Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website blocked due to Trojan - Malwarebytes pop-up every 2 seconds


  • This topic is locked This topic is locked
30 replies to this topic

#1 SinWolf

SinWolf

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 08 October 2018 - 01:41 PM

Good day Gents,

 

Usually, I can help myself with a couple of google searches... But I'm now clueless and don't know what to do... This Malwarebytes - Website blocked due to Trojan pop up that pops up every 2 seconds is driving me MAD !!

 

Herewith my scans as per posting rules...

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.10.2018
Ran by SinWolf (administrator) on DESKTOP-Q6LLMJD (08-10-2018 20:34:50)
Running from C:\Users\SinWolf\Desktop
Loaded Profiles: SinWolf (Available Profiles: SinWolf & .NET v4.5 & .NET v4.5 Classic)
Platform: Windows 10 Pro Version 1803 17134.285 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64_kbl_kit127397.inf_amd64_e1da8ee9e92ccadb\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Conexant Systems, Inc) C:\Windows\CxSvc\CxAudioSvc.exe
(Crossmatch, Inc.) C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64_kbl_kit127397.inf_amd64_e1da8ee9e92ccadb\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Conexant Systems, Inc.) C:\Windows\CxSvc\CxUtilSvc.exe
() C:\Windows\System32\fpCSEvtSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64_kbl_kit127397.inf_amd64_e1da8ee9e92ccadb\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Crossmatch, Inc.) C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Conexant) C:\Windows\System32\MicTray64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64_kbl_kit127397.inf_amd64_e1da8ee9e92ccadb\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Conexant Systems, Inc) C:\Program Files\Conexant\Flow\Flow.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\HP-NB-AIO\SmartAudio3.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(The CefSharp Authors) C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(LiveQoS Incorporated) C:\Program Files\HP\HP Velocity\systray.exe
(HP) C:\Program Files (x86)\HP\HP Notifications\HPNotifications.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(Autodesk Inc.) C:\Users\SinWolf\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
() C:\Windows\lsasc.exe
() C:\Windows\lsasc.exe
() C:\Windows\mcmdl-1.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP) C:\Program Files (x86)\HP\HP MAC Address Manager\hpMAMSrv.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1808.2461.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2018-01-22] (Intel Corporation)
HKLM-x32\...\Run: [HPNotifications] => C:\Program Files (x86)\HP\HP Notifications\HPNotifications.exe [1523008 2017-06-29] (HP)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324600 2017-04-25] (HP)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [Google Update Manager] => C:\Windows\lsasc.exe [1016320 2018-10-05] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2110990834-71020888-2906096871-1002\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30736888 2018-08-13] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2110990834-71020888-2906096871-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [731240 2018-08-27] (Disc Soft Ltd)
HKU\S-1-5-21-2110990834-71020888-2906096871-1002\...\Policies\Explorer: [] 
Lsa: [Notification Packages] HPPwdFilter DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Velocity.lnk [2018-07-31]
ShortcutTarget: HP Velocity.lnk -> C:\Program Files\HP\HP Velocity\systray.exe (LiveQoS Incorporated)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{b8e200f2-bb43-4b72-b8f9-b4c6418a1891}: [NameServer] 172.98.193.42,192.99.85.244
Tcpip\..\Interfaces\{b8e200f2-bb43-4b72-b8f9-b4c6418a1891}: [DhcpNameServer] 192.168.8.1 192.168.8.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2110990834-71020888-2906096871-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2110990834-71020888-2906096871-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2110990834-71020888-2906096871-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2110990834-71020888-2906096871-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-10-05] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-09-11] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\HP\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-09-11] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\SinWolf\AppData\Local\Google\Chrome\User Data\Default [2018-10-08]
CHR Extension: (Docs) - C:\Users\SinWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-07]
CHR Extension: (Google Drive) - C:\Users\SinWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-07]
CHR Extension: (YouTube) - C:\Users\SinWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-07]
CHR Extension: (Gmail) - C:\Users\SinWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
S3 brlapi; C:\WINDOWS\brltty\bin\brltty.exe [839694 2018-09-03] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation)
R2 CxAudioSvc; C:\WINDOWS\CxSvc\CxAudioSvc.exe [41552 2017-12-18] (Conexant Systems, Inc)
R2 CxUtilSvc; C:\WINDOWS\CxSvc\CxUtilSvc.exe [149104 2017-11-15] (Conexant Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3730024 2018-08-27] (Disc Soft Ltd)
R2 DpHost; c:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpHostW.exe [529088 2017-11-08] (Crossmatch, Inc.)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-09] (Intel Corporation)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [589208 2017-09-20] (Hewlett-Packard Company)
R2 fpCsEvtSvc; C:\WINDOWS\system32\fpCSEvtSvc.exe [22528 2017-08-11] ()
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [38328 2018-06-11] ()
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1327400 2017-09-05] (HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc.)
R2 HPMAMSrv; C:\Program Files (x86)\HP\HP MAC Address Manager\hpMAMSrv.exe [540192 2018-01-23] (HP)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077568 2017-04-10] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
S3 HPWorkWise; C:\Program Files (x86)\HP\HP WorkWise\HPWorkWiseService.exe [571424 2017-11-02] (HP)
S3 iaStorAfsService; C:\windows\IAStorAfsService\iaStorAfsService.exe [2403880 2018-01-24] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2018-01-22] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-16] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-16] (Intel® Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelAudioService.exe [205360 2017-12-19] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265864 2018-03-19] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-09-03] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-09-03] ()
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [286208 2018-08-09] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [271448 2018-01-13] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [82944 2017-08-11] (Synaptics Incorporated)
S4 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-02] (Microsoft Corporation)
S4 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848328 2018-03-19] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 RPC Endpoint Monitor Utility; C:\Windows\Temp\sdhost.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [53760 2017-12-18] (HP)
R3 CnxtHdAudService; C:\WINDOWS\system32\drivers\CHDRT64ISST.sys [2066904 2018-01-04] (Conexant Systems Inc.)
S3 DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv64.sys [74768 2017-09-20] (Hewlett-Packard Enterpise Company)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74144 2017-11-09] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69536 2017-11-09] (Intel Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-09-01] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-09-01] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [382880 2017-11-09] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [39936 2017-12-18] (HP)
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98968 2017-11-14] (Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [69600 2018-01-20] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [199192 2018-05-11] (Intel Corporation)
R1 IPeakLWF; C:\WINDOWS\system32\DRIVERS\ipeaklwf.sys [525144 2017-06-14] (LiveQoS Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [200232 2018-10-08] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [118584 2018-10-08] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [58400 2018-10-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260384 2018-10-08] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [110424 2018-10-08] (Malwarebytes)
R3 Netwtw06; C:\WINDOWS\system32\DRIVERS\Netwtw06.sys [8751600 2018-04-10] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvbl.inf_amd64_f735a43b399c9169\nvlddmkm.sys [17036560 2018-01-05] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-19] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [783808 2017-07-12] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-07-12] (Realsil Semiconductor Corporation)
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [737192 2017-11-12] (Sunplus Innovation Technology Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [58456 2018-01-13] (Synaptics Incorporated)
S4 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-08-02] (Microsoft Corporation)
S4 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-08-02] (Microsoft Corporation)
S4 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-02] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30392 2017-04-25] (HP)
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-08 20:34 - 2018-10-08 20:35 - 000024459 _____ C:\Users\SinWolf\Desktop\FRST.txt
2018-10-08 20:34 - 2018-10-08 20:34 - 000000000 ____D C:\FRST
2018-10-08 20:32 - 2018-10-08 20:32 - 002414592 _____ (Farbar) C:\Users\SinWolf\Desktop\FRST64.exe
2018-10-08 19:14 - 2018-10-08 20:21 - 000110424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-10-08 19:14 - 2018-10-08 19:14 - 000260384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-10-08 19:14 - 2018-10-08 19:14 - 000118584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-10-08 19:14 - 2018-10-08 19:14 - 000058400 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-10-08 19:09 - 2018-10-08 19:09 - 000000000 ____D C:\Users\SinWolf\AppData\LocalLow\Temp
2018-10-08 19:08 - 2018-10-08 19:08 - 000000000 ____D C:\Users\SinWolf\AppData\Roaming\Macromedia
2018-10-08 18:57 - 2018-10-08 18:58 - 000000000 ____D C:\AdwCleaner
2018-10-08 18:56 - 2018-10-08 18:56 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-10-08 18:55 - 2018-10-08 18:55 - 000000000 ____D C:\WINDOWS\pss
2018-10-08 18:49 - 2018-10-08 18:49 - 007592144 _____ (Malwarebytes) C:\Users\SinWolf\Desktop\adwcleaner_7.2.4.0.exe
2018-10-08 18:42 - 2018-10-08 18:42 - 000000000 ____D C:\Users\SinWolf\AppData\Roaming\Google
2018-10-08 18:13 - 2018-10-08 18:56 - 000200232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-10-08 18:13 - 2018-10-08 18:13 - 000000000 ____D C:\Users\SinWolf\AppData\Local\mbam
2018-10-08 18:12 - 2018-10-08 18:12 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-08 18:12 - 2018-10-08 18:12 - 000000000 ____D C:\Users\SinWolf\AppData\Local\mbamtray
2018-10-08 18:12 - 2018-10-08 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-08 18:12 - 2018-10-08 18:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-08 18:12 - 2018-10-08 18:12 - 000000000 ____D C:\Program Files\Malwarebytes
2018-10-08 18:12 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-10-08 18:10 - 2018-10-08 18:10 - 003819287 _____ C:\Users\SinWolf\Desktop\Price-List-01-October-2017-Rev-1.pdf
2018-10-08 18:09 - 2018-10-08 18:09 - 000000205 _____ C:\Users\SinWolf\Desktop\Your Virus & threat protection is managed by your organization - Microsoft Community.url
