Solved Possible Virus

D

Damur

Posts: 25   +0
I tried installing a cracked software. Unfortunately, the program installed a variety of viruses onto my computer. I was able to get rid of a good amount through Avast, SuperAntiSpyware, and MalwareBytes, but I think something may be remaining. After running my computer for an hour or so, I can no longer open up Google Chrome, and Microsoft Word randomly closes while I am using it, without saving or giving me the option to save. Microsoft Word also looks different from before. Instead of yellow colored folders to choose from when saving or opening files, they are now white. I don't know if something was deleted or if that is an update. There may be additional issues that I am not aware of yet. I am not sure what is going on with the computer now, but I am assuming there is some sort of virus remaining on the computer or some registry change that may need fixing. I would greatly appreciate any help you could provide me. I have attached my logs below:



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018

Ran by batman (administrator) on DESKTOP-K6KNP79 (11-10-2018 20:08:30)

Running from C:\Users\batman\Desktop

Loaded Profiles: batman (Available Profiles: batman)

Platform: Windows 10 Home Version 1803 17134.286 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool:


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(TOSHIBA CORPORATION) C:\Windows\System32\atcpomhsvc.exe

(Lenovo) C:\Windows\System32\YMC.exe

(Lenovo.) C:\Windows\System32\LITSSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\igfxCUIService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

() C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe

(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\IntelCpHDCPSvc.exe

(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe

(Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_ec7e2e39054ef080\WTabletServiceISD.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\IntelCpHeciSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe

(Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_ec7e2e39054ef080\WTabletServiceISD.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

(Realtek semiconductor) C:\Windows\RTFTrack.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\igfxEM.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.18.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe

() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1781f8bae8fdf5c0\aesm_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe

(Lenovo(beijing) Limited) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.46.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe

(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Users\batman\AppData\Local\cornmpi\cornmpi.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Users\batman\AppData\Local\cornmpi\dwbhixe.exe

() C:\Users\batman\AppData\Local\cornmpi\dwbhixe.exe

(SweetLabs, Inc) C:\Users\batman\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Users\batman\AppData\Local\cornmpi\dwbhixe.exe

() C:\Users\batman\AppData\Local\racdhbo\audigtn.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

() C:\Users\batman\AppData\Local\cornmpi\dwbhixe.exe

() C:\Users\batman\AppData\Local\cornmpi\dwbhixe.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

() C:\Users\batman\AppData\Local\cornmpi\dwbhixe.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18387808 2018-07-23] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503592 2018-07-23] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503592 2018-07-23] (Realtek Semiconductor)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-09] (AVAST Software)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)

HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3784512 2018-10-09] (Dropbox, Inc.)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)

HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)

HKU\S-1-5-21-2562023560-3925838451-1074170921-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{292d1bcb-9cec-4fd8-8809-7639eba55fa2}: [DhcpNameServer] 192.168.2.1


Internet Explorer:

==================

HKU\S-1-5-21-2562023560-3925838451-1074170921-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE

HKU\S-1-5-21-2562023560-3925838451-1074170921-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE

HKU\S-1-5-21-2562023560-3925838451-1074170921-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/


FireFox:

========

FF DefaultProfile: f8dho2tw.default

FF DefaultProfile: vk4dsqms.default

FF ProfilePath: C:\Users\batman\AppData\Roaming\Zotero\Zotero\Profiles\f8dho2tw.default [2018-08-08]

FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero\extensions\zoteroWinWordIntegration@zotero.org [2018-08-07] [Legacy] [not signed]

FF ProfilePath: C:\Users\batman\AppData\Roaming\Mozilla\Firefox\Profiles\vk4dsqms.default [2018-10-11]

FF Extension: (Avast SafePrice) - C:\Users\batman\AppData\Roaming\Mozilla\Firefox\Profiles\vk4dsqms.default\Extensions\sp@avast.com.xpi [2018-07-22]

FF Extension: (Avast Online Security) - C:\Users\batman\AppData\Roaming\Mozilla\Firefox\Profiles\vk4dsqms.default\Extensions\wrc@avast.com.xpi [2018-07-22]

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)

FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-21] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-21] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)


Chrome:

