PrinceZuko
2017-11-11, 02:06
Hi everyone
When I run Spybot it picks up HKU\S-1-5-21 and I can't get rid of it. When I do fix selected and re-run Spybot it's still there. Similarly if I go into Regedit and delete it there it comes back.
Spybot Search results:
12968
Can you please advise/assist me in getting rid of it permanently. If you need more information please let me know.
Farbar Recovery Scan Logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by Zuko (administrator) on DESKTOP-4UM6KOQ (11-11-2017 07:28:45)
Running from E:\Zuko\Documents
Loaded Profiles: Zuko & (Available Profiles: Zuko)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(LULU Software) E:\Program Files (x86)\Soda PDF Desktop\creator-ws.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IObit) E:\Program Files (x86)\Advanced SystemCare\Monitor.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Apple Inc.) E:\Program Files\Itunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) E:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5857\Agent.exe
(Blizzard Entertainment) E:\Program Files\Battle.net\Battle.net.9526\Battle.net.exe
() E:\Program Files\Battle.net\Battle.net.9526\Battle.net Helper.exe
() E:\Program Files\Battle.net\Battle.net.9526\Battle.net Helper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(HYBRIDWEB.de ) C:\Program Files (x86)\FLV-Media-Player\FLV-Media-Player.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18384352 2017-11-09] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-14] (AVAST Software)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [1878016 2017-04-19] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124360 2017-04-19] (WinZip Computing, S.L.)
HKLM\...\Run: [iTunesHelper] => E:\Program Files\Itunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-12-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => E:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-25] (cyberlink)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\Zuko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-05-21]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{402a644d-d5d7-400c-8b2b-9b5321fad6b3}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-3673527687-835348104-2445433957-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-3673527687-835348104-2445433957-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arrowcomputers.com.au/
HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arrowcomputers.com.au/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-08] (Microsoft Corporation)
DPF: HKLM-x32 {FD49A633-89F6-451C-9ADD-8160F8E5AA2B} hxxps://www.onesourcelogin.com.au/GFRCheckBrowser.dll
Handler: gopher - No CLSID Value
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll [2017-09-29] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\SysWOW64\urlmon.dll [2017-09-29] (Microsoft Corporation)
Filter: deflate - No CLSID Value
Filter: gzip - No CLSID Value
Filter: lzdhtml - No CLSID Value
FireFox:
========
FF HKLM\...\Firefox\Extensions: [soda_pdf_desktop_conv@sodapdf.com] - E:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv@sodapdf.com.xpi
FF Extension: (Soda PDF Desktop Creator) - E:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv@sodapdf.com.xpi [2017-06-20]
FF HKLM-x32\...\Firefox\Extensions: [soda_pdf_desktop_conv_x86_component@sodapdf.com] - C:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv_x86_component@sodapdf.com.xpi
FF Extension: (Soda PDF Desktop Creator) - C:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv_x86_component@sodapdf.com.xpi [2017-06-20]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default [2017-11-11]
CHR Extension: (Slides) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (YouTube) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-10-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Avast SafePrice) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-28]
CHR Extension: (Sheets) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-14] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-14] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-10-31] (Microsoft Corporation)
S3 CLKMSVC10_F47B619C; E:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-25] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-25] (NVIDIA Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-28] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-25] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-25] (NVIDIA Corporation)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 Soda PDF Desktop; E:\Program Files (x86)\Soda PDF Desktop\ws.exe [2711288 2017-06-20] (LULU Software)
R2 Soda PDF Desktop Creator; E:\Program Files (x86)\Soda PDF Desktop\creator-ws.exe [757504 2017-06-20] (LULU Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-14] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-14] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-14] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-14] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-14] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-14] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-14] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-14] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-14] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-14] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [167592 2017-07-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-14] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-07-02] (ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-04-30] (REALiX(tm))
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-14] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f936d37e592b25aa\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-11-09] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-11-09] (Realtek )
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-11 07:28 - 2017-11-11 07:28 - 000000000 ____D C:\FRST
2017-11-11 07:12 - 2017-11-11 07:12 - 000003030 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Zuko)
2017-11-10 21:13 - 2017-11-10 21:13 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-09 22:36 - 2017-11-09 22:36 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-09 21:37 - 2017-11-09 21:37 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-09 21:37 - 2017-11-09 21:37 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-09 21:32 - 2017-11-09 21:32 - 000466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2017-11-09 21:32 - 2017-11-09 21:32 - 000444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2017-11-09 21:32 - 2017-11-09 21:32 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2017-11-09 21:32 - 2017-11-09 21:32 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2017-11-09 21:32 - 2017-11-09 21:32 - 000000000 ____D C:\Program Files (x86)\OpenAL
2017-11-09 21:31 - 2017-11-09 21:31 - 040237688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 036239480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 035156928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 029270976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 023262280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 019037416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 013864048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 013254520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 011779328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 010882720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 004485048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 004201592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 003817584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 003614328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001989056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438813.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001673848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438813.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001321448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001099712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001038680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001031104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001010648 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2017-11-09 21:31 - 2017-11-09 21:31 - 000981112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000932288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000794392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000739448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000615544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000598464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000505976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-11-09 21:30 - 2017-11-09 21:30 - 015213680 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE3.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 012935679 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-11-09 21:30 - 2017-11-09 21:30 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 006264632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 005839840 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-11-09 21:30 - 2017-11-09 21:30 - 005346992 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003509232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003507688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003299816 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003093328 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 002993720 _____ (Audyssey Labs) C:\WINDOWS\system32\AudysseyEfx.