2018-10-08 18:07 - 2018-10-08 18:12 - 081176816 _____ (Malwarebytes ) C:\Users\SinWolf\Desktop\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.7197.exe
2018-10-08 18:07 - 2018-10-08 18:07 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2018-10-08 17:57 - 2018-10-08 17:57 - 005411268 _____ C:\Users\SinWolf\Desktop\Roadque-Updated-Catalogue.pdf
2018-10-08 16:13 - 2018-10-08 16:13 - 009394507 _____ C:\Users\SinWolf\Desktop\LG GR-J268LSJV.pdf
2018-10-05 12:20 - 2018-10-05 12:20 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2018-10-05 12:20 - 2018-10-05 12:20 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2018-10-05 12:20 - 2018-10-05 12:20 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2018-10-05 12:20 - 2018-10-05 12:20 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2018-10-05 12:20 - 2018-10-05 12:20 - 000002420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2018-10-05 12:20 - 2018-10-05 12:20 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2018-10-05 12:20 - 2018-10-05 12:20 - 000002408 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2018-10-05 12:20 - 2018-10-05 12:20 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-10-05 12:20 - 2018-10-05 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-10-05 12:20 - 2018-10-05 12:20 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-10-01 00:41 - 2018-10-05 21:26 - 001016320 _____ C:\WINDOWS\lsasc.exe
2018-09-29 06:35 - 2018-09-29 06:35 - 000000000 _____ C:\Users\SinWolf\Desktop\New Text Document.txt
2018-09-28 10:57 - 2018-10-05 12:49 - 003761152 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\curl.exe
2018-09-28 10:57 - 2018-10-05 12:49 - 000213947 _____ C:\WINDOWS\curl-ca-bundle.crt
2018-09-28 10:57 - 2018-10-05 12:49 - 000088576 _____ C:\WINDOWS\cmdow.exe
2018-09-28 10:57 - 2018-10-05 12:49 - 000044544 _____ (NirSoft) C:\WINDOWS\nircmd.exe
2018-09-27 14:53 - 2018-10-05 21:26 - 001016320 _____ C:\WINDOWS\mcmdl-1.exe
2018-09-25 18:18 - 2018-09-26 20:25 - 000054598 _____ C:\Users\SinWolf\Desktop\Pushplate.dwg
2018-09-25 18:18 - 2018-09-26 15:05 - 000052155 _____ C:\Users\SinWolf\Desktop\Pushplate.bak
2018-09-25 16:31 - 2018-09-05 00:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-09-20 19:00 - 2018-09-28 17:04 - 000003122 _____ C:\WINDOWS\System32\Tasks\Vuze Start
2018-09-20 11:35 - 2018-09-20 11:35 - 000000000 ____D C:\Users\SinWolf\AppData\Local\NVIDIA Corporation
2018-09-20 11:22 - 2018-09-20 11:22 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 11:22 - 2018-09-20 11:22 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 11:22 - 2018-09-20 11:22 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 11:22 - 2018-09-20 11:22 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 11:22 - 2018-09-20 11:22 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-09-20 11:21 - 2017-12-19 15:44 - 040237640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 036349000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 035158000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 029381104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 023270704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 019043096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 013870728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 013252776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 011784680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 010881696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 004201872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 003817400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 003616288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 001321448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 001101112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 001038496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 001032688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 000983072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 000933360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 000885496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 000794392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-09-20 11:21 - 2017-12-19 15:44 - 000506864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-09-20 11:20 - 2018-09-20 11:20 - 000000000 ____D C:\Users\SinWolf\AppData\Roaming\DRPNano
2018-09-20 11:19 - 2017-12-19 05:22 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-09-20 11:19 - 2017-12-19 04:43 - 005964872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-09-20 11:19 - 2017-12-19 04:43 - 002589168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-09-20 11:19 - 2017-12-19 04:43 - 001767224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-09-20 11:19 - 2017-12-19 04:43 - 000609312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-09-20 11:19 - 2017-12-19 04:43 - 000450360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-09-20 11:19 - 2017-12-19 04:43 - 000122768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-09-20 11:19 - 2017-12-19 04:43 - 000081808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-09-20 11:19 - 2017-12-14 11:59 - 007917671 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-09-20 11:18 - 2018-09-20 11:18 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-09-20 10:45 - 2018-09-20 11:11 - 406489552 _____ (HP Development Company ) C:\Users\SinWolf\Desktop\sp84723.exe
2018-09-20 10:35 - 2018-09-20 10:35 - 000000000 ____D C:\Users\SinWolf\ansel
2018-09-20 10:34 - 2018-09-30 08:41 - 000000000 ____D C:\Users\SinWolf\AppData\Local\CrashDumps
2018-09-20 10:32 - 2018-03-02 04:04 - 000828216 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-09-20 10:32 - 2018-03-02 04:03 - 000960312 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-09-20 10:32 - 2018-03-02 04:03 - 000683832 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-09-20 10:32 - 2018-03-02 04:03 - 000575800 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-09-20 10:09 - 2018-06-08 03:59 - 000069544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-09-20 09:50 - 2018-09-20 09:50 - 000000000 ____D C:\ProgramData\FLEXnet
2018-09-20 09:46 - 2018-09-20 09:46 - 000000000 ____D C:\Users\SinWolf\Documents\Autodesk Application Manager
2018-09-20 09:46 - 2018-09-20 09:46 - 000000000 ____D C:\Program Files (x86)\Autodesk
2018-09-20 09:45 - 2018-09-25 18:39 - 000000000 ____D C:\Users\SinWolf\AppData\Local\Autodesk
2018-09-20 09:45 - 2018-09-20 09:45 - 000002178 _____ C:\Users\Public\Desktop\AutoCAD 2016 - English.lnk
2018-09-20 09:45 - 2018-09-20 09:45 - 000000000 ____D C:\Users\SinWolf\Documents\Inventor Server SDK ACAD 2016
2018-09-20 09:45 - 2018-09-20 09:45 - 000000000 ____D C:\Users\Public\Documents\Autodesk
2018-09-20 09:45 - 2018-09-20 09:45 - 000000000 ____D C:\Program Files\Common Files\Macrovision Shared
2018-09-20 09:42 - 2018-09-20 09:46 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2018-09-20 09:42 - 2018-09-20 09:43 - 000000000 ____D C:\Program Files\Autodesk
2018-09-20 09:41 - 2018-09-20 09:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2018-09-20 09:39 - 2018-09-20 09:57 - 000000000 ____D C:\Users\SinWolf\AppData\Roaming\Autodesk
2018-09-20 09:39 - 2018-09-20 09:57 - 000000000 ____D C:\ProgramData\Autodesk
2018-09-20 09:23 - 2018-09-20 09:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-09-20 09:23 - 2018-09-20 09:23 - 000000000 ____D C:\Program Files\7-Zip
2018-09-20 08:02 - 2018-09-20 08:02 - 000000000 ____D C:\PBackup
2018-09-18 21:06 - 2018-10-05 12:20 - 000002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-09-18 20:30 - 2018-09-18 20:30 - 000011776 _____ C:\Users\SinWolf\Desktop\Book1.xlsx
2018-09-18 19:05 - 2018-09-18 19:12 - 000000000 ____D C:\Users\SinWolf\Desktop\Electroplating
2018-09-16 20:54 - 2018-10-08 18:33 - 000000000 __SHD C:\Users\SinWolf\AppData\Roaming\{NLRG4DSJ-5BXZ-5Z71-VT44-VI5XQIMGZYSZ}
2018-09-16 20:54 - 2018-10-08 18:33 - 000000000 __SHD C:\Users\SinWolf\{F9GMMWJP-N5IN-Y6ZZ-621S-7Q2T5IP9AB57}
2018-09-16 20:54 - 2018-09-16 20:54 - 000000158 ___SH C:\Users\SinWolf\17134.1.amd64fre.rs4_release.180410-1804_x64A.dll
2018-09-16 20:54 - 2018-09-16 20:54 - 000000142 ___SH C:\ProgramData\17134.1.x86fre.rs4_release.180410-1804_x86A.dll
2018-09-14 17:16 - 2018-09-14 17:16 - 000000000 ____D C:\ProgramData\Brother
2018-09-13 17:00 - 2018-10-01 02:37 - 000000000 ____D C:\WINDOWS\Minidump
2018-09-13 12:43 - 2018-09-13 12:43 - 000000020 ___SH C:\Users\.NET v4.5\ntuser.ini
2018-09-13 12:43 - 2018-09-13 12:43 - 000000020 ___SH C:\Users\.NET v4.5 Classic\ntuser.ini
2018-09-13 12:43 - 2018-09-13 12:43 - 000000000 ____D C:\Users\.NET v4.5 Classic
2018-09-13 12:43 - 2018-09-13 12:43 - 000000000 ____D C:\Users\.NET v4.5
2018-09-13 12:43 - 2018-07-31 18:16 - 000000000 ___HD C:\Users\.NET v4.5\Documents\hp.system.package.metadata
2018-09-13 12:43 - 2018-07-31 18:16 - 000000000 ___HD C:\Users\.NET v4.5\Documents\hp.applications.package.appdata
2018-09-13 12:43 - 2018-07-31 18:16 - 000000000 ___HD C:\Users\.NET v4.5 Classic\Documents\hp.system.package.metadata
2018-09-13 12:43 - 2018-07-31 18:16 - 000000000 ___HD C:\Users\.NET v4.5 Classic\Documents\hp.applications.package.appdata
2018-09-13 12:43 - 2018-04-12 01:34 - 000001105 _____ C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-13 12:43 - 2018-04-12 01:34 - 000001105 _____ C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-13 12:41 - 2018-09-13 12:41 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2018-09-13 12:41 - 2018-09-13 12:41 - 000000000 ____D C:\WINDOWS\system32\msmq
2018-09-13 12:41 - 2018-09-13 12:41 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2018-09-13 00:55 - 2018-09-13 00:55 - 000000000 ____D C:\ProgramData\PeEYNJswfz
2018-09-12 20:34 - 2018-08-31 09:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-09-12 20:34 - 2018-08-31 09:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-09-12 20:34 - 2018-08-31 09:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-09-12 20:34 - 2018-08-31 09:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-09-12 20:34 - 2018-08-31 09:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-09-12 20:34 - 2018-08-31 09:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2018-09-12 20:34 - 2018-08-31 09:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-09-12 20:34 - 2018-08-31 09:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2018-09-12 20:34 - 2018-08-31 09:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-09-12 20:34 - 2018-08-31 09:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-09-12 20:34 - 2018-08-31 09:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-09-12 20:34 - 2018-08-31 09:24 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-09-12 20:34 - 2018-08-31 09:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-09-12 20:34 - 2018-08-31 09:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-09-12 20:34 - 2018-08-31 09:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-09-12 20:34 - 2018-08-31 09:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-09-12 20:34 - 2018-08-31 08:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-09-12 20:34 - 2018-08-31 08:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-09-12 20:34 - 2018-08-31 08:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-09-12 20:34 - 2018-08-31 08:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2018-09-12 20:34 - 2018-08-31 08:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2018-09-12 20:34 - 2018-08-31 08:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-09-12 20:34 - 2018-08-31 08:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-09-12 20:34 - 2018-08-31 08:37 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-09-12 20:34 - 2018-08-31 08:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-09-12 20:34 - 2018-08-31 05:50 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-09-12 20:34 - 2018-08-31 05:50 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-09-12 