=======

CHR HomePage: Default -> hxxp://cpprod.stjohns.edu/cp/home/loginf

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default [2018-10-11]

CHR Extension: (Slides) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-21]

CHR Extension: (Docs) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-21]

CHR Extension: (Google Drive) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-21]

CHR Extension: (YouTube) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-21]

CHR Extension: (Honey) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-08-23]

CHR Extension: (Adblock Plus) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-10]

CHR Extension: (Adobe Acrobat) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-10-09]

CHR Extension: (Zotero Connector) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2018-09-09]

CHR Extension: (Sheets) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-21]

CHR Extension: (Google Docs Offline) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]

CHR Extension: (Piggy - Automatic Coupons & Cash Back) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2018-10-07]

CHR Extension: (Video Downloader professional) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmdldgcmokdpmacblnehppgkjphcbpnn [2018-10-01]

CHR Extension: (Wikibuy) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2018-10-11]

CHR Extension: (Video Speed Controller) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2018-07-21]

CHR Extension: (Chrome Web Store Payments) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-21]

CHR Extension: (Gmail) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-21]

CHR Extension: (Chrome Media Router) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-23]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


HKLM\SYSTEM\CurrentControlSet\Services\wmgikz <==== ATTENTION (Rootkit!)


R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)

R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1781f8bae8fdf5c0\aesm_service.exe [3233064 2018-01-26] (Intel Corporation)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-09] (AVAST Software)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-09] (AVAST Software)

S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-10-09] (AVAST Software)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-07-31] (Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-07-31] (Dropbox, Inc.)

R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-09-25] (Dropbox, Inc.)

R2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212784 2017-09-19] ()

R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-08] (Intel Corporation)

S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2410672 2017-10-16] (Intel Corporation)

R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71408 2018-05-16] (Lenovo Group Limited)

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Corporation)

S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)

R2 LITSSVC; C:\WINDOWS\System32\LITSSvc.exe [788920 2017-10-30] (Lenovo.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)

S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)

S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [266080 2018-07-23] (Realtek Semiconductor)

S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-02] (Microsoft Corporation)

R2 WTabletServiceISD; C:\WINDOWS\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_ec7e2e39054ef080\WTabletServiceISD.exe [2992064 2018-02-22] (Wacom Technology, Corp.)

R2 YMC; C:\WINDOWS\System32\YMC.exe [231984 2018-05-02] (Lenovo)

R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (Apple Inc.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (Apple Inc.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201408 2018-10-09] (AVAST Software)

R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230512 2018-10-09] (AVAST Software)

R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201928 2018-10-09] (AVAST Software)

R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346760 2018-10-09] (AVAST Software)

R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59664 2018-10-09] (AVAST Software)

R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-07-22] (AVAST Software)

R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [185240 2018-10-09] (AVAST Software)

S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47064 2018-10-09] (AVAST Software)

R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42456 2018-10-09] (AVAST Software)

R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163376 2018-10-09] (AVAST Software)

R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111968 2018-10-09] (AVAST Software)

R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88112 2018-10-09] (AVAST Software)

R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028840 2018-10-09] (AVAST Software)

R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467904 2018-10-09] (AVAST Software)

R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208640 2018-10-09] (AVAST Software)

R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381144 2018-10-09] (AVAST Software)

R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74144 2017-11-08] (Intel Corporation)

R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69536 2017-11-08] (Intel Corporation)

R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [382880 2017-11-08] (Intel Corporation)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)

R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98968 2017-10-15] (Intel Corporation)

S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [69632 2017-10-16] (Intel Corporation)

R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [192008 2017-10-20] (Intel Corporation)

R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [200232 2018-10-10] (Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [118584 2018-10-11] (Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [58400 2018-10-11] (Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260384 2018-10-11] (Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [110424 2018-10-11] (Malwarebytes)

R3 Netwtw06; C:\WINDOWS\system32\DRIVERS\Netwtw06.sys [8752120 2018-05-03] (Intel Corporation)

R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_5c0f2d8f376b3180\nvlddmkm.sys [17038280 2018-01-07] (NVIDIA Corporation)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-15] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-11-15] (NVIDIA Corporation)

R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-11-15] (NVIDIA Corporation)