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 002444680 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 002210272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 002190984 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001959600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001616680 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001554600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001347136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001326424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001170872 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001133064 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001016928 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000965024 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000877424 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000873456 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000868176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000866640 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000737960 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000708304 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000680544 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000609392 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000604792 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000526280 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000447712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000445392 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000416504 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000406448 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000378376 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000366120 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000362048 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000360344 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000310416 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000253856 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000231912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000221960 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000209528 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000203840 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000179592 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000158696 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000154352 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000134192 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000118584 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000115120 _____ (Conexant System, Inc.) C:\WINDOWS\system32\Caf64api.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000105304 _____ C:\WINDOWS\system32\audioLibVc.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000090912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000088320 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000084608 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000050808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-11-09 21:30 - 2017-11-09 21:30 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-11-09 21:29 - 2017-11-09 21:30 - 072520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-11-09 21:29 - 2017-11-09 21:29 - 003677152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-11-09 21:29 - 2017-11-09 21:29 - 000205984 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2017-10-28 16:15 - 2017-10-28 16:15 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438792.dll
2017-10-28 16:15 - 2017-10-28 16:15 - 001606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438792.dll
2017-10-28 16:15 - 2017-10-28 16:15 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-10-28 16:15 - 2017-10-28 16:15 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-10-28 16:14 - 2017-10-28 16:14 - 001615472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-10-28 16:14 - 2017-10-28 16:14 - 000225208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-10-28 16:14 - 2017-10-28 16:14 - 000045496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-10-28 15:06 - 2017-11-09 21:33 - 000001102 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
2017-10-28 15:06 - 2017-10-28 15:06 - 000003384 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2017-10-28 15:06 - 2017-10-28 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-10-14 07:34 - 2017-10-14 07:34 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-14 07:34 - 2017-10-14 07:34 - 000001927 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-14 07:34 - 2017-10-14 07:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-14 07:34 - 2017-10-14 07:34 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-14 07:34 - 2017-10-14 07:34 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-14 07:34 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-12 07:20 - 2017-10-12 07:20 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-12 07:20 - 2017-10-12 07:20 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-11 07:27 - 2015-12-24 12:59 - 000000000 ____D C:\Users\Zuko\AppData\Local\Battle.net
2017-11-11 07:10 - 2017-07-12 18:01 - 000000000 ____D C:\Users\Zuko
2017-11-11 06:55 - 2017-07-12 18:04 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{50A2D60F-92DF-48A9-A2E9-2ABBFC67B73D}
2017-11-10 23:10 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-10 23:10 - 2017-07-12 18:00 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-10 21:03 - 2017-07-12 18:10 - 001022802 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-10 20:57 - 2017-07-12 18:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-10 20:57 - 2017-03-18 19:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-11-10 20:10 - 2017-10-11 06:45 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-10 20:10 - 2016-01-15 23:25 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-10 19:18 - 2017-03-19 05:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-10 19:18 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-10 19:04 - 2017-05-14 21:16 - 000000000 ____D C:\Program Files\WinZip Smart Monitor
2017-11-09 22:24 - 2017-03-19 05:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-09 21:37 - 2017-03-19 04:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-09 21:30 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-11-09 21:30 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\system32\DAX3
2017-11-09 21:30 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-11-08 06:36 - 2017-03-19 05:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-08 06:36 - 2015-12-23 11:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-07 06:12 - 2017-04-30 20:26 - 000000000 ____D C:\ProgramData\ProductData
2017-11-04 22:47 - 2015-12-22 14:56 - 000000000 ____D C:\Users\Zuko\AppData\Local\Packages
2017-10-29 16:29 - 2017-06-24 16:41 - 000000000 ____D C:\Users\Zuko\AppData\Roaming\Twitch
2017-10-28 16:31 - 2016-02-14 12:24 - 000000000 ____D C:\Users\Zuko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
2017-10-28 16:16 - 2015-08-18 12:17 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-28 16:15 - 2017-07-12 18:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-10-28 16:15 - 2017-07-12 18:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-10-28 00:36 - 2017-07-12 18:00 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-10-28 00:12 - 2017-07-12 18:00 - 005960824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 002587768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 001766520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 000607168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 000449656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 000123000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-10-25 18:33 - 2017-07-12 18:00 - 007802921 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-10-14 07:34 - 2015-12-29 08:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-12 18:26 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-12 18:08 - 2015-08-18 12:06 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 18:07 - 2017-07-12 18:00 - 000268376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\Provisioning
==================== Files in the root of some directories =======
2017-07-12 18:00 - 2017-07-12 18:00 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-05 21:16
==================== End of FRST.txt ============================
******
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by Zuko (11-11-2017 07:29:09)
Running from E:\Zuko\Documents
Windows 10 Home Version 1703 15063.674 (X64) (2017-07-12 10:07:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3673527687-835348104-2445433957-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3673527687-835348104-2445433957-503 - Limited - Disabled)
Guest (S-1-5-21-3673527687-835348104-2445433957-501 - Limited - Disabled)
Zuko (S-1-5-21-3673527687-835348104-2445433957-1001 - Administrator - Enabled) => C:\Users\Zuko
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.5.0 - IObit)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call To Power 2 (HKLM-x32\...\GOGPACKCTP2_is1) (Version: 2.0.0.13 - GOG.com)
Chessmaster 10th Edition (HKLM-x32\...\{E9AE9A91-AB45-4321-87BD-AD34855D944F}) (Version: 1.00.0000 - Ubisoft) Hidden
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4703 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4715 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3708 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820 - CyberLink Corp.)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.0.3 - IObit)
e-Sword (HKLM-x32\...\{0BF38804-B6AE-4C32-9564-B0C0E7188D62}) (Version: 11.00.0006 - Rick Meyers)
FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de)
GOG.com Call to Power 2 (HKLM\...\{1d565035-1520-439a-9f68-c928cfc4a27a}.sdb) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.8625.2121 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8198 - Realtek Semiconductor Corp.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.0240 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
Soda PDF Desktop (HKLM-x32\...\SodaDesktop) (Version: 9.1.17.32870 - LULU Software)
Soda PDF Desktop Asian Fonts Pack (HKLM\...\{D59C90B6-81D4-4FEA-888C-CA917F795F5A}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Convert Module (HKLM\...\{EB936FE6-F9BA-449C-AE26-3046D0C1BF76}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Create Module (HKLM\...\{23651655-BF45-4104-AED1-059C0128B84B}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Edit Module (HKLM\...\{C08B8535-1D2F-4B20-9093-9B49F0951116}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Forms Module (HKLM\...\{13FEEE9E-1FDD-4384-9DF7-7BA709271B22}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Insert Module (HKLM\...\{7CEA93AB-232B-46DF-9D5B-95124EBA21FC}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop OCR Module (HKLM\...\{84741832-801A-469A-B4B0-E763BB8B97D9}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Review Module (HKLM\...\{6E84487A-3F99-481C-8BC4-4D55573FCA3D}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Secure Module (HKLM\...\{75A428F0-E727-4238-B8D4-71BAFD468882}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop View Module (HKLM\...\{42634740-548D-43E8-B421-21AC081637CE}) (Version: 9.2.7.33937 - LULU Software) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
STAR WARS - Galactic Battlegrounds Saga (HKLM\...\{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb) (Version: - )
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Warcraft III: All Products (HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\Warcraft III) (Version: - )
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )
WinZip 21.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410F}) (Version: 21.5.12480 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3673527687-835348104-2445433957-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => E:\Program Files (x86)\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SodaPDFDesktop_ManagerExt] -> {526A2ADD-BD9B-40E5-9D45-75EF6313FCE4} => E:\Program Files (x86)\Soda PDF Desktop\context-menu.dll [2017-06-20] (LULU Software)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => E:\Program Files (x86)\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => E:\Program Files (x86)\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-28] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0DA032B1-43DD-413A-BCDE-023C08AA8044} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {30839617-F4A1-4BA0-9310-7824E08ED3A7} - System32\Tasks\Driver Booster Scheduler => E:\Program Files (x86)\Driver Booster\5.0.3\Scheduler.exe [2017-10-16] (IObit)
Task: {37155674-6E53-4E66-88CF-3D62DFAF2168} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {3AC0F121-B0FA-4B88-AB3E-68E61A0A1DFC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-14] (AVAST Software)
Task: {45357EBC-3A17-46E4-931D-73DCAE65F0D5} - System32\Tasks\ASC10_PerformanceMonitor => E:\Program Files (x86)\Advanced SystemCare\Monitor.exe [2017-07-24] (IObit)
Task: {4CE54283-114E-4073-BEAB-F02297A407E3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {532EE9AC-C230-4440-866B-2E100F4B2EFF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {5A1E17CA-F975-47E7-B4C6-33619632EFE1} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-04-19] (WinZip)
Task: {91FBB8BA-DCB3-4B7A-B5DD-DCBB90E5E03E} - System32\Tasks\ASC10_SkipUac_Zuko => E:\Program Files (x86)\Advanced SystemCare\ASC.exe [2017-08-07] (IObit)
Task: {94313611-3170-4107-8E94-79A8B0068811} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software)
Task: {968F7109-99E2-4089-B221-656F9A9C84B4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {B0E806C2-9059-4017-94B9-C9EAAE642FA6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {C44A7BC8-19B9-4128-AC1D-6C615844168C} - System32\Tasks\{44E70D50-1EE9-4B55-9064-0E93EC957AD3} => C:\Windows\system32\pcalua.exe -a D:\autoplay.exe -d D:\
Task: {CA72E045-9899-4A52-862C-B79C911875BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {CFB534D6-662F-4371-BC11-6634B628B6AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {D8AF4534-70AE-4448-922F-9E16637B1A3B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {DC713506-1FF5-44BA-BCDD-605AA37A8E30} - System32\Tasks\Driver Booster SkipUAC (Zuko) => E:\Program Files (x86)\Driver Booster\5.0.3\DriverBooster.exe [2017-10-19] (IObit)
Task: {DDDCC9E4-73F4-49D9-A4E1-7C572F8B207B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {E5B24C58-9BA4-4F18-998C-47A188A05D8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {F55F6B87-0D07-4188-BA8C-EC9475BACB02} - System32\Tasks\SafeZone scheduled Autoupdate 1466942979 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-01-13 13:56 - 2017-01-13 13:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-14 07:34 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-07-12 18:00 - 2017-10-28 00:12 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-19 04:58 - 2017-03-19 04:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-19 04:59 - 2017-03-20 11:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-08 06:15 - 2017-11-08 06:18 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-08 06:15 - 2017-11-08 06:18 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-08 06:15 - 2017-11-08 06:18 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-08 06:15 - 2017-11-08 06:18 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\skypert.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () E:\Program Files\Itunes\zlib1.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () E:\Program Files\Itunes\libxml2.dll
2017-10-28 14:23 - 2017-10-28 14:23 - 002354152 _____ () E:\Program Files\Battle.net\Battle.net.9526\Battle.net Helper.exe
2017-09-27 06:12 - 2017-09-21 15:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-27 06:12 - 2017-09-21 15:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2016-03-20 20:50 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-03-20 20:50 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-03-20 20:50 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-03-20 20:50 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-03-20 20:50 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-22 14:25 - 2015-11-25 07:07 - 000012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-08-13 21:15 - 2016-08-18 18:43 - 000442144 _____ () E:\Program Files (x86)\Advanced SystemCare\madExcept_.bpl
2017-08-13 21:15 - 2016-08-18 18:43 - 000210720 _____ () E:\Program Files (x86)\Advanced SystemCare\madBasic_.bpl
2017-08-13 21:15 - 2016-08-18 18:43 - 000059680 _____ () E:\Program Files (x86)\Advanced SystemCare\madDisAsm_.bpl
2017-08-13 21:15 - 2016-11-01 10:11 - 000078624 _____ () E:\Program Files (x86)\Advanced SystemCare\GetProcessDLL.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 067717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2009-11-02 14:20 - 2009-11-02 14:20 - 000619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 14:23 - 2009-11-02 14:23 - 000013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2017-10-28 14:33 - 2017-10-28 14:33 - 055782888 _____ () E:\Program Files\Battle.net\Battle.net.9526\libcef.dll
2017-10-28 14:34 - 2017-10-28 14:34 - 000540336 _____ () E:\Program Files\Battle.net\Battle.net.9526\ortp.dll
2017-10-28 14:33 - 2017-10-28 14:33 - 000133632 _____ () E:\Program Files\Battle.net\Battle.net.9526\libEGL.dll
2017-10-28 14:33 - 2017-10-28 14:33 - 003384832 _____ () E:\Program Files\Battle.net\Battle.net.9526\libGLESv2.dll
2016-03-20 20:50 - 2014-04-25 14:11 - 002972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
2017-11-11 07:20 - 2017-11-11 07:20 - 000135168 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\0.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 000196608 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\1.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 000135168 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\2.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 000974848 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\3.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 002031616 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\4.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 000086016 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\5.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 000253952 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\7.mdd
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 19:04 - 2015-07-10 19:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804555\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804571\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3673527687-835348104-2445433957-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: Razer Game Scanner Service => 3
MSCONFIG\Services: RichVideo => 3
MSCONFIG\Services: WinZip Smart Monitor Service => 2
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0184D916-05D5-4C9E-8486-456460E0D63D}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{F68CA902-76AF-4802-9731-826F377B740E}] => (Allow) E:\Program Files (x86)\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{BB43DE6E-43C0-4755-AACD-155E0D2AE3D0}] => (Allow) E:\Program Files (x86)\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{6507DC33-117E-4B93-8CC7-881361A87F1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{24AC8878-78F8-4914-A481-D1C24516F15D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C0AD81F7-3AEC-486F-B7E4-B10FDAFB3F3C}] => (Allow) E:\Program Files\StarCraft\StarCraft.exe
FirewallRules: [{70E138F2-8B02-4DB7-885F-651B2AA50D67}] => (Allow) E:\Program Files\StarCraft\StarCraft.exe
FirewallRules: [{3C1B180E-8C17-46B0-A448-3B4B9B557F9F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base5\dosbox.exe
FirewallRules: [{3E93A4A2-1452-426A-8DEE-B4105097498F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base5\dosbox.exe
FirewallRules: [{67585C16-8E73-432D-9AD1-7D51CA08C047}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base4\dosbox.exe
FirewallRules: [{B080FED9-297C-483B-8F30-E74E1C730128}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base4\dosbox.exe
FirewallRules: [{9297C53E-6F62-4CAA-92B0-349BE06D9638}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base3\dosbox.exe
FirewallRules: [{15BB7462-84C8-4DE6-9FD7-C3E0CFEFDAE9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base3\dosbox.exe
FirewallRules: [{2A6BC491-9D45-4AB8-BFD6-25060BB4921B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base2\dosbox.exe
FirewallRules: [{F4F9985A-1AE2-4572-987F-3FB12BAC78B8}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base2\dosbox.exe
FirewallRules: [{FD309353-C922-4D57-A008-F4912BDFC7EA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base1\dosbox.exe
FirewallRules: [{564F9A6F-C0C5-4BCE-9F74-D968D81BF7A9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base1\dosbox.exe
FirewallRules: [{6CD62FD2-D6AF-4DEF-A454-937EB451026D}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EF481B9F-281C-473B-A70C-B701E786432D}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{740A1AB0-1606-40C7-9C88-C480C8E1EA9E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\SierraLauncher.exe
FirewallRules: [{E2500EC5-AA7E-48E0-A302-F80C258E9601}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\SierraLauncher.exe
FirewallRules: [{336B470F-6682-48FC-BD9D-481C1E316206}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\2016_SpaceQuestCollection\SierraLauncher.exe
FirewallRules: [{C883B59D-794F-4FC6-B9D8-40DC0A06F92B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\2016_SpaceQuestCollection\SierraLauncher.exe
FirewallRules: [{D4995F9B-7C5C-4AA3-8C73-274E8EC8A134}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{E52DD69C-1B33-466E-BFAE-67EC1D13BCCD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{D6C761BE-ACF9-49EB-B77B-E6CB052256AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{52346251-236E-4C8B-8AA8-BA179C1D7F40}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C4BEE121-7BAE-47DE-9751-19632BDD1392}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\CatanEdit.exe
FirewallRules: [{79C79B4E-92D3-46EB-A504-5FA470345DE3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\CatanEdit.exe
FirewallRules: [{F25E32FB-C164-4904-A35E-2BB9CD16DB84}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\Catan.exe
FirewallRules: [{E291EBF8-5778-444F-B4C5-BA0B07AC6111}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\Catan.exe