20:34 - 2018-08-31 05:44 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-09-12 20:34 - 2018-08-31 05:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-09-12 20:34 - 2018-08-31 05:44 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-09-12 20:34 - 2018-08-31 05:44 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-09-12 20:34 - 2018-08-31 05:44 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-09-12 20:34 - 2018-08-31 05:44 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-09-12 20:34 - 2018-08-31 05:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-09-12 20:34 - 2018-08-31 05:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-09-12 20:34 - 2018-08-31 05:42 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-09-12 20:34 - 2018-08-31 05:42 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-09-12 20:34 - 2018-08-31 05:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-09-12 20:34 - 2018-08-31 05:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-09-12 20:34 - 2018-08-31 05:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-09-12 20:34 - 2018-08-31 05:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-09-12 20:34 - 2018-08-31 05:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-09-12 20:34 - 2018-08-31 05:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-09-12 20:34 - 2018-08-31 05:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-09-12 20:34 - 2018-08-31 05:42 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-09-12 20:34 - 2018-08-31 05:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-09-12 20:34 - 2018-08-31 05:42 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-09-12 20:34 - 2018-08-31 05:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2018-09-12 20:34 - 2018-08-31 05:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-09-12 20:34 - 2018-08-31 05:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-09-12 20:34 - 2018-08-31 05:42 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-09-12 20:34 - 2018-08-31 05:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-09-12 20:34 - 2018-08-31 05:28 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-12 20:34 - 2018-08-31 05:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-09-12 20:34 - 2018-08-31 05:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-09-12 20:34 - 2018-08-31 05:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-09-12 20:34 - 2018-08-31 05:28 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-09-12 20:34 - 2018-08-31 05:28 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-09-12 20:34 - 2018-08-31 05:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2018-09-12 20:34 - 2018-08-31 05:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-09-12 20:34 - 2018-08-31 05:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-09-12 20:34 - 2018-08-31 05:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-09-12 20:34 - 2018-08-31 05:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-09-12 20:34 - 2018-08-31 05:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-09-12 20:34 - 2018-08-31 05:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-09-12 20:34 - 2018-08-31 05:17 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2018-09-12 20:34 - 2018-08-31 05:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
2018-09-12 20:34 - 2018-08-31 05:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-09-12 20:34 - 2018-08-31 05:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-09-12 20:34 - 2018-08-31 05:16 - 005746688 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2018-09-12 20:34 - 2018-08-31 05:16 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-09-12 20:34 - 2018-08-31 05:15 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-09-12 20:34 - 2018-08-31 05:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-09-12 20:34 - 2018-08-31 05:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-09-12 20:34 - 2018-08-31 05:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-09-12 20:34 - 2018-08-31 05:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-09-12 20:34 - 2018-08-31 05:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-09-12 20:34 - 2018-08-31 05:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-09-12 20:34 - 2018-08-31 05:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-09-12 20:34 - 2018-08-31 05:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-09-12 20:34 - 2018-08-31 05:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-09-12 20:34 - 2018-08-31 05:14 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-09-12 20:34 - 2018-08-31 05:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-09-12 20:34 - 2018-08-31 05:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-09-12 20:34 - 2018-08-31 05:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-09-12 20:34 - 2018-08-31 05:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-09-12 20:34 - 2018-08-31 05:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
2018-09-12 20:34 - 2018-08-31 05:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-09-12 20:34 - 2018-08-31 05:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-09-12 20:34 - 2018-08-31 05:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-09-12 20:34 - 2018-08-31 05:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-09-12 20:34 - 2018-08-31 05:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-09-12 20:34 - 2018-08-31 05:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-09-12 20:34 - 2018-08-31 05:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-09-12 20:34 - 2018-08-31 05:10 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-09-12 20:34 - 2018-08-31 05:10 - 004529664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2018-09-12 20:34 - 2018-08-31 05:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-09-12 20:34 - 2018-08-31 05:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-09-12 20:34 - 2018-08-31 05:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-09-12 20:34 - 2018-08-31 05:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-09-12 20:34 - 2018-08-31 05:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-09-12 20:34 - 2018-08-31 05:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-09-12 20:34 - 2018-08-31 05:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-12 20:34 - 2018-08-31 05:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-09-12 20:34 - 2018-08-31 05:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-09-12 20:34 - 2018-08-31 05:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-09-12 20:34 - 2018-08-31 05:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-09-12 20:34 - 2018-08-31 05:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-09-12 20:34 - 2018-08-31 05:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-09-12 20:34 - 2018-08-31 05:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-09-12 20:34 - 2018-08-31 05:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-09-12 20:34 - 2018-08-31 03:57 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2018-09-12 20:34 - 2018-08-28 09:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-09-12 20:34 - 2018-08-28 08:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-09-12 20:34 - 2018-08-28 08:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-09-12 20:34 - 2018-08-28 08:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-09-12 20:34 - 2018-08-28 08:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2018-09-12 20:34 - 2018-08-28 07:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-12 20:34 - 2018-08-14 04:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2018-09-12 20:34 - 2018-08-14 04:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-09-12 20:34 - 2018-08-09 11:37 - 002267944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-09-12 20:34 - 2018-08-09 11:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-09-12 20:34 - 2018-08-09 11:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-09-12 20:34 - 2018-08-09 11:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-09-12 20:34 - 2018-08-09 11:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-09-12 20:34 - 2018-08-09 11:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-09-12 20:34 - 2018-08-09 11:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-09-12 20:34 - 2018-08-09 11:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-09-12 20:34 - 2018-08-09 11:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-09-12 20:34 - 2018-08-09 11:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2018-09-12 20:34 - 2018-08-09 11:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2018-09-12 20:34 - 2018-08-09 11:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2018-09-12 20:34 - 2018-08-09 11:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-09-12 20:34 - 2018-08-09 11:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2018-09-12 20:34 - 2018-08-09 11:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-09-12 20:34 - 2018-08-09 11:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-09-12 20:34 - 2018-08-09 11:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-09-12 20:34 - 2018-08-09 11:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-09-12 20:34 - 2018-08-09 11:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-09-12 20:34 - 2018-08-09 11:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-09-12 20:34 - 2018-08-09 11:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-09-12 20:34 - 2018-08-09 11:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-09-12 20:34 - 2018-08-09 11:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-09-12 20:34 - 2018-08-09 11:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-09-12 20:34 - 2018-08-09 11:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-09-12 20:34 - 2018-08-09 11:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-09-12 20:34 - 2018-08-09 11:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-09-12 20:34 - 2018-08-09 11:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-09-12 20:34 - 2018-08-09 11:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-09-12 20:34 - 2018-08-09 11:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-09-12 20:34 - 2018-08-09 11:09 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageInspector.exe
