Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Lukasz (administrator) on DESKTOP-BBAM3MO (08-04-2019 17:54:19)
Running from C:\Users\Lukasz\Desktop
Loaded Profiles: Lukasz (Available Profiles: Lukasz)
Platform: Windows 10 Home Version 1803 17134.648 (X64) Language: Español (España, internacional)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Mixbyte Inc -> Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(cFos Software GmbH -> cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe
(Mixbyte Inc -> Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Micro-Star International CO., LTD. -> MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Rivet Networks LLC -> CloudBees, Inc.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_18_12\mcapexe.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\McCSPServiceHost.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9072128 2017-01-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [IAStorIcon] => C:\PROGRAM FILES\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE [320568 2016-09-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Nahimic2UILauncher] => C:\PROGRAM FILES\NAHIMIC\NAHIMIC2\USERINTERFACE\NAHIMIC2UILAUNCHER.EXE [705208 2016-08-30] (A-Volute -> )
HKLM-x32\...\Run: [mFanCtrl] => C:\Program Files\WMIHook\WMIHookBtnFn\mFanCtrl.exe [401968 2017-01-07] (Micro-Star International CO., LTD. -> MICRO-STAR INT'L,.LTD.)
HKLM-x32\...\Run: [MSI Gaming Lan Manager] => C:\MSI\MSI Gaming Lan Manager\MSI_Gaming_Lan_Manager.exe [4440504 2017-01-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3098152612-1641899179-275015866-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group -> ALLPlayer Group Ltd.)
HKU\S-1-5-21-3098152612-1641899179-275015866-1001\...\Run: [Steam] => D:\Steam\steam.exe [3146016 2019-03-06] (Valve -> Valve Corporation)
HKU\S-1-5-21-3098152612-1641899179-275015866-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35181968 2019-04-04] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3098152612-1641899179-275015866-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3098152612-1641899179-275015866-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Lukasz\Documents\DyingLight\out\settings\video.scr [1249 2018-09-10] () [File not signed]
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
HKLM\Software\...\AppCompatFlags\Custom\GOTHIC.EXE: [{5fa21179-8540-43e2-b790-5f59435828c5}.sdb] -> GOG.com Gothic 2
HKLM\Software\...\AppCompatFlags\Custom\Gothic2.exe: [{5fa21179-8540-43e2-b790-5f59435828c5}.sdb] -> GOG.com Gothic 2
HKLM\Software\...\AppCompatFlags\Custom\H3Blade.exe: [{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb] -> HoMM III Compatibility Database
HKLM\Software\...\AppCompatFlags\Custom\Heroes3.exe: [{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb] -> HoMM III Compatibility Database
HKLM\Software\...\AppCompatFlags\Custom\Risen.exe: [{389384c4-37c5-440b-8196-2917b852cac7}.sdb] -> GOG.com Risen
HKLM\Software\...\AppCompatFlags\InstalledSDB\{389384c4-37c5-440b-8196-2917b852cac7}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{389384c4-37c5-440b-8196-2917b852cac7}.sdb [2019-03-23]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{5fa21179-8540-43e2-b790-5f59435828c5}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{5fa21179-8540-43e2-b790-5f59435828c5}.sdb [2018-01-20]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{62a24b39-0106-4990-90ea-3a09e9dda7a6}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb [2019-02-21]
Startup: C:\Users\Lukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-11-10]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Lukasz\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3098152612-1641899179-275015866-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3098152612-1641899179-275015866-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-3098152612-1641899179-275015866-1001 -> DefaultScope {67620EA6-9159-443C-A7A1-B5ACC1AA057A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-02-08] (McAfee, Inc. -> McAfee, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-02-08] (McAfee, Inc. -> McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\mcsniepl64.dll [2019-02-15] (McAfee, Inc. -> McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files (x86)\mcafee\msc\mcsniepl.dll [2019-02-15] (McAfee, Inc. -> McAfee, Inc.)