FirewallRules: [{D5B8A10A-BF3D-4FAA-9C46-85049E36E20C}] => (Allow) E:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2476B4B5-E635-49F6-B8CD-992A201B996A}] => (Allow) E:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{02134A10-DCB6-408D-8D9F-8601FD6DDDF9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bio Menace\Bio Menace\Dosbox\dosbox.exe
FirewallRules: [{DECDAF89-D350-4884-BD97-0B9E143C5FA7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bio Menace\Bio Menace\Dosbox\dosbox.exe
FirewallRules: [{2E4B6D9A-D978-4EAA-9EE1-446C80DAF384}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{2EC3BDDB-01A7-40AA-AECA-73420961EBEE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{E78EEB8A-CAB4-4BED-B48C-41465D743BB7}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1D3AECF5-A346-4164-9309-E323F11FC63B}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{82CB6E2A-0691-409A-8A71-DB3623692F07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{02A6BEA3-B3B0-4ECD-8877-D41199325716}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DCAB232E-81E0-4D36-9261-D171BE7BBBD4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3479B8BC-0152-483A-A813-4B7B9469B9BF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BDF9C83C-61EB-4385-BCEC-FAAA9E488483}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6228E417-A1B3-4C7B-9E93-9C0A74ACA4CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{B1397376-26D4-4F54-8191-B6171CD40002}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{F2809A47-2ADB-4B20-9673-C238B75FDCDA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{D764D8C1-83AF-4F8C-9148-E246708CF3A9}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{43FB0E2F-57F1-4DC2-B5E2-5B523D98DA05}] => (Allow) E:\Program Files\Itunes\iTunes.exe
FirewallRules: [{F16C63F6-8FFD-46FF-B174-7BBE3DE2CC46}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe
FirewallRules: [{DD94FE7C-3AA4-46C5-B489-A5EE7E2346B1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe
FirewallRules: [TCP Query User{2B0A5364-60AC-4E6D-B81C-EA65DA484AE8}E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe
FirewallRules: [UDP Query User{4D1A6AE4-D59D-4EF4-9926-8DF228C5A555}E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe
FirewallRules: [TCP Query User{40EDFE11-8506-4C4F-9CC1-4E804DBFE522}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{538306F5-9147-4E70-8591-0E598A4DDC1F}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{D1DC0E4C-FDFE-4F86-A902-FB694535C8E8}E:\program files\battle.net\battle.net.9397\battle.net.exe] => (Allow) E:\program files\battle.net\battle.net.9397\battle.net.exe
FirewallRules: [UDP Query User{109C07AF-361D-4A80-80C6-90756F5A3133}E:\program files\battle.net\battle.net.9397\battle.net.exe] => (Allow) E:\program files\battle.net\battle.net.9397\battle.net.exe
FirewallRules: [{F2487EA2-A169-4555-8C7C-92DF3DD78098}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5527EC93-D4F8-4E5C-81E1-AE17648961C7}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DriverBooster.exe
FirewallRules: [{0629D2CC-E770-4E19-A709-1B3CA8A12E42}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DriverBooster.exe
FirewallRules: [{5DFCD4C0-C7C6-4D03-88E8-B632137146A7}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DBDownloader.exe
FirewallRules: [{A7711AE0-F51D-41DD-8422-3FD415E7131B}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DBDownloader.exe
FirewallRules: [{682775CD-10F9-43C9-BD3C-DDF3B10A579F}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\AutoUpdate.exe
FirewallRules: [{4EFB9968-BC7C-49C3-B2A8-324514A831CE}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\AutoUpdate.exe
FirewallRules: [TCP Query User{B4A43478-50D2-4833-AC8D-D63B189B61D3}E:\program files\starcraft ii\versions\base58400\sc2_x64.exe] => (Allow) E:\program files\starcraft ii\versions\base58400\sc2_x64.exe
FirewallRules: [UDP Query User{FFD861C6-77CF-4603-A221-A3DBF74C849C}E:\program files\starcraft ii\versions\base58400\sc2_x64.exe] => (Allow) E:\program files\starcraft ii\versions\base58400\sc2_x64.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
28-10-2017 14:36:12 Windows Update
28-10-2017 16:13:42 Driver Booster : NVIDIA GeForce GT 730
06-11-2017 18:30:54 Scheduled Checkpoint
09-11-2017 21:27:52 Driver Booster : NVIDIA GeForce GT 730
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/11/2017 06:56:24 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
Error: (11/10/2017 06:05:08 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
Error: (11/09/2017 06:02:22 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 104) (User: )
Description: qmgr.dll (13648) QmgrDatabaseInstance: The database engine stopped the instance (0) with error (-1090).
Internal Timing Sequence:
[1] 0.000002 +J(0)
[2] 0.000010 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[3] 0.000001 +J(0)
[4] 0.000002 +J(0)
[5] 0.0 +J(0)
[6] 0.000347 +J(0) +M(C:0K, Fs:4, WS:-16K # 0K, PF:-32K # 0K, P:-32K)
[7] -
[8] 0.000007 +J(0) +M(C:0K, Fs:5, WS:20K # 0K, PF:0K # 0K, P:0K)
[9] 0.001733 +J(0) +M(C:0K, Fs:5, WS:-16K # 0K, PF:-40K # 0K, P:-40K)
[10] -
[11] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[12] -
[13] 0.000028 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K)
[14] 0.000140 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-8K # 0K, P:-8K)
[15] 0.000005 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-12K # 0K, P:-12K)
[16] 0.000001 +J(0).
Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 471) (User: )
Description: qmgr.dll (13648) QmgrDatabaseInstance: Unable to rollback operation #-75 on database C:\ProgramData\Microsoft\Network\Downloader\qmgr.db. Error: -510. All future database updates will be rejected.
Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 492) (User: )
Description: qmgr.dll (13648) QmgrDatabaseInstance: The logfile sequence in "C:\ProgramData\Microsoft\Network\Downloader" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.
Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 413) (User: )
Description: qmgr.dll (13648) QmgrDatabaseInstance: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 488) (User: )
Description: qmgr.dll (13648) QmgrDatabaseInstance: An attempt to create the file "C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log" failed with system error 80 (0x00000050): "The file exists. ". The create file operation will fail with error -1814 (0xfffff8ea).
Error: (11/08/2017 05:54:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4UM6KOQ)
Description: Activation of application Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/08/2017 06:14:38 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
System errors:
=============
Error: (11/10/2017 11:10:42 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-4UM6KOQ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2017-11-11 07:28:52.872
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:28:52.870
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:28:52.857
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:28:52.855
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:23:11.972
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:23:11.970
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:07:54.846
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:07:54.844
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:07:54.842
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:07:54.840
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 48%
Total physical RAM: 8130.39 MB
Available physical RAM: 4202.59 MB
Total Virtual: 9602.39 MB
Available Virtual: 4743.75 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:441.76 GB) (Free:388.62 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Data) (Fixed) (Total:1863.01 GB) (Free:1656.05 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 7FA9BBEA)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.9 GB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3DF62CC5)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
*************
[B]
aswmbr (when I ticked Trace Disk IO Calls it would always crash my computer with DRIVER_IQRL_NOT_LESS_OR_EQUAL) so I unticked that:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-11-11 07:50:02
-----------------------------
07:50:02.108 OS Version: Windows x64 6.2.9200
07:50:02.108 Number of processors: 8 586 0x3C03
07:50:02.108 ComputerName: DESKTOP-4UM6KOQ UserName: Zuko
07:50:02.326 Initialize success
07:50:02.326 VM: initialized successfully
07:50:02.326 VM: Intel CPU supported virtualized
07:50:03.619 VM: disk I/O iaStorA.sys
07:50:11.460 AVAST engine defs: 17111000
07:50:12.210 The log file has been saved successfully to "E:\Zuko\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-11-11 07:50:02
-----------------------------
07:50:02.108 OS Version: Windows x64 6.2.9200
07:50:02.108 Number of processors: 8 586 0x3C03
07:50:02.108 ComputerName: DESKTOP-4UM6KOQ UserName: Zuko
07:50:02.326 Initialize success
07:50:02.326 VM: initialized successfully
07:50:02.326 VM: Intel CPU supported virtualized
07:50:03.619 VM: disk I/O iaStorA.sys
07:50:11.460 AVAST engine defs: 17111000
07:50:12.210 The log file has been saved successfully to "E:\Zuko\Desktop\aswMBR.txt"
07:50:35.130 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
07:50:35.145 Disk 0 Vendor: SanDisk_SDSSDHII480G X31200RL Size: 457862MB BusType: 11
07:50:35.145 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000029
07:50:35.145 Disk 1 Vendor: WDC_WD20EZRZ-00Z5HB0 80.00A80 Size: 1907729MB BusType: 11
07:50:35.145 Disk 0 MBR read successfully
07:50:35.161 Disk 0 MBR scan
07:50:35.161 Disk 0 Windows 7 default MBR code
07:50:35.161 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 500 MB offset 2048
07:50:35.161 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 452360 MB offset 1026048
07:50:35.177 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 5000 MB offset 927459328
07:50:35.192 Disk 0 scanning C:\WINDOWS\system32\drivers
07:50:37.661 Service scanning
07:50:42.740 Modules scanning
07:50:42.943 AVAST engine scan C:\WINDOWS
07:50:43.240 AVAST engine scan C:\WINDOWS\system32
07:51:25.713 AVAST engine scan C:\WINDOWS\system32\drivers
07:51:29.744 AVAST engine scan C:\Users\Zuko
07:52:04.670 AVAST engine scan C:\ProgramData
07:53:05.113 Disk 0 statistics 5140351/0/0 @ 29.60 MB/s
07:53:05.113 Scan finished successfully
07:53:18.849 Disk 0 MBR has been saved successfully to "E:\Zuko\Desktop\MBR.dat"
07:53:18.849 The log file has been saved successfully to "E:\Zuko\Desktop\aswMBR.txt"
When I run Spybot it picks up HKU\S-1-5-21 and I can't get rid of it. When I do fix selected and re-run Spybot it's still there. Similarly if I go into Regedit and delete it there it comes back.