2018-09-12 20:34 - 2018-08-09 10:38 - 001538976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-09-12 20:34 - 2018-08-09 10:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-09-12 20:34 - 2018-08-09 10:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-12 20:34 - 2018-08-09 10:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-09-12 20:34 - 2018-08-09 10:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2018-09-12 20:34 - 2018-08-09 10:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-09-12 20:34 - 2018-08-09 10:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-09-12 20:34 - 2018-08-09 10:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2018-09-12 20:34 - 2018-08-09 10:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-09-12 20:34 - 2018-08-09 10:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-09-12 20:34 - 2018-08-09 10:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-09-12 20:34 - 2018-08-09 10:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2018-09-12 20:34 - 2018-08-09 10:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-09-12 20:34 - 2018-08-09 10:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-09-12 20:34 - 2018-08-09 10:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-09-12 20:34 - 2018-08-09 10:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-09-12 20:34 - 2018-08-09 10:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-09-12 20:34 - 2018-08-09 10:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-09-12 20:34 - 2018-08-09 10:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2018-09-12 20:34 - 2018-08-09 10:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2018-09-12 20:34 - 2018-08-09 10:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-09-12 20:34 - 2018-08-09 07:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-09-12 20:34 - 2018-08-09 07:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2018-09-12 20:34 - 2018-08-09 06:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-09-12 20:34 - 2018-08-09 06:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-09-12 20:34 - 2018-08-09 06:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-09-12 20:34 - 2018-08-09 06:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-09-12 20:34 - 2018-08-09 06:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-09-12 20:34 - 2018-08-09 06:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-09-12 20:34 - 2018-08-09 06:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-09-12 20:34 - 2018-08-09 06:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-09-12 20:34 - 2018-08-09 06:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-09-12 20:34 - 2018-08-09 06:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-09-12 20:34 - 2018-08-09 06:53 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-09-12 20:34 - 2018-08-09 06:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-09-12 20:34 - 2018-08-09 06:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-09-12 20:34 - 2018-08-09 06:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2018-09-12 20:34 - 2018-08-09 06:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-09-12 20:34 - 2018-08-09 06:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-09-12 20:34 - 2018-08-09 06:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-09-12 20:34 - 2018-08-09 06:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-09-12 20:34 - 2018-08-09 06:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-09-12 20:34 - 2018-08-09 06:29 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-09-12 20:34 - 2018-08-09 06:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2018-09-12 20:34 - 2018-08-09 06:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-09-12 20:34 - 2018-08-09 06:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-09-12 20:34 - 2018-08-09 06:28 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdPinAuthLsa.dll
2018-09-12 20:34 - 2018-08-09 06:27 - 000449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSftp.exe
2018-09-12 20:34 - 2018-08-09 06:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-09-12 20:34 - 2018-08-09 06:27 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdBroker.dll
2018-09-12 20:34 - 2018-08-09 06:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-09-12 20:34 - 2018-08-09 06:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2018-09-12 20:34 - 2018-08-09 06:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-09-12 20:34 - 2018-08-09 06:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-12 20:34 - 2018-08-09 06:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-09-12 20:34 - 2018-08-09 06:26 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSession.exe
2018-09-12 20:34 - 2018-08-09 06:26 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshBroker.dll
2018-09-12 20:34 - 2018-08-09 06:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-09-12 20:34 - 2018-08-09 06:26 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshProxy.dll
2018-09-12 20:34 - 2018-08-09 06:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-09-12 20:34 - 2018-08-09 06:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-09-12 20:34 - 2018-08-09 06:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-09-12 20:34 - 2018-08-09 06:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-09-12 20:34 - 2018-08-09 06:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-09-12 20:34 - 2018-08-09 06:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2018-09-12 20:34 - 2018-08-09 06:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-09-12 20:34 - 2018-08-09 06:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-09-12 20:34 - 2018-08-09 06:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2018-09-12 20:34 - 2018-08-09 06:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-09-12 20:34 - 2018-08-09 06:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-09-12 20:34 - 2018-08-09 06:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-09-12 20:34 - 2018-08-09 06:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2018-09-12 20:34 - 2018-08-09 06:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-09-12 20:34 - 2018-08-09 06:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-09-12 20:34 - 2018-08-09 06:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-09-12 20:34 - 2018-08-09 06:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-09-12 20:34 - 2018-08-09 06:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-09-12 20:34 - 2018-08-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-09-12 20:34 - 2018-08-09 06:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-09-12 20:34 - 2018-08-09 06:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-09-12 20:34 - 2018-08-09 06:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-09-12 20:34 - 2018-08-09 06:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2018-09-12 20:34 - 2018-08-09 06:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2018-09-12 20:34 - 2018-08-09 06:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-09-12 20:34 - 2018-08-09 06:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-09-12 20:34 - 2018-08-09 06:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-09-12 20:34 - 2018-08-09 06:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-09-12 20:34 - 2018-08-09 06:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll
2018-09-12 20:34 - 2018-08-09 06:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-09-12 20:34 - 2018-08-09 06:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-09-12 20:34 - 2018-08-09 06:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2018-09-12 20:34 - 2018-08-09 06:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-09-12 20:34 - 2018-08-09 06:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-09-12 20:34 - 2018-08-09 06:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-09-12 20:34 - 2018-08-09 06:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-09-12 20:34 - 2018-08-09 06:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-09-12 20:34 - 2018-08-09 05:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-09-12 20:34 - 2018-08-09 05:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls
2018-09-12 20:34 - 2018-06-08 20:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-08 20:13 - 2018-09-04 17:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-08 19:18 - 2018-09-04 18:07 - 000970840 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-10-08 19:18 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-10-08 19:14 - 2018-09-04 18:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-08 19:14 - 2018-07-31 19:09 - 000000000 __SHD C:\Users\SinWolf\IntelGraphicsProfiles
2018-10-08 19:14 - 2018-07-31 18:13 - 000000000 ____D C:\ProgramData\Synaptics
2018-10-08 19:14 - 2018-07-31 18:13 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-08 19:14 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-08 19:13 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-10-08 18:35 - 2018-08-03 01:01 - 000000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSinWolf.job
2018-10-08 18:35 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-08 17:25 - 2018-09-04 18:04 - 000003272 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSinWolf
2018-10-08 16:13 - 2018-08-20 19:16 - 000000000 ____D C:\Users\SinWolf\AppData\LocalLow\Adobe
2018-10-08 15:11 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-08 13:47 - 2018-08-19 12:03 - 000000000 ____D C:\Users\SinWolf\AppData\Local\GoPro
2018-10-07 10:06 - 2018-09-04 18:01 - 000000000 ____D C:\Users\SinWolf
2018-10-06 10:46 - 2018-07-31 19:10 - 000000000 ____D C:\Users\SinWolf\AppData\Local\Packages
2018-10-05 21:19 - 2018-08-02 18:01 - 000002309 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-05 12:20 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-10-05 12:19 - 2018-09-01 13:08 - 000000000 ____D C:\Program Files\Microsoft Office
2018-10-04 21:50 - 2018-08-02 18:00 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-04 17:25 - 2018-07-31 18:27 - 000000000 ____D C:\WINDOWS\HP
2018-10-04 17:25 - 2017-11-21 16:31 - 000000000 ____D C:\SWSETUP
2018-10-02 17:21 - 2018-09-07 17:39 - 000000000 ____D C:\Users\SinWolf\AppData\Roaming\Azureus
2018-09-29 09:35 - 2018-08-01 17:42 - 000000000 ____D C:\Users\SinWolf\AppData\Local\PlaceholderTileLogoFolder
2018-09-26 07:19 - 2018-09-04 18:04 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2110990834-71020888-2906096871-1002
2018-09-26 07:19 - 2018-09-04 18:01 - 000002376 _____ C:\Users\SinWolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-26 07:19 - 2018-07-31 19:11 - 000000000 ___RD C:\Users\SinWolf\OneDrive
2018-09-25 17:34 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-20 14:58 - 2018-08-02 18:01 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-20 14:53 - 2018-07-31 19:09 - 000000000 ____D C:\Users\SinWolf\AppData\Local\ConnectedDevicesPlatform
2018-09-20 11:38 - 2018-09-03 19:33 - 000000000 ____D C:\Users\SinWolf\AppData\Local\Pinnacle
2018-09-20 11:38 - 2018-09-01 14:07 - 000000583 _____ C:\Users\SinWolf\AppData\Roaming\DESKTOP-Q6LLMJD.MTBF.txt
2018-09-20 11:38 - 2018-09-01 13:56 - 000000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2018-09-20 11:30 - 2018-07-31 19:10 - 000000000 ____D C:\Users\SinWolf\AppData\Local\Intel
2018-09-20 11:30 - 2018-07-31 18:18 - 000000000 ____D C:\Program Files (x86)\Intel
2018-09-20 11:30 - 2018-07-31 18:13 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-09-20 11:22 - 2018-07-31 18:13 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-09-20 11:22 - 2018-07-31 18:13 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-09-20 11:19 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Help
2018-09-20 10:49 - 2018-08-02 17:48 - 000000000 ____D C:\Users\SinWolf\Desktop\Downloaded Software
2018-09-20 10:04 - 2018-09-04 18:04 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-09-20 09:58 - 2018-09-07 16:48 - 000000000 ____D C:\Users\SinWolf\AppData\Local\D3DSCache
2018-09-20 09:49 - 2018-09-04 17:57 - 000567752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-09-20 09:46 - 2017-11-21 16:23 - 000000000 ____D C:\ProgramData\Package Cache
2018-09-20 09:45 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-09-19 15:29 - 2018-09-04 17:58 - 000551856 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-09-19 15:29 - 2018-04-12 18:19 - 000457256 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2018-09-13 12:41 - 2018-09-03 20:23 - 000000000 ____D C:\inetpub
2018-09-13 12:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-09-13 12:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-09-12 21:02 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-09-12 21:02 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-09-12 21:02 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-09-12 21:02 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-09-12 21:02 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-09-11 19:48 - 2018-08-03 07:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-09-11 19:47 - 2018-08-03 07:58 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-09-11 19:00 - 2018-08-03 00:56 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-09-11 18:50 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-09-09 00:50 - 2018-08-21 23:46 - 000000000 ____D C:\ProgramData\Packages
2018-09-08 11:20 - 2018-08-02 19:46 - 000000000 ____D C:\Users\SinWolf\AppData\Local\Google
 
==================== Files in the root of some directories =======
 
2018-09-16 20:54 - 2018-09-16 20:54 - 000000142 ___SH () C:\ProgramData\17134.1.x86fre.rs4_release.180410-1804_x86A.dll
2018-09-16 20:54 - 2018-09-16 20:54 - 000000158 ___SH () C:\Users\SinWolf\17134.1.amd64fre.rs4_release.180410-1804_x64A.dll
2018-09-01 14:07 - 2018-09-20 11:38 - 000000583 _____ () C:\Users\SinWolf\AppData\Roaming\DESKTOP-Q6LLMJD.MTBF.txt
2018-09-01 14:08 - 2018-09-01 14:08 - 000003584 _____ () C:\Users\SinWolf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
2018-10-02 17:00 - 2018-10-02 17:21 - 000079904 _____ () C:\Users\SinWolf\AppData\Local\Temp\i4jdel0.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-09-04 17:57
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.10.2018
Ran by SinWolf (08-10-2018 20:35:16)
Running from C:\Users\SinWolf\Desktop
Windows 10 Pro Version 1803 17134.285 (X64) (2018-09-04 16:05:20)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2110990834-71020888-2906096871-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2110990834-71020888-2906096871-503 - Limited - Disabled)
Guest (S-1-5-21-2110990834-71020888-2906096871-501 - Limited - Disabled)
SinWolf (S-1-5-21-2110990834-71020888-2906096871-1002 - Administrator - Enabled) => C:\Users\SinWolf
WDAGUtilityAccount (S-1-5-21-2110990834-71020888-2906096871-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20071 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{6301BFFA-5192-498B-8DA5-7790B46F3F32}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.107.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD 2016 SP 1 (HKLM\...\AutoCAD 2016 SP1) (Version: 20.1.107.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Conexant ISST Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 9.0.180.10 - Conexant)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.9.0.0603 - Disc Soft Ltd)
Elevated Installer (HKLM-x32\...\{6B3B3A8E-38BF-40C3-A5C3-156467AF0068}) (Version: 6.7.2.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{1ac25e24-a380-4f68-bb3c-f9b1d7cdb2df}) (Version: 4.7.0.0 - Garmin Ltd or its subsidiaries)
Garmin BaseCamp (HKLM-x32\...\{3B93218E-3D19-4063-A578-2722B8C4E161}) (Version: 4.7.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{5e03a6d1-c5b2-48e0-8827-6f9d2fae79b1}) (Version: 6.7.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{EAD45040-85CD-42A8-BEA7-5FF268626DD5}) (Version: 6.7.2.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoPro Quik (HKLM\...\{8B7D1DD1-5CA4-4B6E-9A86-3EA9E3601DF3}) (Version: 0.1.841 - GoPro, Inc.) Hidden
GoPro Quik (HKLM-x32\...\{f1aab631-23ee-456b-a5ef-6e4d9d638068}) (Version: 2.6.2.841 - GoPro, Inc.)
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 9.3.9.2559 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.9.0 - HP Inc.)
HP Device Access Manager (HKLM\...\{7AF31361-3607-4AEB-A445-D02EAE2D9C94}) (Version: 8.4.12.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP ESU for Microsoft Windows 10 (HKLM-x32\...\{94D0EB60-8B2F-4A80-BA74-3D312434415F}) (Version: 11.3.1 - HP)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP MAC Address Manager (HKLM-x32\...\{21FA165F-905C-4DDA-B00A-00C3A5D17BBA}) (Version: 1.1.15.1 - HP Inc.)
HP Notifications (HKLM-x32\...\{A4F64FA9-6A38-4720-AC7E-7FB4567C7268}) (Version: 1.1.5.1 - HP)
HP SoftPaq Download Manager (HKLM-x32\...\{fc153673-e23b-4908-93b9-164cc056a3c4}) (Version: 4.3.19.0 - HP)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.9.24.3 - HP Inc.)
HP System Default Settings (HKLM-x32\...\{9FA4819F-C0D6-4184-950A-5F3859EB1168}) (Version: 1.2.13.1 - HP Inc.)
HP Universal Camera Driver (HKLM-x32\...\{8B204728-0D90-48BE-97C0-BBEDDFDFA83C}) (Version: 3.7.8.1 - SunplusIT)
HP Velocity (HKLM\...\IPQ_NSIS) (Version: 3.2.0.24905 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{2EC9AB64-3ACA-460D-B309-0A7052B0C8C0}) (Version: 1.1.21.1 - HP)
HP WorkWise (HKLM-x32\...\{2EDE0C89-892C-4C3C-A922-C4DDE7C68EAE}) (Version: 1.4.20.1 - HP Inc.)
HPWorkWise64 (HKLM\...\{56051A5A-7A04-4CD4-A5CD-781F1AC10112}) (Version: 1.4.20.1 - HP Company) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10207.5567 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1067 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.5018 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.3.1026 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000010-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.10.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{4996e560-35d4-4f06-93df-54b6e6ab11c5}) (Version: 20.50.1 - Intel Corporation)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.10827.20138 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2110990834-71020888-2906096871-1002\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NVIDIA Update 31.0.1.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.0.1.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pinnacle Studio 20 (HKLM\...\{4D548AFA-B83A-4C39-A474-AAE833B320AD}) (Version: 20.0.1.109 - Corel Corporation)
PremiumOs4 (HKLM-x32\...\PremiumOs4) (Version: 18.15.1 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.159 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.130 - Realtek Semiconductor Corp.)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.30 - Synaptics Incorporated)
T4A Maps Traveller's Africa (HKLM-x32\...\T4A Maps Traveller's Africa) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{A6F2ADC4-12C4-41E8-B90B-3BE018F5787C}) (Version: 2.48.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-2) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-3) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2110990834-71020888-2906096871-1002_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2110990834-71020888-2906096871-1002_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2110990834-71020888-2906096871-1002_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2110990834-71020888-2906096871-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2015-02-06] (Autodesk)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-08-27] (Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-08-27] (Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64_kbl_kit127397.inf_amd64_e1da8ee9e92ccadb\igfxDTCM.dll [2018-04-25] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-19] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {050DF5F5-0B3A-42D1-BBEA-AF0C7608BC34} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {07FADCB7-3C72-46BF-B30B-FB228B463CE8} - System32\Tasks\HPCeeScheduleForSinWolf => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {0C447FB8-7563-49F8-A454-40187D2D8E16} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {0DE1D079-FA0B-44C8-A3CA-E8426DC64BEA} - System32\Tasks\Vuze Start => C:\Program Files\Vuze\Azureus.exe [2017-03-01] (Azureus Software, Inc)
Task: {10F870BA-FFBD-4DE1-8CB5-D65BAA8AD10D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {1BD10B4B-22BA-4A8D-A90E-89FD40E97128} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-05] (Microsoft Corporation)
Task: {260EDA2B-24D9-4FBA-A943-BF25F09859A2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {3BB6C26D-8706-4DF1-815B-7A2F58A31A3D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-02] (Microsoft Corporation)
Task: {3EBD92F9-1526-44F3-8252-46313D665953} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc.)
Task: {58AB937A-E30F-4ED8-920C-9F38359FC8AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-27] (HP Inc.)
Task: {594A8465-76B4-406B-9A84-908A60799EC3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-10-05] (Microsoft Corporation)
Task: {5A430F88-35B0-4813-BD20-85B29D129C8C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {5C2CC6B0-6D90-485B-90BF-8166479A48C8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {5E8CC6EB-2DD8-44D9-ABD0-633907B5ECB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {64F420BF-91BC-4D52-97E3-1D6D4305F2CC} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [2017-10-06] (HP Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {69071509-5C5F-495C-9308-1B6638112835} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-02] (Google Inc.)
Task: {7234F7CE-747A-49B8-A85E-90597057EC51} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-08-13] ()
Task: {78CA1A5D-228C-4A94-B70F-4E3AA6A8BFBD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-10-05] (Microsoft Corporation)
Task: {808463B6-2D61-4A8C-A54E-37030F123947} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-05] (Microsoft Corporation)
Task: {88A96773-637B-4696-B8B6-D34B80B97A7C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-02] (Microsoft Corporation)
Task: {A44F140A-EEC5-4D41-8AB8-92F9C4F5670C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-09-27] (HP Inc.)
Task: {B79AF690-961C-4303-AE46-FB19F113859A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-10-05] (Microsoft Corporation)
Task: {BCF79187-30C2-437D-B6F9-8A20C58FD396} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {CB14B995-7365-4CF3-9541-A2B9123CDEC2} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {D4F21C50-6DA1-4407-8FB7-3B15C43AFA0D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {D7F6A34A-BB1C-4927-AF99-98F81260D9E8} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe
Task: {DB01FA71-5CBB-4C1D-835E-2E18B5BFF171} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe [2017-09-04] (Conexant)
Task: {DDB18BED-9117-4B3D-8193-862F5156ADF9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-02] (Microsoft Corporation)
Task: {DE262E8A-A040-4D78-837B-1DC05075A6D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-02] (Google Inc.)
Task: {E11079ED-E4A4-4E87-9262-816BD82C248D} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {EA7D5336-7F1B-4F16-BC6F-24F9E01592C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {FB84FD15-2AA0-4E80-845C-B0BB5280ABB4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-16] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSinWolf.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\SinWolf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-extensions
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-extensions
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-13 17:43 - 2016-07-13 17:43 - 000331768 _____ () c:\Program Files\HP\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2017-08-11 02:07 - 2017-08-11 02:07 - 000022528 _____ () C:\WINDOWS\system32\fpCSEvtSvc.exe
2018-10-08 18:12 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-08 18:12 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-09-12 20:34 - 2018-08-31 05:12 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-09-13 21:00 - 2018-09-13 21:00 - 003083264 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DotNetCommon\71f3e15cd4ecce9ad24aaa55f97fcda7\DotNetCommon.ni.dll
2018-10-01 00:41 - 2018-10-05 21:26 - 001016320 _____ () C:\Windows\lsasc.exe
2018-09-27 14:53 - 2018-10-05 21:26 - 001016320 _____ () C:\WINDOWS\mcmdl-1.exe
2018-06-11 10:41 - 2018-06-11 10:41 - 000038328 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2018-10-06 10:38 - 2018-10-06 10:39 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-08-02 21:07 - 2018-08-02 21:10 - 002447072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-10-06 10:38 - 2018-10-06 10:39 - 001689088 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-09-12 20:00 - 2018-09-12 20:02 - 035124736 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-09-12 20:00 - 2018-09-12 20:02 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-09-12 20:00 - 2018-09-12 20:02 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-08-01 18:07 - 2018-08-01 18:23 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-25 20:22 - 2018-09-25 20:22 - 004178432 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1808.2461.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-09-25 20:22 - 2018-09-25 20:22 - 004472952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1808.2461.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-20 14:58 - 2018-09-15 10:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-20 14:58 - 2018-09-15 10:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2018-09-20 09:46 - 2014-12-05 04:27 - 000055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2018-09-20 09:46 - 2014-12-05 04:27 - 000104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2017-04-18 05:45 - 2017-04-18 05:45 - 001227264 _____ () C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 067109376 _____ () C:\Program Files (x86)\Garmin\Express\libcef.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2018-08-13 15:50 - 2018-08-13 15:50 - 000073216 _____ () C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-04-18 05:45 - 2017-04-18 05:45 - 000808960 _____ () C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 002246144 _____ () C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 000079360 _____ () C:\Program Files (x86)\Garmin\Express\libegl.dll
2017-06-14 19:29 - 2017-06-14 19:29 - 000021136 _____ () C:\Program Files\HP\HP Velocity\MUI\en-US.dll
2018-10-08 19:14 - 2014-12-05 04:27 - 000104328 _____ () C:\Users\SinWolf\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2018-09-13 21:01 - 2018-09-13 21:01 - 000156672 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\ef95ccd5834b532b2bd699ab4eff60ae\BRIDGECommon.ni.dll
2018-09-13 21:02 - 2018-09-13 21:02 - 000374784 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\8c40637aeb51427032a3b6c88519b1b9\CleanStartController.ni.dll
2018-09-13 21:02 - 2018-09-13 21:02 - 000121344 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\ca0611643ea8669c029f6fc8e8cdd358\BridgeExtension.ni.dll
2018-09-13 21:02 - 2018-09-13 21:02 - 000139264 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Registratio4eabc192#\dc7d156651b308028c2f161f57ac572c\RegistrationUtilities.ni.dll
2017-12-03 12:18 - 2017-12-03 12:18 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2110990834-71020888-2906096871-1002\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 15:46 - 2018-10-05 21:19 - 000001899 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
80.241.222.139 1l-hit.mail.ru
80.241.222.139 www.1l-hit.mail.ru
80.241.222.139 ad.mail.ru
80.241.222.139 www.ad.mail.ru
80.241.222.139 adservice.google.com
80.241.222.139 www.adservice.google.com
80.241.222.139 ajax.googleapis.com
80.241.222.139 www.ajax.googleapis.com
80.241.222.139 apis.google.com
80.241.222.139 www.apis.google.com
80.241.222.139 c1.popads.net
80.241.222.139 www.c1.popads.net
80.241.222.139 c2.popads.net
80.241.222.139 www.c2.popads.net
80.241.222.139 codex.nflxext.com
80.241.222.139 www.codex.nflxext.com
80.241.222.139 completion.amazon.com
80.241.222.139 www.completion.amazon.com
80.241.222.139 connect.facebook.net
80.241.222.139 www.connect.facebook.net
80.241.222.139 consent.cmp.oath.com
80.241.222.139 www.consent.cmp.oath.com
80.241.222.139 google-analytics.com
80.241.222.139 www.google-analytics.com
80.241.222.139 googletagmanager.com
80.241.222.139 www.googletagmanager.com
80.241.222.139 googletagservices.com
80.241.222.139 www.googletagservices.com
80.241.222.139 gstatic.com
80.241.222.139 www.gstatic.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2110990834-71020888-2906096871-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_SNOW_3840x2160.jpg
DNS Servers: 172.98.193.42 - 192.99.85.244
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKU\S-1-5-21-2110990834-71020888-2906096871-1002\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe
FirewallRules: [{ABFF5DF8-8C82-4E81-838B-F87B76917914}] => (Block) C:\Program Files\Pinnacle\Studio 20\programs\PinnacleStudio.EXE
FirewallRules: [{B8FF951B-BA26-4CE3-8F86-5AE11018F0DE}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\UMI.exe
FirewallRules: [{CB243E95-20B8-4E64-B764-5718BF302AA5}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\UMI.exe
FirewallRules: [{70D1BBDB-CFC0-4150-BC74-5E7C04ABBC95}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\NGStudio.exe
FirewallRules: [{2432D253-7C6B-4DCB-8A9A-F2A2B3A62465}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\NGStudio.exe
FirewallRules: [{60A0AB22-83DA-46D4-B32D-4003A2D80C45}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\RM.exe
FirewallRules: [{BCE30067-96FE-4C58-853C-E475CCB855F4}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\RM.exe
FirewallRules: [{F2611DD1-E4BF-4E7A-A4F5-03F99E473F76}] => (Block) C:\Program Files\Pinnacle\Studio 20\programs\PinnacleStudio.EXE
FirewallRules: [{0777CAC0-B6CD-4945-A45B-76C9CF3CFFDB}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\PinnacleStudio.EXE
FirewallRules: [{35F6440B-5C5D-4BDA-8392-4B1A5E128B8E}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\PinnacleStudio.EXE
FirewallRules: [{29F72581-AB1D-4752-9D17-6301518CF644}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\PinnacleStudio.EXE
FirewallRules: [{0CF2CD0B-1037-4BC9-9430-480599BB3BA7}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\PinnacleStudio.EXE
FirewallRules: [{B5DE41E1-1946-4821-A9ED-3D3292336C3E}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\UMI.exe
FirewallRules: [{238E073C-0970-4BEF-A15C-EA9EDA769602}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\UMI.exe
FirewallRules: [{C1238C13-7019-459F-8237-CCE269F6D49E}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\NGStudio.exe
FirewallRules: [{F2175D54-BE0B-4A9E-8644-5F73EE19EEBA}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\NGStudio.exe
FirewallRules: [{280D44EE-2449-4AC5-9EE4-E5522A96A2A2}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\RM.exe
FirewallRules: [{2292E229-AFC7-4EAF-A144-431927093EA7}] => (Allow) C:\Program Files\Pinnacle\Studio 20\programs\RM.exe
FirewallRules: [{60BC057D-C517-439D-8B64-D236C8971EC3}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
FirewallRules: [{7C22037E-CB22-4730-8C57-F8E8B249358F}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{215040BF-103E-4533-AE44-11517820A9DF}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{F813FD3F-3412-44FD-9C40-87F91D1F5B1E}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{A18845FC-AC7C-47A3-805C-588B76054FFF}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe
FirewallRules: [{4AACC974-049E-4524-B9AE-2A220BCE25B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4DF6C153-1F6C-45F1-AB07-7F09571A808E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F0A51610-C5DD-463C-802E-6283CDA80A5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0D3DF486-F5F1-473F-9023-606BBAD6ED4D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{875F47CA-A0DB-45F1-AF6D-BB789F8FF91F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{14323946-CD2A-4623-8DCD-D84489E47ACA}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{198E702C-ABDF-4B84-A078-CE49AB3D914C}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{980C3A83-F204-4A76-83DD-AA185D25082D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{AAAACE45-CA98-44D2-8EA3-86BFC0F2842E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{074819FB-5228-439C-B9E3-E0EC09784E35}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B79FDB02-57A3-4931-9101-9469B8764CA6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E621A932-C1D1-4526-80E2-21270DCC6D72}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{25617B4D-024E-4A54-B1B5-308963324501}] => (Allow) LPort=50248
FirewallRules: [{2150FF1C-FAA3-49A6-8A70-8FEBC7D556D3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/08/2018 08:35:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (10/08/2018 08:35:22 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (10/08/2018 07:13:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
Faulting module name: SelfProtectionSdk.dll, version: 3.0.0.360, time stamp: 0x5b995ba2
Exception code: 0xc0000409
Fault offset: 0x000000000014e2a9
Faulting process ID: 0x110c
Faulting application start time: 0x01d45f28378319da
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
Report ID: bd705132-b205-4047-a97a-6af2d0834f18
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/08/2018 06:55:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
Faulting module name: SelfProtectionSdk.dll, version: 3.0.0.360, time stamp: 0x5b995ba2
Exception code: 0xc0000409
Fault offset: 0x000000000014e2a9
Faulting process ID: 0x1294
Faulting application start time: 0x01d45f2749fc3a57
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
Report ID: 5b3bffeb-0cdc-4e2f-a089-caea9d280127
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/08/2018 06:50:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
Faulting module name: SelfProtectionSdk.dll, version: 3.0.0.360, time stamp: 0x5b995ba2
Exception code: 0xc0000409
Fault offset: 0x000000000014e2a9
Faulting process ID: 0x12a0
Faulting application start time: 0x01d45f24ecb87c59
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
Report ID: 61451387-ae52-4552-b2f2-de73def44300
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/08/2018 06:34:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
Faulting module name: SelfProtectionSdk.dll, version: 3.0.0.360, time stamp: 0x5b995ba2
Exception code: 0xc0000409
Fault offset: 0x000000000014e2a9
Faulting process ID: 0x2088
Faulting application start time: 0x01d45f21c2fda389
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
Report ID: 505b7581-023f-4afb-8e26-27e3feef89ab
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/08/2018 06:07:55 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\msiexec.exe /V; Description = Removed Bonjour; Error = 0x80042302).
 