R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3236320 2017-10-29] (Realtek Semiconductor Corp.)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R3 WacHIDRouterISD; C:\WINDOWS\System32\drivers\WacHIDRouterISD.sys [79296 2018-02-22] (Wacom Technology, Corp.)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)

U1 aswbdisk; no ImagePath

S4 gkvhm; System32\drivers\sikhblwr.sys [X]

S1 sbkeagt; \??\C:\Users\batman\AppData\Local\Temp\sihzxdpw.sys [X] <==== ATTENTION

R3 twzcgj; system32\drivers\zcfjmp.sys [X]
 
==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2018-10-11 20:08 - 2018-10-11 20:08 - 000024218 _____ C:\Users\batman\Desktop\FRST.txt

2018-10-11 20:08 - 2018-10-11 20:08 - 000000000 ____D C:\Users\batman\Desktop\FRST-OlderVersion

2018-10-11 20:08 - 2018-10-11 20:08 - 000000000 ____D C:\FRST

2018-10-11 20:07 - 2018-10-11 20:08 - 002414592 _____ (Farbar) C:\Users\batman\Desktop\FRST64.exe

2018-10-11 20:04 - 2018-10-11 20:04 - 000000000 ____D C:\Users\batman\AppData\Local\racdhbo

2018-10-11 20:00 - 2018-10-11 20:00 - 000000000 ___HD C:\OneDriveTemp

2018-10-11 19:58 - 2018-10-11 19:58 - 000260384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

2018-10-11 19:58 - 2018-10-11 19:58 - 000118584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

2018-10-11 19:58 - 2018-10-11 19:58 - 000110424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2018-10-11 19:58 - 2018-10-11 19:58 - 000058400 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2018-10-11 19:57 - 2018-10-11 19:57 - 000145744 ____N C:\WINDOWS\system32\Drivers\rtrzcfjm.sys

2018-10-10 21:17 - 2018-10-10 21:17 - 000200232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys

2018-10-10 21:12 - 2018-10-10 21:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2018-10-10 21:12 - 2018-10-10 21:12 - 000000000 ____D C:\ProgramData\Malwarebytes

2018-10-10 21:12 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

2018-10-10 19:01 - 2018-10-10 19:01 - 000000066 _____ C:\Users\batman\Desktop\BOD Follow Up.txt

2018-10-10 17:03 - 2018-10-10 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2018-10-09 21:33 - 2018-10-09 21:33 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2018-10-09 21:33 - 2018-10-09 21:33 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2018-10-09 21:24 - 2018-10-09 21:24 - 000226721 _____ C:\Users\batman\Documents\Agenda.pdf

2018-10-09 21:14 - 2018-10-09 21:14 - 000000000 ____D C:\Users\batman\AppData\Local\mbamtray

2018-10-09 19:03 - 2018-10-09 19:03 - 000000000 ____D C:\Users\batman\AppData\Local\mbam

2018-10-09 18:27 - 2018-10-09 18:27 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2018-10-09 18:27 - 2018-10-09 18:27 - 000042456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys

2018-10-09 18:26 - 2018-10-09 18:26 - 000000000 ___HD C:\$AV_ASW

2018-10-09 18:19 - 2018-10-11 19:45 - 000000000 ____D C:\Users\batman\AppData\Local\msdkgxn

2018-10-09 18:16 - 2018-10-11 20:01 - 000000000 ____D C:\Users\batman\AppData\Local\cornmpi

2018-10-09 18:15 - 2018-10-09 18:26 - 000000000 ____D C:\Users\batman\AppData\Roaming\uolpgv

2018-10-09 18:14 - 2018-10-11 19:58 - 002921984 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\atcpomhsvc.exe

2018-10-09 18:14 - 2018-10-09 19:34 - 000000000 ____D C:\Users\batman\AppData\Roaming\7006A99743931204349748

2018-10-09 18:14 - 2018-10-09 18:18 - 000000000 ____D C:\WINDOWS\system32\coandmx

2018-10-09 18:14 - 2018-10-09 18:14 - 000000000 ____D C:\WINDOWS\SysWOW64\coandmx