Spybot Search results:
12968
Can you please advise/assist me in getting rid of it permanently. If you need more information please let me know.
Farbar Recovery Scan Logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by Zuko (administrator) on DESKTOP-4UM6KOQ (11-11-2017 07:28:45)
Running from E:\Zuko\Documents
Loaded Profiles: Zuko & (Available Profiles: Zuko)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(LULU Software) E:\Program Files (x86)\Soda PDF Desktop\creator-ws.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IObit) E:\Program Files (x86)\Advanced SystemCare\Monitor.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Apple Inc.) E:\Program Files\Itunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) E:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5857\Agent.exe
(Blizzard Entertainment) E:\Program Files\Battle.net\Battle.net.9526\Battle.net.exe
() E:\Program Files\Battle.net\Battle.net.9526\Battle.net Helper.exe
() E:\Program Files\Battle.net\Battle.net.9526\Battle.net Helper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(HYBRIDWEB.de ) C:\Program Files (x86)\FLV-Media-Player\FLV-Media-Player.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18384352 2017-11-09] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-14] (AVAST Software)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [1878016 2017-04-19] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124360 2017-04-19] (WinZip Computing, S.L.)
HKLM\...\Run: [iTunesHelper] => E:\Program Files\Itunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-12-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => E:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-25] (cyberlink)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\Zuko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-05-21]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{402a644d-d5d7-400c-8b2b-9b5321fad6b3}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-3673527687-835348104-2445433957-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-3673527687-835348104-2445433957-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arrowcomputers.com.au/
HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arrowcomputers.com.au/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-08] (Microsoft Corporation)
DPF: HKLM-x32 {FD49A633-89F6-451C-9ADD-8160F8E5AA2B} hxxps://www.onesourcelogin.com.au/GFRCheckBrowser.dll
Handler: gopher - No CLSID Value
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll [2017-09-29] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\SysWOW64\urlmon.dll [2017-09-29] (Microsoft Corporation)
Filter: deflate - No CLSID Value
Filter: gzip - No CLSID Value
Filter: lzdhtml - No CLSID Value
FireFox:
========
FF HKLM\...\Firefox\Extensions: [soda_pdf_desktop_conv@sodapdf.com] - E:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv@sodapdf.com.xpi
FF Extension: (Soda PDF Desktop Creator) - E:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv@sodapdf.com.xpi [2017-06-20]
FF HKLM-x32\...\Firefox\Extensions: [soda_pdf_desktop_conv_x86_component@sodapdf.com] - C:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv_x86_component@sodapdf.com.xpi
FF Extension: (Soda PDF Desktop Creator) - C:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv_x86_component@sodapdf.com.xpi [2017-06-20]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default [2017-11-11]
CHR Extension: (Slides) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (YouTube) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-10-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Avast SafePrice) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-28]
CHR Extension: (Sheets) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-14] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-14] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-10-31] (Microsoft Corporation)
S3 CLKMSVC10_F47B619C; E:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-25] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-25] (NVIDIA Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-28] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-25] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-25] (NVIDIA Corporation)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 Soda PDF Desktop; E:\Program Files (x86)\Soda PDF Desktop\ws.exe [2711288 2017-06-20] (LULU Software)
R2 Soda PDF Desktop Creator; E:\Program Files (x86)\Soda PDF Desktop\creator-ws.exe [757504 2017-06-20] (LULU Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-14] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-14] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-14] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-14] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-14] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-14] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-14] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-14] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-14] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-14] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [167592 2017-07-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-14] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-07-02] (ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-04-30] (REALiX(tm))
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-14] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f936d37e592b25aa\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-11-09] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-11-09] (Realtek )
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-11 07:28 - 2017-11-11 07:28 - 000000000 ____D C:\FRST
2017-11-11 07:12 - 2017-11-11 07:12 - 000003030 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Zuko)
2017-11-10 21:13 - 2017-11-10 21:13 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-09 22:36 - 2017-11-09 22:36 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-09 21:37 - 2017-11-09 21:37 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-09 21:37 - 2017-11-09 21:37 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-09 21:32 - 2017-11-09 21:32 - 000466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2017-11-09 21:32 - 2017-11-09 21:32 - 000444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2017-11-09 21:32 - 2017-11-09 21:32 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2017-11-09 21:32 - 2017-11-09 21:32 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2017-11-09 21:32 - 2017-11-09 21:32 - 000000000 ____D C:\Program Files (x86)\OpenAL
2017-11-09 21:31 - 2017-11-09 21:31 - 040237688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 036239480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 035156928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 029270976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 023262280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 019037416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 013864048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 013254520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 011779328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 010882720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 004485048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 004201592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 003817584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 003614328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001989056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438813.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001673848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438813.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001321448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001099712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001038680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001031104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001010648 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2017-11-09 21:31 - 2017-11-09 21:31 - 000981112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000932288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000794392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000739448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000615544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000598464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000505976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-11-09 21:30 - 2017-11-09 21:30 - 015213680 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE3.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 012935679 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-11-09 21:30 - 2017-11-09 21:30 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 006264632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 005839840 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-11-09 21:30 - 2017-11-09 21:30 - 005346992 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003509232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003507688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003299816 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003093328 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 002993720 _____ (Audyssey Labs) C:\WINDOWS\system32\AudysseyEfx.