FireFox:
========
FF DefaultProfile: 6c5s6x1s.default
FF ProfilePath: C:\Users\Lukasz\AppData\Roaming\Mozilla\Firefox\Profiles\6c5s6x1s.default [2019-04-08]
FF Homepage: Mozilla\Firefox\Profiles\6c5s6x1s.default -> google.pl
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @mcafee.com/MSC,version=10 -> c:\program files\mcafee\msc\npmcsnffpl64.dll [2019-02-15] (McAfee, Inc. -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\program files (x86)\mcafee\msc\npmcsnffpl.dll [2019-02-15] (McAfee, Inc. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cpaibbcbodhimfnjnakiidgbpiehfgci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cpaibbcbodhimfnjnakiidgbpiehfgci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [726952 2015-09-29] (cFos Software GmbH -> cFos Software GmbH)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11082312 2019-03-28] (Microsoft Corporation -> Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-03-29] (Mixbyte Inc -> Freemake)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [15744 2019-03-29] (Mixbyte Inc -> Ellora Assets Corp.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [791112 2019-03-16] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2018-12-20] (GOG Sp. z o.o. -> GOG.com)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-27] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 Killer Network Service; C:\WINDOWS\system32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2483888 2018-07-13] (Rivet Networks LLC -> Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899640 2019-02-08] (McAfee, Inc. -> McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_12\McApExe.exe [745880 2019-01-23] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\\McCSPServiceHost.exe [2158952 2018-12-17] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [371840 2019-01-15] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [604216 2019-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [509728 2019-01-15] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1692552 2018-12-19] (McAfee, Inc. -> McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] (Intel Corporation-Wireless Connectivity Solutions -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782320 2019-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782320 2019-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1360384 2019-02-05] (McAfee, Inc. -> McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-09] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 WMI_Hook_Service; C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe [166448 2017-01-07] (Micro-Star International CO., LTD. -> MICRO-STAR INT'L,.LTD.)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120016 2018-12-25] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [72880 2018-07-13] (Rivet Networks LLC -> CloudBees, Inc.)
R2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [72880 2018-07-13] (Rivet Networks LLC -> CloudBees, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77384 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218408 2018-12-24] (McAfee, Inc. -> McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [174600 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 inpoutx64; C:\WINDOWS\System32\Drivers\inpoutx64.sys [15008 2017-01-14] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [150184 2018-07-13] (Rivet Networks LLC -> Rivet Networks, LLC.)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Microsoft Windows -> Qualcomm Atheros, Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-08] (Malwarebytes Corporation -> Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [511024 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [373808 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [86136 2019-01-22] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517168 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [981032 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [563728 2018-11-19] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109072 2018-11-19] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [117800 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254024 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-12] (Microsoft Windows -> Intel Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-02-26] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R2 WtfEngineDrv; C:\WINDOWS\system32\DRIVERS\WtfEngineDrv.sys [27904 2016-02-01] (Initex -> AAA Internet Publishing, Inc.)
S3 mfeavfk04; \Device\mfeavfk04.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-08 17:54 - 2019-04-08 17:54 - 000023839 _____ C:\Users\Lukasz\Desktop\FRST.txt
2019-04-08 17:54 - 2019-04-08 17:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-04-08 17:54 - 2019-04-08 17:54 - 000000000 ____D C:\FRST
2019-04-08 17:53 - 2019-04-08 17:53 - 000000734 _____ C:\Users\Lukasz\Desktop\JRT.txt
2019-04-08 17:51 - 2019-04-08 17:51 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-08 17:50 - 2019-04-08 17:51 - 000000000 ____D C:\AdwCleaner
2019-04-08 17:45 - 2019-04-08 17:45 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-08 17:45 - 2019-04-08 17:45 - 000000000 ____D C:\Users\Lukasz\AppData\Local\mbamtray
2019-04-08 17:45 - 2019-04-08 17:45 - 000000000 ____D C:\Users\Lukasz\AppData\Local\mbam
2019-04-08 17:45 - 2019-04-08 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-08 17:45 - 2019-04-08 17:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-08 17:45 - 2019-04-08 17:45 - 000000000 ____D C:\Program Files\Malwarebytes
2019-04-08 17:45 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-04-08 17:45 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-08 17:44 - 2019-04-08 17:44 - 000159368 _____ C:\Users\Lukasz\Documents\cc_20190408_174428.reg