Error: (10/08/2018 06:07:55 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
 
System errors:
=============
Error: (10/08/2018 08:14:13 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-Q6LLMJD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-Q6LLMJD\SinWolf SID (S-1-5-21-2110990834-71020888-2906096871-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/08/2018 07:16:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/08/2018 07:14:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/08/2018 07:14:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/08/2018 07:14:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/08/2018 07:14:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/08/2018 07:14:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Autodesk Content Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (10/08/2018 07:14:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 52%
Total physical RAM: 7607.2 MB
Available physical RAM: 3596.74 MB
Total Virtual: 8823.2 MB
Available Virtual: 4251.74 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:218.28 GB) (Free:128.87 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:18.75 GB) (Free:2.44 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HDD) (Fixed) (Total:931.51 GB) (Free:905.51 GB) NTFS
Drive i: (Back-up) (Fixed) (Total:931.51 GB) (Free:232.75 GB) NTFS
 
\\?\Volume{c1b29de4-87dd-4298-a63d-16a608ccc919}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.44 GB) NTFS
\\?\Volume{0e68c7c6-4e80-4679-a48b-8ba62b901244}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.3 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: FBB34DE6)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 01FE6F01)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00021631)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
 
 
THANK YOU

 

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:24 AM

Posted 08 October 2018 - 06:11 PM

Hello SinWolf and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

P2P - I see you have P2P software, (Vuze (formerly Azureus)), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

Please note: Even if you are using a ‘safe’ P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now.

===================================================

Your problem is not uncommon and, as usual, to do with Chrome.

Please look at this link and let me know if this resolves the problem.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:24 AM

Posted 10 October 2018 - 05:41 PM

Hi SinWolf

 

Did my previous suggestion solve your problem?

 

If I don't hear from you within 24 hours I'll assume you no longer have a problem and close this.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 SinWolf

SinWolf
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 10 October 2018 - 11:56 PM

Good day,

 

No, Unfortunately it did not fix my problem :(

 

Sorry for the late reply as I've been out of town for work...

 

Anyway, in order to make my PC usable, I uninstalled Melwarebytes just to get rid of the annoying messeges.... But going onto the internet, I get adds (adware) with all my windows that I open :( :(



#5 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:24 AM

Posted 11 October 2018 - 07:31 AM

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/7/8/10, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on ‘Report’ and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 SinWolf

SinWolf
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 11 October 2018 - 05:35 PM

Good evening...

 

Herewith my results from the scan.

 

THANK YOU for your time and effort, it's MUCH appreciated.

 

 

 

 

 

RogueKiller V12.13.4.0 (x64) [Oct  8 2018] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : SinWolf [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 10/11/2018 23:53:37 (Duration : 00:20:16)
Switches : -refid
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 14 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RPC Endpoint Monitor Utility (C:\Windows\Temp\sdhost.exe) -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2110990834-71020888-2906096871-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2110990834-71020888-2906096871-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2110990834-71020888-2906096871-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2110990834-71020888-2906096871-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b8e200f2-bb43-4b72-b8f9-b4c6418a1891} | NameServer : 172.98.193.42,192.99.85.244 ([United States][-])  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[Keylog.Gen0][File] C:\Windows\System32\MicTray64.exe -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 9 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 80.241.222.139 adservice.google.com [Hj.Hosts]Found
[C:\Windows\System32\drivers\etc\hosts] 80.241.222.139 www.adservice.google.com [Hj.Hosts]Found
[C:\Windows\System32\drivers\etc\hosts] 80.241.222.139 apis.google.com [Hj.Hosts]Found
[C:\Windows\System32\drivers\etc\hosts] 80.241.222.139 connect.facebook.net [Hj.Hosts]Found
[C:\Windows\System32\drivers\etc\hosts] 80.241.222.139 google-analytics.com [Hj.Hosts]Found
[C:\Windows\System32\drivers\etc\hosts] 80.241.222.139 www.google-analytics.com [Hj.Hosts]Found
[C:\Windows\System32\drivers\etc\hosts] 80.241.222.139 mc.yandex.ru [Hj.Hosts]Found
[C:\Windows\System32\drivers\etc\hosts] 80.241.222.139 www.mc.yandex.ru [Hj.Hosts]Found
[C:\Windows\System32\drivers\etc\hosts] 80.241.222.139 static.doubleclick.net [Hj.Hosts]Found
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WDS256G1X0C-00ENX0 +++++
--- User ---
[MBR] a11bb300193874582bb5db8665b474db
[BSP] b7554c7e1efcf965b160556c58f3eb80 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 360 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 739328 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 1001472 | Size: 223522 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 458774528 | Size: 980 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 460781568 | Size: 19202 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive1: HGST HTS541010B7E610 +++++
--- User ---
[MBR] 409363d4607e8319648122b6852ecb2e
[BSP] a0712a830f9fb45da94d12f615ab9912 : Empty|VT.Unknown MBR Code
Partition table:
0 -  | Offset (sectors): 34 | Size: 953869 MB
User = LL1 ... OK
User = LL2 ... OK
 

Attached Files



#7 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:24 AM

Posted 11 October 2018 - 06:10 PM

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7/8//10: right-click the program and select Run as Administrator'
  • click on Start Scan
  • when the scan is finished press Remove Selected and post the log it produces.

Please then run it again and send the new log.

Midnight here now so I won't reply again tonight but when your system has rebooted, please let me know if there is any change.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 SinWolf

SinWolf
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 12 October 2018 - 12:28 AM

Good morning Satchfan,

 

Just to confirm...  I should only "Remove Selected" ??  None of the registry items are selected... Do I select them or not ??

 

Thank you

 

Regardt



#9 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:24 AM

Posted 12 October 2018 - 03:18 AM

Just checking something and will get back to you.


Edited by satchfan, 12 October 2018 - 03:38 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:24 AM

Posted 12 October 2018 - 04:30 AM

I'm a bit concerned about 'fixing' this:

 

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b8e200f2-bb43-4b72-b8f9-b4c6418a1891} | NameServer : 172.98.193.42,192.99.85.244 ([United States][-])  -> Found

 

This Internet Provicer, (IP}, address is in the United States:

172.98.193.42

This IP address is in Canada:

192.99.85.244

 

Can you tel me who your IP is and your location.

 

Thanks


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 SinWolf

SinWolf
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 12 October 2018 - 05:00 AM

Hi,

 

I'm in South Africa... Service provider is Telkom.

 

I will only do the cleaning once I get home after work later...

 

Thank you



#12 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:24 AM

Posted 12 October 2018 - 05:36 AM

No rush.

 

That information has cleared things up.

 

Please make sure that  everything that was found is selected.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 SinWolf

SinWolf
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 13 October 2018 - 12:46 AM

Hi Satchfan...

 

I'm getting frustrated with my laptop...  I'm using Chrome... If I google something and get results, and click on ANY of the results, then I get ditrected to:

 

 https://emergency-call.us/stage.html?clickid=wCJ3CO7PA0NP2DFH1KG4PDGM

 

Basically.... ANY link I click on directs to that page...  And I still have adds poping up continiously :( :(  Thank you for your help so far....

 

Herewith my RK report after cleaning...

 

 

 

 

RogueKiller V12.13.4.0 (x64) [Oct  8 2018] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : SinWolf [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 10/13/2018 07:02:34 (Duration : 00:19:26)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WDS256G1X0C-00ENX0 +++++
--- User ---
[MBR] a11bb300193874582bb5db8665b474db
[BSP] b7554c7e1efcf965b160556c58f3eb80 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 360 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 739328 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 1001472 | Size: 223522 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 458774528 | Size: 980 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 460781568 | Size: 19202 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive1: HGST HTS541010B7E610 +++++
--- User ---
[MBR] 409363d4607e8319648122b6852ecb2e
[BSP] a0712a830f9fb45da94d12f615ab9912 : Empty|VT.Unknown MBR Code
Partition table:
0 -  | Offset (sectors): 34 | Size: 953869 MB
User = LL1 ... OK
User = LL2 ... OK
 

Attached Files



#14 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:24 AM

Posted 13 October 2018 - 03:54 AM

Chrome is a total nuisance and we have countless problems with it. I think that uninstalling the wretched program may the best answer. You cannot remove some Chrome problems except with an uninstall/re-install of Chrome, (even though Google have been aware of this since 2008 and haven't bothered to do anything about it).

Uninstall/Reinstall Google Chrome

First save all your bookmarks/favourites.

  • open Chrome, click on the 3 bars in the top right hand corner, select Bookmarks and then Bookmarks Manager
  • click on Organise and then select Export Bookmarks to HTML file, then choose Desktop to save it
  • again, click on the three bars in the top right hand corner and select Settings
  • in the list of Settings under ‘Sign in’ click on Disconnect your Google Account – (if ‘Disconnect your Google Account’ is not there, you will have to sign in using your Chrome username and password first to make it visible)
  • in the text of the next window click on ‘Google Dashboard’ then, at the ‘Chrome sync’ screen, click on Stop and Clear at the bottom
  • a box will open and ask for confirmation, click on OK (wait for this to complete before doing the next step)
  • when confirmation appears close that page and then click on Disconnect account
  • shut Google Chrome, click on Start > Control Panel > Programs and Features (or Add/Remove Programs in XP) and uninstall Google Chrome. Select Everything for removal if asked.

Reboot the system and then reinstall Google Chrome from here

Repeat the process to reinstate your bookmarks by going to Bookmarks > Bookmarks Manager > Organise and select Import Bookmarks.

Let me know if that has solved the problem.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 SinWolf

SinWolf
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 15 October 2018 - 12:44 AM

Thank you Satchfan...

 

I will try this tonight and report back... I had a hectic weekend and did not get to this :)  :)

 

Thanks

 

Regardt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users