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 002444680 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 002210272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 002190984 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001959600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001616680 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001554600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001347136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001326424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001170872 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001133064 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001016928 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000965024 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000877424 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000873456 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000868176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000866640 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000737960 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000708304 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000680544 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000609392 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000604792 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000526280 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000447712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000445392 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000416504 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000406448 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000378376 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000366120 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000362048 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000360344 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000310416 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000253856 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000231912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000221960 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000209528 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000203840 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000179592 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000158696 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000154352 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000134192 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000118584 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000115120 _____ (Conexant System, Inc.) C:\WINDOWS\system32\Caf64api.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000105304 _____ C:\WINDOWS\system32\audioLibVc.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000090912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000088320 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000084608 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000050808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-11-09 21:30 - 2017-11-09 21:30 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-11-09 21:29 - 2017-11-09 21:30 - 072520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-11-09 21:29 - 2017-11-09 21:29 - 003677152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-11-09 21:29 - 2017-11-09 21:29 - 000205984 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2017-10-28 16:15 - 2017-10-28 16:15 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438792.dll
2017-10-28 16:15 - 2017-10-28 16:15 - 001606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438792.dll
2017-10-28 16:15 - 2017-10-28 16:15 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-10-28 16:15 - 2017-10-28 16:15 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-10-28 16:14 - 2017-10-28 16:14 - 001615472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-10-28 16:14 - 2017-10-28 16:14 - 000225208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-10-28 16:14 - 2017-10-28 16:14 - 000045496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-10-28 15:06 - 2017-11-09 21:33 - 000001102 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
2017-10-28 15:06 - 2017-10-28 15:06 - 000003384 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2017-10-28 15:06 - 2017-10-28 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-10-14 07:34 - 2017-10-14 07:34 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-14 07:34 - 2017-10-14 07:34 - 000001927 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-14 07:34 - 2017-10-14 07:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-14 07:34 - 2017-10-14 07:34 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-14 07:34 - 2017-10-14 07:34 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-14 07:34 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-12 07:20 - 2017-10-12 07:20 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-12 07:20 - 2017-10-12 07:20 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-11 07:27 - 2015-12-24 12:59 - 000000000 ____D C:\Users\Zuko\AppData\Local\Battle.net
2017-11-11 07:10 - 2017-07-12 18:01 - 000000000 ____D C:\Users\Zuko
2017-11-11 06:55 - 2017-07-12 18:04 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{50A2D60F-92DF-48A9-A2E9-2ABBFC67B73D}
2017-11-10 23:10 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-10 23:10 - 2017-07-12 18:00 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-10 21:03 - 2017-07-12 18:10 - 001022802 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-10 20:57 - 2017-07-12 18:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-10 20:57 - 2017-03-18 19:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-11-10 20:10 - 2017-10-11 06:45 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-10 20:10 - 2016-01-15 23:25 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-10 19:18 - 2017-03-19 05:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-10 19:18 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-10 19:04 - 2017-05-14 21:16 - 000000000 ____D C:\Program Files\WinZip Smart Monitor
2017-11-09 22:24 - 2017-03-19 05:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-09 21:37 - 2017-03-19 04:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-09 21:30 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-11-09 21:30 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\system32\DAX3
2017-11-09 21:30 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-11-08 06:36 - 2017-03-19 05:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-08 06:36 - 2015-12-23 11:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-07 06:12 - 2017-04-30 20:26 - 000000000 ____D C:\ProgramData\ProductData
2017-11-04 22:47 - 2015-12-22 14:56 - 000000000 ____D C:\Users\Zuko\AppData\Local\Packages
2017-10-29 16:29 - 2017-06-24 16:41 - 000000000 ____D C:\Users\Zuko\AppData\Roaming\Twitch
2017-10-28 16:31 - 2016-02-14 12:24 - 000000000 ____D C:\Users\Zuko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
2017-10-28 16:16 - 2015-08-18 12:17 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-28 16:15 - 2017-07-12 18:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-10-28 16:15 - 2017-07-12 18:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-10-28 00:36 - 2017-07-12 18:00 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-10-28 00:12 - 2017-07-12 18:00 - 005960824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 002587768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 001766520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 000607168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 000449656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 000123000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-10-25 18:33 - 2017-07-12 18:00 - 007802921 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-10-14 07:34 - 2015-12-29 08:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-12 18:26 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-12 18:08 - 2015-08-18 12:06 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 18:07 - 2017-07-12 18:00 - 000268376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\Provisioning
==================== Files in the root of some directories =======
2017-07-12 18:00 - 2017-07-12 18:00 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-05 21:16
==================== End of FRST.txt ============================
******
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by Zuko (11-11-2017 07:29:09)
Running from E:\Zuko\Documents
Windows 10 Home Version 1703 15063.674 (X64) (2017-07-12 10:07:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3673527687-835348104-2445433957-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3673527687-835348104-2445433957-503 - Limited - Disabled)
Guest (S-1-5-21-3673527687-835348104-2445433957-501 - Limited - Disabled)
Zuko (S-1-5-21-3673527687-835348104-2445433957-1001 - Administrator - Enabled) => C:\Users\Zuko
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.5.0 - IObit)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call To Power 2 (HKLM-x32\...\GOGPACKCTP2_is1) (Version: 2.0.0.13 - GOG.com)
Chessmaster 10th Edition (HKLM-x32\...\{E9AE9A91-AB45-4321-87BD-AD34855D944F}) (Version: 1.00.0000 - Ubisoft) Hidden
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4703 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4715 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3708 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820 - CyberLink Corp.)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.0.3 - IObit)
e-Sword (HKLM-x32\...\{0BF38804-B6AE-4C32-9564-B0C0E7188D62}) (Version: 11.00.0006 - Rick Meyers)
FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de)
GOG.com Call to Power 2 (HKLM\...\{1d565035-1520-439a-9f68-c928cfc4a27a}.sdb) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.8625.2121 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8198 - Realtek Semiconductor Corp.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.0240 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
Soda PDF Desktop (HKLM-x32\...\SodaDesktop) (Version: 9.1.17.32870 - LULU Software)
Soda PDF Desktop Asian Fonts Pack (HKLM\...\{D59C90B6-81D4-4FEA-888C-CA917F795F5A}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Convert Module (HKLM\...\{EB936FE6-F9BA-449C-AE26-3046D0C1BF76}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Create Module (HKLM\...\{23651655-BF45-4104-AED1-059C0128B84B}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Edit Module (HKLM\...\{C08B8535-1D2F-4B20-9093-9B49F0951116}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Forms Module (HKLM\...\{13FEEE9E-1FDD-4384-9DF7-7BA709271B22}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Insert Module (HKLM\...\{7CEA93AB-232B-46DF-9D5B-95124EBA21FC}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop OCR Module (HKLM\...\{84741832-801A-469A-B4B0-E763BB8B97D9}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Review Module (HKLM\...\{6E84487A-3F99-481C-8BC4-4D55573FCA3D}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Secure Module (HKLM\...\{75A428F0-E727-4238-B8D4-71BAFD468882}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop View Module (HKLM\...\{42634740-548D-43E8-B421-21AC081637CE}) (Version: 9.2.7.33937 - LULU Software) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
STAR WARS - Galactic Battlegrounds Saga (HKLM\...\{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb) (Version: - )
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Warcraft III: All Products (HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\Warcraft III) (Version: - )
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )
WinZip 21.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410F}) (Version: 21.5.12480 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3673527687-835348104-2445433957-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => E:\Program Files (x86)\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SodaPDFDesktop_ManagerExt] -> {526A2ADD-BD9B-40E5-9D45-75EF6313FCE4} => E:\Program Files (x86)\Soda PDF Desktop\context-menu.dll [2017-06-20] (LULU Software)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => E:\Program Files (x86)\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => E:\Program Files (x86)\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-28] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0DA032B1-43DD-413A-BCDE-023C08AA8044} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {30839617-F4A1-4BA0-9310-7824E08ED3A7} - System32\Tasks\Driver Booster Scheduler => E:\Program Files (x86)\Driver Booster\5.0.3\Scheduler.exe [2017-10-16] (IObit)
Task: {37155674-6E53-4E66-88CF-3D62DFAF2168} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {3AC0F121-B0FA-4B88-AB3E-68E61A0A1DFC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-14] (AVAST Software)
Task: {45357EBC-3A17-46E4-931D-73DCAE65F0D5} - System32\Tasks\ASC10_PerformanceMonitor => E:\Program Files (x86)\Advanced SystemCare\Monitor.exe [2017-07-24] (IObit)
Task: {4CE54283-114E-4073-BEAB-F02297A407E3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {532EE9AC-C230-4440-866B-2E100F4B2EFF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {5A1E17CA-F975-47E7-B4C6-33619632EFE1} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-04-19] (WinZip)
Task: {91FBB8BA-DCB3-4B7A-B5DD-DCBB90E5E03E} - System32\Tasks\ASC10_SkipUac_Zuko => E:\Program Files (x86)\Advanced SystemCare\ASC.exe [2017-08-07] (IObit)
Task: {94313611-3170-4107-8E94-79A8B0068811} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software)
Task: {968F7109-99E2-4089-B221-656F9A9C84B4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {B0E806C2-9059-4017-94B9-C9EAAE642FA6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {C44A7BC8-19B9-4128-AC1D-6C615844168C} - System32\Tasks\{44E70D50-1EE9-4B55-9064-0E93EC957AD3} => C:\Windows\system32\pcalua.exe -a D:\autoplay.exe -d D:\
Task: {CA72E045-9899-4A52-862C-B79C911875BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {CFB534D6-662F-4371-BC11-6634B628B6AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {D8AF4534-70AE-4448-922F-9E16637B1A3B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {DC713506-1FF5-44BA-BCDD-605AA37A8E30} - System32\Tasks\Driver Booster SkipUAC (Zuko) => E:\Program Files (x86)\Driver Booster\5.0.3\DriverBooster.exe [2017-10-19] (IObit)
Task: {DDDCC9E4-73F4-49D9-A4E1-7C572F8B207B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {E5B24C58-9BA4-4F18-998C-47A188A05D8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {F55F6B87-0D07-4188-BA8C-EC9475BACB02} - System32\Tasks\SafeZone scheduled Autoupdate 1466942979 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-01-13 13:56 - 2017-01-13 13:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-14 07:34 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-07-12 18:00 - 2017-10-28 00:12 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-19 04:58 - 2017-03-19 04:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-19 04:59 - 2017-03-20 11:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-08 06:15 - 2017-11-08 06:18 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-08 06:15 - 2017-11-08 06:18 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-08 06:15 - 2017-11-08 06:18 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-08 06:15 - 2017-11-08 06:18 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\skypert.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () E:\Program Files\Itunes\zlib1.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () E:\Program Files\Itunes\libxml2.dll
2017-10-28 14:23 - 2017-10-28 14:23 - 002354152 _____ () E:\Program Files\Battle.net\Battle.net.9526\Battle.net Helper.exe
2017-09-27 06:12 - 2017-09-21 15:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-27 06:12 - 2017-09-21 15:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2016-03-20 20:50 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-03-20 20:50 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-03-20 20:50 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-03-20 20:50 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-03-20 20:50 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-22 14:25 - 2015-11-25 07:07 - 000012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-08-13 21:15 - 2016-08-18 18:43 - 000442144 _____ () E:\Program Files (x86)\Advanced SystemCare\madExcept_.bpl
2017-08-13 21:15 - 2016-08-18 18:43 - 000210720 _____ () E:\Program Files (x86)\Advanced SystemCare\madBasic_.bpl
2017-08-13 21:15 - 2016-08-18 18:43 - 000059680 _____ () E:\Program Files (x86)\Advanced SystemCare\madDisAsm_.bpl
2017-08-13 21:15 - 2016-11-01 10:11 - 000078624 _____ () E:\Program Files (x86)\Advanced SystemCare\GetProcessDLL.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 067717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2009-11-02 14:20 - 2009-11-02 14:20 - 000619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 14:23 - 2009-11-02 14:23 - 000013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2017-10-28 14:33 - 2017-10-28 14:33 - 055782888 _____ () E:\Program Files\Battle.net\Battle.net.9526\libcef.dll
2017-10-28 14:34 - 2017-10-28 14:34 - 000540336 _____ () E:\Program Files\Battle.net\Battle.net.9526\ortp.dll
2017-10-28 14:33 - 2017-10-28 14:33 - 000133632 _____ () E:\Program Files\Battle.net\Battle.net.9526\libEGL.dll
2017-10-28 14:33 - 2017-10-28 14:33 - 003384832 _____ () E:\Program Files\Battle.net\Battle.net.9526\libGLESv2.dll
2016-03-20 20:50 - 2014-04-25 14:11 - 002972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
2017-11-11 07:20 - 2017-11-11 07:20 - 000135168 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\0.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 000196608 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\1.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 000135168 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\2.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 000974848 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\3.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 002031616 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\4.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 000086016 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\5.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 000253952 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\7.mdd
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 19:04 - 2015-07-10 19:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804555\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804571\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3673527687-835348104-2445433957-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: Razer Game Scanner Service => 3
MSCONFIG\Services: RichVideo => 3
MSCONFIG\Services: WinZip Smart Monitor Service => 2
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0184D916-05D5-4C9E-8486-456460E0D63D}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{F68CA902-76AF-4802-9731-826F377B740E}] => (Allow) E:\Program Files (x86)\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{BB43DE6E-43C0-4755-AACD-155E0D2AE3D0}] => (Allow) E:\Program Files (x86)\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{6507DC33-117E-4B93-8CC7-881361A87F1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{24AC8878-78F8-4914-A481-D1C24516F15D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C0AD81F7-3AEC-486F-B7E4-B10FDAFB3F3C}] => (Allow) E:\Program Files\StarCraft\StarCraft.exe
FirewallRules: [{70E138F2-8B02-4DB7-885F-651B2AA50D67}] => (Allow) E:\Program Files\StarCraft\StarCraft.exe
FirewallRules: [{3C1B180E-8C17-46B0-A448-3B4B9B557F9F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base5\dosbox.exe
FirewallRules: [{3E93A4A2-1452-426A-8DEE-B4105097498F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base5\dosbox.exe
FirewallRules: [{67585C16-8E73-432D-9AD1-7D51CA08C047}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base4\dosbox.exe
FirewallRules: [{B080FED9-297C-483B-8F30-E74E1C730128}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base4\dosbox.exe
FirewallRules: [{9297C53E-6F62-4CAA-92B0-349BE06D9638}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base3\dosbox.exe
FirewallRules: [{15BB7462-84C8-4DE6-9FD7-C3E0CFEFDAE9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base3\dosbox.exe
FirewallRules: [{2A6BC491-9D45-4AB8-BFD6-25060BB4921B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base2\dosbox.exe
FirewallRules: [{F4F9985A-1AE2-4572-987F-3FB12BAC78B8}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base2\dosbox.exe
FirewallRules: [{FD309353-C922-4D57-A008-F4912BDFC7EA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base1\dosbox.exe
FirewallRules: [{564F9A6F-C0C5-4BCE-9F74-D968D81BF7A9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base1\dosbox.exe
FirewallRules: [{6CD62FD2-D6AF-4DEF-A454-937EB451026D}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EF481B9F-281C-473B-A70C-B701E786432D}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{740A1AB0-1606-40C7-9C88-C480C8E1EA9E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\SierraLauncher.exe
FirewallRules: [{E2500EC5-AA7E-48E0-A302-F80C258E9601}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\SierraLauncher.exe
FirewallRules: [{336B470F-6682-48FC-BD9D-481C1E316206}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\2016_SpaceQuestCollection\SierraLauncher.exe
FirewallRules: [{C883B59D-794F-4FC6-B9D8-40DC0A06F92B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\2016_SpaceQuestCollection\SierraLauncher.exe
FirewallRules: [{D4995F9B-7C5C-4AA3-8C73-274E8EC8A134}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{E52DD69C-1B33-466E-BFAE-67EC1D13BCCD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{D6C761BE-ACF9-49EB-B77B-E6CB052256AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{52346251-236E-4C8B-8AA8-BA179C1D7F40}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C4BEE121-7BAE-47DE-9751-19632BDD1392}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\CatanEdit.exe
FirewallRules: [{79C79B4E-92D3-46EB-A504-5FA470345DE3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\CatanEdit.exe
FirewallRules: [{F25E32FB-C164-4904-A35E-2BB9CD16DB84}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\Catan.exe