2019-04-08 17:41 - 2019-04-08 17:42 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-04-08 17:41 - 2019-04-08 17:41 - 000002890 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-04-08 17:41 - 2019-04-08 17:41 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-04-08 17:41 - 2019-04-08 17:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-04-08 17:41 - 2019-04-08 17:41 - 000000000 ____D C:\Program Files\CCleaner
2019-04-08 17:37 - 2019-04-08 17:37 - 002434048 _____ (Farbar) C:\Users\Lukasz\Desktop\FRST64.exe
2019-04-08 17:34 - 2019-04-08 17:34 - 007025360 _____ (Malwarebytes) C:\Users\Lukasz\Desktop\adwcleaner_7.3.exe
2019-04-08 17:34 - 2019-04-08 17:34 - 001790024 _____ (Malwarebytes) C:\Users\Lukasz\Desktop\JRT.exe
2019-04-08 17:31 - 2019-04-08 17:32 - 062632672 _____ (Malwarebytes ) C:\Users\Lukasz\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10037.exe
2019-04-08 17:28 - 2019-04-08 17:29 - 021205512 _____ (Piriform Software Ltd) C:\Users\Lukasz\Desktop\ccsetup555.exe
2019-04-07 06:36 - 2019-04-07 06:36 - 000000000 ___HD C:\$SysReset
2019-04-07 01:03 - 2019-04-07 06:27 - 000000000 ____D C:\Program Files\WinPcap
2019-04-05 21:17 - 2019-04-07 06:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-03-28 00:45 - 2019-03-31 15:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-03-24 02:08 - 2019-03-24 02:08 - 000001105 _____ C:\Users\Public\Desktop\S.T.A.L.K.E.R. Call of Pripyat.lnk
2019-03-24 02:08 - 2019-03-24 02:08 - 000000000 ____D C:\Users\Lukasz\Documents\Stalker-COP
2019-03-24 02:08 - 2019-03-24 02:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.T.A.L.K.E.R. Call of Pripyat [GOG.com]
2019-03-24 01:39 - 2019-03-24 01:39 - 000001124 _____ C:\Users\Public\Desktop\S.T.A.L.K.E.R. Clear Sky.lnk
2019-03-24 01:39 - 2019-03-24 01:39 - 000000000 ____D C:\Users\Lukasz\Documents\Stalker-STCS
2019-03-24 01:39 - 2019-03-24 01:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.T.A.L.K.E.R. Clear Sky [GOG.com]
2019-03-24 01:12 - 2019-03-24 01:12 - 000001196 _____ C:\Users\Public\Desktop\S.T.A.L.K.E.R. Shadow of Chernobyl.lnk
2019-03-24 01:12 - 2019-03-24 01:12 - 000000000 ____D C:\Users\Lukasz\Documents\Stalker-SHOC
2019-03-24 01:12 - 2019-03-24 01:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.T.A.L.K.E.R. Shadow of Chernobyl [GOG.com]
2019-03-24 00:38 - 2019-03-24 00:38 - 000001132 _____ C:\Users\Public\Desktop\Risen 3 - Titan Lords.lnk
2019-03-24 00:38 - 2019-03-24 00:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Risen 3 - Titan Lords Enhanced Edition [GOG.com]
2019-03-23 18:58 - 2019-03-23 18:58 - 000001419 _____ C:\Users\Public\Desktop\Risen 2 - Dark Waters.lnk
2019-03-23 18:58 - 2019-03-23 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Risen 2 - Dark Waters [GOG.com]
2019-03-23 18:15 - 2019-03-23 18:15 - 000001355 _____ C:\Users\Public\Desktop\Risen.lnk
2019-03-23 18:15 - 2019-03-23 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Risen [GOG.com]
2019-03-23 18:15 - 2019-03-23 18:15 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2019-03-23 18:04 - 2019-03-23 18:04 - 000001371 _____ C:\Users\Public\Desktop\Frostpunk.lnk
2019-03-23 18:04 - 2019-03-23 18:04 - 000000000 ____D C:\Users\Lukasz\AppData\Roaming\11bitstudios
2019-03-23 18:04 - 2019-03-23 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frostpunk [GOG.com]
2019-03-13 02:05 - 2019-03-06 10:03 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-13 02:05 - 2019-03-06 09:44 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-13 02:05 - 2019-03-06 09:36 - 022716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-13 02:05 - 2019-03-06 09:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-13 02:05 - 2019-03-06 07:14 - 006568528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-13 02:05 - 2019-03-06 06:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-13 02:05 - 2019-02-16 11:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-13 02:04 - 2019-03-06 16:39 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-13 02:04 - 2019-03-06 16:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-13 02:04 - 2019-03-06 16:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-13 02:04 - 2019-03-06 16:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-03-13 02:04 - 2019-03-06 16:19 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-13 02:04 - 2019-03-06 16:17 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-13 02:04 - 2019-03-06 16:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-13 02:04 - 2019-03-06 16:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-13 02:04 - 2019-03-06 16:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-13 02:04 - 2019-03-06 16:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-13 02:04 - 2019-03-06 16:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-13 02:04 - 2019-03-06 16:13 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-13 02:04 - 2019-03-06 16:13 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-13 02:04 - 2019-03-06 16:13 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-13 02:04 - 2019-03-06 16:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-13 02:04 - 2019-03-06 16:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-13 02:04 - 2019-03-06 13:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-13 02:04 - 2019-03-06 13:18 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-13 02:04 - 2019-03-06 13:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-13 02:04 - 2019-03-06 13:09 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-13 02:04 - 2019-03-06 13:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-13 02:04 - 2019-03-06 13:05 - 004054016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-13 02:04 - 2019-03-06 13:05 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-13 02:04 - 2019-03-06 13:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-13 02:04 - 2019-03-06 13:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-13 02:04 - 2019-03-06 12:59 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-13 02:04 - 2019-03-06 10:29 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-13 02:04 - 2019-03-06 10:16 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys