: [{E2218E1D-6495-4AF2-94A8-0C66FD920CDE}] => (Allow) L:\SteamLibrary\steamapps\common\Hawken\Binaries\Win64\HawkenGame-Win64-Shipping.exe
FirewallRules: [{F26610B0-927C-411A-85AC-417B9D100239}] => (Allow) L:\SteamLibrary\steamapps\common\Commanders\Commanders.exe
FirewallRules: [{BA0DDCED-699A-4879-81A8-9A9A0558D0FD}] => (Allow) L:\SteamLibrary\steamapps\common\Commanders\Commanders.exe
FirewallRules: [UDP Query User{DEF4401E-3DBC-40B6-924E-64AF4934BDBA}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{B5520301-3E2B-44D5-BEF2-331937766B74}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{7A0B3540-DAFD-4C6A-B6C2-13FA75BB6CB2}] => (Allow) L:\SteamLibrary\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{F6698290-3133-4387-B612-B965664E8675}] => (Allow) L:\SteamLibrary\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{8128D45D-C145-4C08-8838-C02D87471643}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4AB7FCF8-5628-497F-8914-BD7FF95995B2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{34CA5D15-7EC3-4D3B-9199-90ED98E7C5A6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{26501EAC-B8E0-44E7-9EAD-03FF9D8BDA92}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{7992752A-9111-4196-98EF-7C8B184DFB64}L:\steamlibrary\steamapps\common\fistful of frags\sdk\hl2.exe] => (Allow) L:\steamlibrary\steamapps\common\fistful of frags\sdk\hl2.exe
FirewallRules: [UDP Query User{8269B3BF-4688-443A-A697-75C0540B9462}L:\steamlibrary\steamapps\common\fistful of frags\sdk\hl2.exe] => (Allow) L:\steamlibrary\steamapps\common\fistful of frags\sdk\hl2.exe
FirewallRules: [{063182B7-1BFA-4A42-9F35-0B7F90457353}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2B0210B6-A216-4F61-BFD4-FDD5F5F5650B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7918FAF9-9933-4C14-A382-CED31A424CB5}] => (Allow) L:\SteamLibrary\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{B67362DA-594C-472A-9003-955026773AE5}] => (Allow) L:\SteamLibrary\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{B3A4DA76-FD54-40BD-852E-84C7F0E64929}] => (Allow) L:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{98B6C02C-2D1C-41E5-B6EC-CC30283A1B6A}] => (Allow) L:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{B3401ADF-D5F6-4F3C-B0EE-BD03E56F39F0}] => (Allow) D:\SteamLibrary\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{E2A78CB8-19F8-47DC-ABC7-31B970519435}] => (Allow) D:\SteamLibrary\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [TCP Query User{48ED80EB-20B1-4F3F-85F2-F4239DF4D9CF}C:\program files (x86)\zoom player\zplayer.exe] => (Allow) C:\program files (x86)\zoom player\zplayer.exe
FirewallRules: [UDP Query User{5201B8B7-EE82-4B97-963E-8A22DE4F8973}C:\program files (x86)\zoom player\zplayer.exe] => (Allow) C:\program files (x86)\zoom player\zplayer.exe
FirewallRules: [TCP Query User{EDB67940-7E0E-4AF4-AD7D-46C82B0F870A}D:\league\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Block) D:\league\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [UDP Query User{6A459069-4429-4DCC-8F4F-867F57AAC3B6}D:\league\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Block) D:\league\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/10/2018 12:48:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2018.18022.15810.0, time stamp: 0x5abea41c
Faulting module name: SharedLibrary.dll, version: 1.7.25531.0, time stamp: 0x597af36c
Exception code: 0x00001007
Fault offset: 0x0000000000493b3f
Faulting process id: 0x11cb4
Faulting application start time: 0x01d3d0b90558ca9b
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
Report Id: d320106c-6fc1-4430-97ea-56e59f875069
Faulting package full name: Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Error: (04/10/2018 09:53:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2018.18022.15810.0, time stamp: 0x5abea41c
Faulting module name: SharedLibrary.dll, version: 1.7.25531.0, time stamp: 0x597af36c
Exception code: 0x00001007
Fault offset: 0x0000000000493b3f
Faulting process id: 0x148fc
Faulting application start time: 0x01d3d0a0f27cc835
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
Report Id: 3c58115f-381c-4670-a66b-3ee65a78f826
Faulting package full name: Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Error: (04/10/2018 08:42:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 60.0.0.6668, time stamp: 0x5ac51736
Faulting module name: shcore.dll, version: 10.0.16299.15, time stamp: 0x6c07e48f
Exception code: 0xc0000005
Fault offset: 0x0000000000036c7a
Faulting process id: 0x12f88
Faulting application start time: 0x01d3d096f0ec7485
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\WINDOWS\System32\shcore.dll
Report Id: d1a100bf-189f-46b2-8deb-197a9104712f
Faulting package full name:
Faulting package-relative application ID:
Error: (04/09/2018 12:37:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Medicus-PC)
Description: Package microsoft.windowscommunicationsapps_17.9126.21425.0_x64__8wekyb3d8bbwe+microsoft.windowslive.mail was terminated because it took too long to suspend.
Error: (04/09/2018 12:35:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 60.0.0.6668, time stamp: 0x5ac51736
Faulting module name: shcore.dll, version: 10.0.16299.15, time stamp: 0x6c07e48f
Exception code: 0xc0000005
Fault offset: 0x0000000000036c7a
Faulting process id: 0x12130
Faulting application start time: 0x01d3cfee5da4a81d
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\WINDOWS\System32\shcore.dll
Report Id: 750eec0d-68f0-4023-9c45-6608a25097d6
Faulting package full name:
Faulting package-relative application ID:
Error: (04/07/2018 12:47:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 60.0.0.6668, time stamp: 0x5ac51736
Faulting module name: shcore.dll, version: 10.0.16299.15, time stamp: 0x6c07e48f
Exception code: 0xc0000005
Fault offset: 0x0000000000036c7a
Faulting process id: 0x699c
Faulting application start time: 0x01d3ce5dd87b7cfb
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\WINDOWS\System32\shcore.dll
Report Id: 6a8edb9a-27ac-4d1b-a934-891794aadd83
Faulting package full name:
Faulting package-relative application ID:
Error: (04/04/2018 01:00:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.634, time stamp: 0x5a7e0996
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xc0000005
Fault offset: 0x000000000004be7b
Faulting process id: 0x11dc
Faulting application start time: 0x01d3caced4e48464
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 2fe98e04-e69b-441c-b03f-45e3659caf0f
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (04/10/2018 08:39:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/10/2018 08:39:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/10/2018 08:39:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/10/2018 08:39:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/09/2018 12:42:23 PM) (Source: DCOM) (EventID: 10001) (User: Medicus-PC)
Description: Unable to start a DCOM Server: microsoft.windowscommunicationsapps_17.9126.21425.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca as Unavailable/Unavailable. The error:
"15616"
Happened while starting this command:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9126.21425.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
Error: (04/09/2018 12:33:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/09/2018 12:33:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/09/2018 12:33:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2018-04-04 11:48:47.865
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1AFFCEA4-32FF-4766-8B64-4448022C59B3}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-04-03 10:51:01.464
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {98BEC4AA-0DCB-4E4D-9F6E-531AE96A7027}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-04-03 10:45:28.283
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {11B4F297-2D57-4EDC-93EF-87F73C0258C7}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-04-03 10:38:11.892
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {94E8F2E3-7871-4030-84FA-7E8E823FB3D5}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-04-03 10:32:42.175
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D1023ECF-96A6-436A-93AF-558313FA6EF1}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-26 13:45:56.565
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1612.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-02-26 13:45:56.564
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-02-26 13:45:56.552
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1612.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-02-26 13:45:56.551
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1612.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-02-26 13:45:56.550
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1612.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2017-12-27 15:35:52.596
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-12-27 15:35:46.293
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dbgeng.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-12-27 15:35:46.269
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-12-27 15:35:46.099
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz
Percentage of memory in use: 83%
Total physical RAM: 4095.17 MB
Available physical RAM: 694.58 MB
Total Virtual: 8447.17 MB
Available Virtual: 3173.93 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:45.92 GB) (Free:5.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Fixed) (Total:187.25 GB) (Free:6.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (N:) (Fixed) (Total:596.17 GB) (Free:70.81 GB) NTFS
Drive f: () (Fixed) (Total:232.58 GB) (Free:4.78 GB) NTFS
Drive g: () (Fixed) (Total:195.31 GB) (Free:48.99 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: () (Fixed) (Total:270.44 GB) (Free:19.1 GB) NTFS
Drive l: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:267.44 GB) NTFS
Drive z: () (Fixed) (Total:596.17 GB) (Free:2.45 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: DF66569A)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 309A3099)
Partition 1: (Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270.4 GB) - (Type=0F Extended)
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 5BC53D8B)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 006FC678)
Partition 1: (Not Active) - (Size=45.9 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=187.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.6 GB) - (Type=05)
========================================================
Disk: 4 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 9CC1E5BA)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
--- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- --- |
FRST 32-Bit | FRST 64-Bit
Lesestoff:
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
SecurityCheck und:
dann auf 
und dann auf 
.