FirewallRules: [{E291EBF8-5778-444F-B4C5-BA0B07AC6111}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\Catan.exe
FirewallRules: [{D5B8A10A-BF3D-4FAA-9C46-85049E36E20C}] => (Allow) E:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2476B4B5-E635-49F6-B8CD-992A201B996A}] => (Allow) E:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{02134A10-DCB6-408D-8D9F-8601FD6DDDF9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bio Menace\Bio Menace\Dosbox\dosbox.exe
FirewallRules: [{DECDAF89-D350-4884-BD97-0B9E143C5FA7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bio Menace\Bio Menace\Dosbox\dosbox.exe
FirewallRules: [{2E4B6D9A-D978-4EAA-9EE1-446C80DAF384}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{2EC3BDDB-01A7-40AA-AECA-73420961EBEE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{E78EEB8A-CAB4-4BED-B48C-41465D743BB7}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1D3AECF5-A346-4164-9309-E323F11FC63B}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{82CB6E2A-0691-409A-8A71-DB3623692F07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{02A6BEA3-B3B0-4ECD-8877-D41199325716}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DCAB232E-81E0-4D36-9261-D171BE7BBBD4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3479B8BC-0152-483A-A813-4B7B9469B9BF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BDF9C83C-61EB-4385-BCEC-FAAA9E488483}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6228E417-A1B3-4C7B-9E93-9C0A74ACA4CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{B1397376-26D4-4F54-8191-B6171CD40002}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{F2809A47-2ADB-4B20-9673-C238B75FDCDA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{D764D8C1-83AF-4F8C-9148-E246708CF3A9}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{43FB0E2F-57F1-4DC2-B5E2-5B523D98DA05}] => (Allow) E:\Program Files\Itunes\iTunes.exe
FirewallRules: [{F16C63F6-8FFD-46FF-B174-7BBE3DE2CC46}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe
FirewallRules: [{DD94FE7C-3AA4-46C5-B489-A5EE7E2346B1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe
FirewallRules: [TCP Query User{2B0A5364-60AC-4E6D-B81C-EA65DA484AE8}E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe
FirewallRules: [UDP Query User{4D1A6AE4-D59D-4EF4-9926-8DF228C5A555}E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe
FirewallRules: [TCP Query User{40EDFE11-8506-4C4F-9CC1-4E804DBFE522}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{538306F5-9147-4E70-8591-0E598A4DDC1F}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{D1DC0E4C-FDFE-4F86-A902-FB694535C8E8}E:\program files\battle.net\battle.net.9397\battle.net.exe] => (Allow) E:\program files\battle.net\battle.net.9397\battle.net.exe
FirewallRules: [UDP Query User{109C07AF-361D-4A80-80C6-90756F5A3133}E:\program files\battle.net\battle.net.9397\battle.net.exe] => (Allow) E:\program files\battle.net\battle.net.9397\battle.net.exe
FirewallRules: [{F2487EA2-A169-4555-8C7C-92DF3DD78098}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5527EC93-D4F8-4E5C-81E1-AE17648961C7}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DriverBooster.exe
FirewallRules: [{0629D2CC-E770-4E19-A709-1B3CA8A12E42}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DriverBooster.exe
FirewallRules: [{5DFCD4C0-C7C6-4D03-88E8-B632137146A7}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DBDownloader.exe
FirewallRules: [{A7711AE0-F51D-41DD-8422-3FD415E7131B}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DBDownloader.exe
FirewallRules: [{682775CD-10F9-43C9-BD3C-DDF3B10A579F}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\AutoUpdate.exe
FirewallRules: [{4EFB9968-BC7C-49C3-B2A8-324514A831CE}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\AutoUpdate.exe
FirewallRules: [TCP Query User{B4A43478-50D2-4833-AC8D-D63B189B61D3}E:\program files\starcraft ii\versions\base58400\sc2_x64.exe] => (Allow) E:\program files\starcraft ii\versions\base58400\sc2_x64.exe
FirewallRules: [UDP Query User{FFD861C6-77CF-4603-A221-A3DBF74C849C}E:\program files\starcraft ii\versions\base58400\sc2_x64.exe] => (Allow) E:\program files\starcraft ii\versions\base58400\sc2_x64.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
28-10-2017 14:36:12 Windows Update
28-10-2017 16:13:42 Driver Booster : NVIDIA GeForce GT 730
06-11-2017 18:30:54 Scheduled Checkpoint
09-11-2017 21:27:52 Driver Booster : NVIDIA GeForce GT 730
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/11/2017 06:56:24 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
Error: (11/10/2017 06:05:08 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
Error: (11/09/2017 06:02:22 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 104) (User: )
Description: qmgr.dll (13648) QmgrDatabaseInstance: The database engine stopped the instance (0) with error (-1090).
Internal Timing Sequence:
[1] 0.000002 +J(0)
[2] 0.000010 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[3] 0.000001 +J(0)
[4] 0.000002 +J(0)
[5] 0.0 +J(0)
[6] 0.000347 +J(0) +M(C:0K, Fs:4, WS:-16K # 0K, PF:-32K # 0K, P:-32K)
[7] -
[8] 0.000007 +J(0) +M(C:0K, Fs:5, WS:20K # 0K, PF:0K # 0K, P:0K)
[9] 0.001733 +J(0) +M(C:0K, Fs:5, WS:-16K # 0K, PF:-40K # 0K, P:-40K)
[10] -
[11] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[12] -
[13] 0.000028 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K)
[14] 0.000140 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-8K # 0K, P:-8K)
[15] 0.000005 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-12K # 0K, P:-12K)
[16] 0.000001 +J(0).
Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 471) (User: )
Description: qmgr.dll (13648) QmgrDatabaseInstance: Unable to rollback operation #-75 on database C:\ProgramData\Microsoft\Network\Downloader\qmgr.db. Error: -510. All future database updates will be rejected.
Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 492) (User: )
Description: qmgr.dll (13648) QmgrDatabaseInstance: The logfile sequence in "C:\ProgramData\Microsoft\Network\Downloader" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.
Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 413) (User: )
Description: qmgr.dll (13648) QmgrDatabaseInstance: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 488) (User: )
Description: qmgr.dll (13648) QmgrDatabaseInstance: An attempt to create the file "C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log" failed with system error 80 (0x00000050): "The file exists. ". The create file operation will fail with error -1814 (0xfffff8ea).
Error: (11/08/2017 05:54:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4UM6KOQ)
Description: Activation of application Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/08/2017 06:14:38 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
System errors:
=============
Error: (11/10/2017 11:10:42 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-4UM6KOQ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2017-11-11 07:28:52.872
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:28:52.870
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:28:52.857
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:28:52.855
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:23:11.972
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:23:11.970
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:07:54.846
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:07:54.844
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:07:54.842
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-11 07:07:54.840
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 48%
Total physical RAM: 8130.39 MB
Available physical RAM: 4202.59 MB
Total Virtual: 9602.39 MB
Available Virtual: 4743.75 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:441.76 GB) (Free:388.62 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Data) (Fixed) (Total:1863.01 GB) (Free:1656.05 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 7FA9BBEA)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.9 GB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3DF62CC5)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
*************
[B]
aswmbr (when I ticked Trace Disk IO Calls it would always crash my computer with DRIVER_IQRL_NOT_LESS_OR_EQUAL) so I unticked that:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-11-11 07:50:02
-----------------------------
07:50:02.108 OS Version: Windows x64 6.2.9200
07:50:02.108 Number of processors: 8 586 0x3C03
07:50:02.108 ComputerName: DESKTOP-4UM6KOQ UserName: Zuko
07:50:02.326 Initialize success
07:50:02.326 VM: initialized successfully
07:50:02.326 VM: Intel CPU supported virtualized
07:50:03.619 VM: disk I/O iaStorA.sys
07:50:11.460 AVAST engine defs: 17111000
07:50:12.210 The log file has been saved successfully to "E:\Zuko\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-11-11 07:50:02
-----------------------------
07:50:02.108 OS Version: Windows x64 6.2.9200
07:50:02.108 Number of processors: 8 586 0x3C03
07:50:02.108 ComputerName: DESKTOP-4UM6KOQ UserName: Zuko
07:50:02.326 Initialize success
07:50:02.326 VM: initialized successfully
07:50:02.326 VM: Intel CPU supported virtualized
07:50:03.619 VM: disk I/O iaStorA.sys
07:50:11.460 AVAST engine defs: 17111000
07:50:12.210 The log file has been saved successfully to "E:\Zuko\Desktop\aswMBR.txt"
07:50:35.130 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
07:50:35.145 Disk 0 Vendor: SanDisk_SDSSDHII480G X31200RL Size: 457862MB BusType: 11
07:50:35.145 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000029
07:50:35.145 Disk 1 Vendor: WDC_WD20EZRZ-00Z5HB0 80.00A80 Size: 1907729MB BusType: 11
07:50:35.145 Disk 0 MBR read successfully
07:50:35.161 Disk 0 MBR scan
07:50:35.161 Disk 0 Windows 7 default MBR code
07:50:35.161 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 500 MB offset 2048
07:50:35.161 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 452360 MB offset 1026048
07:50:35.177 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 5000 MB offset 927459328
07:50:35.192 Disk 0 scanning C:\WINDOWS\system32\drivers
07:50:37.661 Service scanning
07:50:42.740 Modules scanning
07:50:42.943 AVAST engine scan C:\WINDOWS
07:50:43.240 AVAST engine scan C:\WINDOWS\system32
07:51:25.713 AVAST engine scan C:\WINDOWS\system32\drivers
07:51:29.744 AVAST engine scan C:\Users\Zuko
07:52:04.670 AVAST engine scan C:\ProgramData
07:53:05.113 Disk 0 statistics 5140351/0/0 @ 29.60 MB/s
07:53:05.113 Scan finished successfully
07:53:18.849 Disk 0 MBR has been saved successfully to "E:\Zuko\Desktop\MBR.dat"
07:53:18.849 The log file has been saved successfully to "E:\Zuko\Desktop\aswMBR.txt"