2018-10-09 18:14 - 2018-10-09 18:14 - 000000000 ____D C:\Users\batman\AppData\Roaming\TeamViewer

2018-10-09 18:13 - 2018-10-09 19:08 - 000000000 ____D C:\Users\batman\AppData\Roaming\RamExpert

2018-10-09 18:13 - 2018-10-09 18:13 - 000000000 ____D C:\Users\batman\AppData\Roaming\KC Softwares

2018-10-09 18:13 - 2018-10-09 18:13 - 000000000 ____D C:\Users\batman\AppData\Roaming\et

2018-10-09 18:10 - 2018-10-09 18:10 - 000000000 ____D C:\Users\batman\AppData\Local\Turbo.net

2018-10-09 18:09 - 2018-10-09 18:09 - 000000000 ____D C:\ProgramData\Vary

2018-10-09 18:08 - 2018-10-09 19:34 - 000000000 ____D C:\Program Files (x86)\Castles

2018-10-09 18:08 - 2018-10-09 19:08 - 000000000 ____D C:\Program Files (x86)\stringed

2018-10-09 18:08 - 2018-10-09 19:05 - 000000000 ___HD C:\Program Files (x86)\Gasification

2018-10-09 18:08 - 2018-10-09 19:05 - 000000000 ____D C:\Program Files (x86)\Obasanjo

2018-10-09 18:08 - 2018-10-09 19:05 - 000000000 ____D C:\Program Files (x86)\diptych

2018-10-09 18:08 - 2018-10-09 18:27 - 000000000 ___HD C:\Program Files (x86)\ratliff

2018-10-09 18:03 - 2018-10-09 18:03 - 000072043 _____ C:\Users\batman\Desktop\Citizens Bank.pdf

2018-10-09 17:16 - 2018-10-09 17:16 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_01009.Wdf

2018-10-08 20:55 - 2018-10-08 20:55 - 000000000 ____D C:\ProgramData\Wondershare

2018-10-08 20:54 - 2018-10-09 19:36 - 000000000 ____D C:\Users\batman\AppData\Roaming\Wondershare

2018-10-08 20:54 - 2018-10-08 20:54 - 000000000 ____D C:\Users\batman\AppData\Local\Wondershare

2018-10-08 16:33 - 2018-10-06 14:42 - 000195888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_2.dll

2018-10-08 16:33 - 2018-10-06 14:42 - 000032048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_1.dll

2018-10-07 22:17 - 2018-10-07 22:17 - 000135324 _____ C:\Users\batman\Desktop\PP-VAB-US-0193 Vabomere NTAP Brochure_9-27-18.pdf

2018-10-01 18:38 - 2018-10-01 18:39 - 000000000 ___HD C:\Program Files (x86)\Temp

2018-10-01 18:38 - 2018-10-01 18:38 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2018-10-01 18:38 - 2018-07-23 05:23 - 007173504 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll

2018-10-01 18:38 - 2018-07-23 05:23 - 003674984 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl

2018-10-01 18:38 - 2018-07-23 05:23 - 003203968 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll

2018-10-01 18:38 - 2018-07-23 05:23 - 002927968 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll

2018-10-01 18:38 - 2018-07-23 05:22 - 007096560 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll

2018-10-01 18:38 - 2018-07-23 05:22 - 001151336 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll

2018-10-01 18:38 - 2018-07-23 05:22 - 000370528 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll

2018-10-01 18:38 - 2018-07-23 05:22 - 000124656 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll

2018-10-01 18:38 - 2018-07-23 05:20 - 003317304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll

2018-10-01 18:38 - 2018-07-23 05:20 - 001353288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll

2018-10-01 18:38 - 2018-07-23 05:20 - 000453240 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll

2018-10-01 18:38 - 2018-07-23 05:20 - 000343672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll

2018-10-01 18:38 - 2018-07-23 05:20 - 000157312 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll

2018-10-01 18:38 - 2018-07-23 05:20 - 000139728 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll

2018-10-01 18:38 - 2018-07-23 05:20 - 000090136 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll

2018-10-01 18:38 - 2018-07-23 05:19 - 005346960 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll

2018-10-01 18:38 - 2018-07-23 05:19 - 001971328 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll

2018-10-01 18:38 - 2018-07-23 05:19 - 001544216 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll

2018-10-01 18:38 - 2018-07-23 05:19 - 000332976 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll

2018-10-01 18:38 - 2018-07-23 05:19 - 000278240 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll

2018-10-01 18:38 - 2018-07-23 01:53 - 019165464 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT

2018-10-01 18:38 - 2018-01-15 14:40 - 002856800 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll

2018-09-25 20:10 - 2018-09-15 04:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2018-09-25 20:10 - 2018-09-15 04:32 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2018-09-25 20:10 - 2018-09-15 04:31 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll

2018-09-25 20:10 - 2018-09-14 22:57 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll

2018-09-25 20:10 - 2018-09-14 22:56 - 000269320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll

2018-09-25 20:10 - 2018-09-14 22:51 - 001220920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2018-09-25 20:10 - 2018-09-14 22:51 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys

2018-09-25 20:10 - 2018-09-14 22:50 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2018-09-25 20:10 - 2018-09-14 22:50 - 000567080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe

2018-09-25 20:10 - 2018-09-14 22:50 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll

2018-09-25 20:10 - 2018-09-14 22:49 - 009090064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2018-09-25 20:10 - 2018-09-14 22:49 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2018-09-25 20:10 - 2018-09-14 22:49 - 001097760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll

2018-09-25 20:10 - 2018-09-14 22:48 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2018-09-25 20:10 - 2018-09-14 22:48 - 000713504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll

2018-09-25 20:10 - 2018-09-14 22:33 - 006567984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2018-09-25 20:10 - 2018-09-14 22:33 - 001129760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll

2018-09-25 20:10 - 2018-09-14 22:33 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll

2018-09-25 20:10 - 2018-09-14 22:33 - 000567280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2018-09-25 20:10 - 2018-09-14 22:33 - 000357064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll

2018-09-25 20:10 - 2018-09-14 22:20 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2018-09-25 20:10 - 2018-09-14 22:19 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll

2018-09-25 20:10 - 2018-09-14 22:19 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2018-09-25 20:10 - 2018-09-14 22:17 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2018-09-25 20:10 - 2018-09-14 22:16 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2018-09-25 20:10 - 2018-09-14 20:59 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim

2018-09-25 20:10 - 2018-08-31 03:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll

2018-09-25 20:10 - 2018-08-31 03:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe

2018-09-25 20:10 - 2018-08-31 03:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2018-09-25 20:10 - 2018-08-31 03:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2018-09-25 20:10 - 2018-08-31 03:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll

2018-09-25 20:10 - 2018-08-31 03:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll

2018-09-25 20:10 - 2018-08-31 03:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys

2018-09-25 20:10 - 2018-08-31 03:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll

2018-09-25 20:10 - 2018-08-31 03:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe

2018-09-25 20:10 - 2018-08-31 03:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll

2018-09-25 20:10 - 2018-08-31 03:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll

2018-09-25 20:10 - 2018-08-31 03:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll

2018-09-25 20:10 - 2018-08-31 03:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

2018-09-25 20:10 - 2018-08-31 03:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll

2018-09-25 20:10 - 2018-08-31 02:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2018-09-25 20:10 - 2018-08-31 02:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2018-09-25 20:10 - 2018-08-31 02:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll

2018-09-25 20:10 - 2018-08-31 02:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll

2018-09-25 20:10 - 2018-08-31 02:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll

2018-09-25 20:10 - 2018-08-31 02:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

2018-09-25 20:10 - 2018-08-31 02:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll

2018-09-25 20:10 - 2018-08-31 02:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll

2018-09-25 20:10 - 2018-08-30 23:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2018-09-25 20:10 - 2018-08-30 23:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2018-09-25 20:10 - 2018-08-30 23:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2018-09-25 20:10 - 2018-08-30 23:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2018-09-25 20:10 - 2018-08-30 23:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2018-09-25 20:10 - 2018-08-30 23:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll

2018-09-25 20:10 - 2018-08-30 23:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2018-09-25 20:10 - 2018-08-30 23:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2018-09-25 20:10 - 2018-08-30 23:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2018-09-25 20:10 - 2018-08-30 23:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2018-09-25 20:10 - 2018-08-30 23:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2018-09-25 20:10 - 2018-08-30 23:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll

2018-09-25 20:10 - 2018-08-30 23:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

2018-09-25 20:10 - 2018-08-30 23:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll

2018-09-25 20:10 - 2018-08-30 23:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll

2018-09-25 20:10 - 2018-08-30 23:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2018-09-25 20:10 - 2018-08-30 23:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll

2018-09-25 20:10 - 2018-08-30 23:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2018-09-25 20:10 - 2018-08-30 23:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll

2018-09-25 20:10 - 2018-08-30 23:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll

2018-09-25 20:10 - 2018-08-30 23:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2018-09-25 20:10 - 2018-08-30 23:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2018-09-25 20:10 - 2018-08-30 23:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2018-09-25 20:10 - 2018-08-30 23:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2018-09-25 20:10 - 2018-08-30 23:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2018-09-25 20:10 - 2018-08-30 23:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll

2018-09-25 20:10 - 2018-08-30 23:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2018-09-25 20:10 - 2018-08-30 23:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2018-09-25 20:10 - 2018-08-30 23:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2018-09-25 20:10 - 2018-08-30 23:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2018-09-25 20:10 - 2018-08-30 23:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll

2018-09-25 20:10 - 2018-08-30 23:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll

2018-09-25 20:10 - 2018-08-30 23:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys

2018-09-25 20:10 - 2018-08-30 23:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2018-09-25 20:10 - 2018-08-30 23:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll

2018-09-25 20:10 - 2018-08-30 23:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll

2018-09-25 20:10 - 2018-08-30 23:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2018-09-25 20:10 - 2018-08-30 23:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll

2018-09-25 20:10 - 2018-08-30 23:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll

2018-09-25 20:10 - 2018-08-30 23:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys

2018-09-25 20:10 - 2018-08-30 23:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2018-09-25 20:10 - 2018-08-30 23:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll

2018-09-25 20:10 - 2018-08-30 23:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2018-09-25 20:10 - 2018-08-30 23:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll

2018-09-25 20:10 - 2018-08-30 23:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2018-09-25 20:10 - 2018-08-30 23:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe

2018-09-25 20:10 - 2018-08-30 23:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll

2018-09-25 20:10 - 2018-08-30 23:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2018-09-25 20:10 - 2018-08-30 23:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe

2018-09-25 20:10 - 2018-08-30 23:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2018-09-25 20:10 - 2018-08-30 23:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2018-09-25 20:10 - 2018-08-30 23:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll

2018-09-25 20:10 - 2018-08-30 23:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

2018-09-25 20:10 - 2018-08-30 23:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll

2018-09-25 20:10 - 2018-08-30 23:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2018-09-25 20:10 - 2018-08-30 23:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll

2018-09-25 20:10 - 2018-08-30 23:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll

2018-09-25 20:10 - 2018-08-30 23:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll

2018-09-25 20:10 - 2018-08-30 23:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll

2018-09-25 20:10 - 2018-08-30 23:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

2018-09-25 20:10 - 2018-08-30 23:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2018-09-25 20:10 - 2018-08-30 23:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

2018-09-25 20:10 - 2018-08-30 23:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll

2018-09-25 20:10 - 2018-08-30 23:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe

2018-09-25 20:10 - 2018-08-28 03:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll

2018-09-25 20:10 - 2018-08-28 02:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll

2018-09-25 20:10 - 2018-08-28 02:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll

2018-09-25 20:10 - 2018-08-28 02:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll

2018-09-25 20:10 - 2018-08-28 02:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll

2018-09-25 20:10 - 2018-08-28 01:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll

2018-09-25 20:10 - 2018-08-13 22:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll

2018-09-25 20:10 - 2018-08-13 22:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll

2018-09-25 20:10 - 2018-08-09 05:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe

2018-09-25 20:10 - 2018-08-09 05:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2018-09-25 20:10 - 2018-08-09 05:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll

2018-09-25 20:10 - 2018-08-09 05:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll

2018-09-25 20:10 - 2018-08-09 05:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll

2018-09-25 20:10 - 2018-08-09 05:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll

2018-09-25 20:10 - 2018-08-09 05:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe

2018-09-25 20:10 - 2018-08-09 05:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2018-09-25 20:10 - 2018-08-09 05:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll

2018-09-25 20:10 - 2018-08-09 05:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll

2018-09-25 20:10 - 2018-08-09 05:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll

2018-09-25 20:10 - 2018-08-09 05:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2018-09-25 20:10 - 2018-08-09 05:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe

2018-09-25 20:10 - 2018-08-09 05:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll

2018-09-25 20:10 - 2018-08-09 05:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll

2018-09-25 20:10 - 2018-08-09 05:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2018-09-25 20:10 - 2018-08-09 05:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll

2018-09-25 20:10 - 2018-08-09 05:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2018-09-25 20:10 - 2018-08-09 05:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2018-09-25 20:10 - 2018-08-09 05:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll

2018-09-25 20:10 - 2018-08-09 05:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll

2018-09-25 20:10 - 2018-08-09 05:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll

2018-09-25 20:10 - 2018-08-09 05:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll

2018-09-25 20:10 - 2018-08-09 05:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe

2018-09-25 20:10 - 2018-08-09 05:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2018-09-25 20:10 - 2018-08-09 05:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2018-09-25 20:10 - 2018-08-09 05:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll

2018-09-25 20:10 - 2018-08-09 05:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll

2018-09-25 20:10 - 2018-08-09 05:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe

2018-09-25 20:10 - 2018-08-09 04:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll

2018-09-25 20:10 - 2018-08-09 04:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll

2018-09-25 20:10 - 2018-08-09 04:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2018-09-25 20:10 - 2018-08-09 04:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll

2018-09-25 20:10 - 2018-08-09 04:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe

2018-09-25 20:10 - 2018-08-09 04:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll

2018-09-25 20:10 - 2018-08-09 04:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll

2018-09-25 20:10 - 2018-08-09 04:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll

2018-09-25 20:10 - 2018-08-09 04:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2018-09-25 20:10 - 2018-08-09 04:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll

2018-09-25 20:10 - 2018-08-09 04:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe

2018-09-25 20:10 - 2018-08-09 04:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2018-09-25 20:10 - 2018-08-09 04:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2018-09-25 20:10 - 2018-08-09 04:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe

2018-09-25 20:10 - 2018-08-09 04:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll

2018-09-25 20:10 - 2018-08-09 04:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll

2018-09-25 20:10 - 2018-08-09 04:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2018-09-25 20:10 - 2018-08-09 04:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll

2018-09-25 20:10 - 2018-08-09 04:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll

2018-09-25 20:10 - 2018-08-09 04:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe

2018-09-25 20:10 - 2018-08-09 01:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe

2018-09-25 20:10 - 2018-08-09 01:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll

2018-09-25 20:10 - 2018-08-09 00:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys

2018-09-25 20:10 - 2018-08-09 00:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll

2018-09-25 20:10 - 2018-08-09 00:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2018-09-25 20:10 - 2018-08-09 00:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys

2018-09-25 20:10 - 2018-08-09 00:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll

2018-09-25 20:10 - 2018-08-09 00:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

2018-09-25 20:10 - 2018-08-09 00:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2018-09-25 20:10 - 2018-08-09 00:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2018-09-25 20:10 - 2018-08-09 00:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys

2018-09-25 20:10 - 2018-08-09 00:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2018-09-25 20:10 - 2018-08-09 00:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll

2018-09-25 20:10 - 2018-08-09 00:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll

2018-09-25 20:10 - 2018-08-09 00:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll

2018-09-25 20:10 - 2018-08-09 00:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2018-09-25 20:10 - 2018-08-09 00:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll

2018-09-25 20:10 - 2018-08-09 00:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2018-09-25 20:10 - 2018-08-09 00:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2018-09-25 20:10 - 2018-08-09 00:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll

2018-09-25 20:10 - 2018-08-09 00:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll

2018-09-25 20:10 - 2018-08-09 00:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2018-09-25 20:10 - 2018-08-09 00:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll

2018-09-25 20:10 - 2018-08-09 00:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2018-09-25 20:10 - 2018-08-09 00:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll

2018-09-25 20:10 - 2018-08-09 00:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe

2018-09-25 20:10 - 2018-08-09 00:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL

2018-09-25 20:10 - 2018-08-09 00:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll

2018-09-25 20:10 - 2018-08-09 00:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys

2018-09-25 20:10 - 2018-08-09 00:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2018-09-25 20:10 - 2018-08-09 00:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll

2018-09-25 20:10 - 2018-08-09 00:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll

2018-09-25 20:10 - 2018-08-09 00:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll

2018-09-25 20:10 - 2018-08-09 00:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2018-09-25 20:10 - 2018-08-09 00:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2018-09-25 20:10 - 2018-08-09 00:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll

2018-09-25 20:10 - 2018-08-09 00:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll

2018-09-25 20:10 - 2018-08-09 00:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2018-09-25 20:10 - 2018-08-09 00:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll

2018-09-25 20:10 - 2018-08-09 00:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll

2018-09-25 20:10 - 2018-08-09 00:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll

2018-09-25 20:10 - 2018-08-09 00:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2018-09-25 20:10 - 2018-08-09 00:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll

2018-09-25 20:10 - 2018-08-09 00:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2018-09-25 20:10 - 2018-08-09 00:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2018-09-25 20:10 - 2018-08-09 00:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2018-09-25 20:10 - 2018-08-09 00:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2018-09-25 20:10 - 2018-08-09 00:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2018-09-25 20:10 - 2018-08-09 00:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

2018-09-25 20:10 - 2018-08-09 00:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll

2018-09-25 20:10 - 2018-08-09 00:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll

2018-09-25 20:10 - 2018-08-09 00:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll

2018-09-25 20:10 - 2018-08-09 00:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe

2018-09-25 20:10 - 2018-08-09 00:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll

2018-09-25 20:10 - 2018-08-09 00:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2018-09-25 20:10 - 2018-08-09 00:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll

2018-09-25 20:10 - 2018-08-09 00:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll

2018-09-25 20:10 - 2018-08-09 00:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll

2018-09-25 20:10 - 2018-08-09 00:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll

2018-09-25 20:10 - 2018-08-09 00:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll

2018-09-25 20:10 - 2018-08-09 00:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll

2018-09-25 20:10 - 2018-08-09 00:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll

2018-09-25 20:10 - 2018-08-09 00:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2018-09-25 20:10 - 2018-08-09 00:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll

2018-09-25 20:10 - 2018-08-09 00:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2018-09-25 20:10 - 2018-08-09 00:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2018-09-25 20:10 - 2018-08-09 00:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll

2018-09-25 20:10 - 2018-08-08 23:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls

2018-09-25 20:10 - 2018-08-08 23:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls

2018-09-25 07:52 - 2018-09-25 07:52 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe

2018-09-25 07:52 - 2018-09-25 07:52 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys

2018-09-25 07:52 - 2018-09-25 07:52 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys

2018-09-25 07:52 - 2018-09-25 07:52 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys

2018-09-23 21:18 - 2018-09-23 21:19 - 000000000 ____D C:\Users\batman\Desktop\Seinfeld

2018-09-22 10:31 - 2018-09-22 10:31 - 000000165 ____H C:\Users\batman\Desktop\~$Introduction to Pharmacokinetic and Pharmacodynamic Parameters for Antibiotics.pptx

2018-09-16 15:12 - 2018-09-16 15:12 - 000000652 _____ C:\Users\batman\Desktop\Contact Lenses.txt
 
==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2018-10-11 20:08 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2018-10-11 20:06 - 2018-07-22 08:52 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update

2018-10-11 20:06 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2018-10-11 20:05 - 2018-07-22 08:48 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2018-10-11 20:05 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF

2018-10-11 20:03 - 2018-07-22 00:05 - 000000000 ____D C:\Users\batman\AppData\Local\Host App Service

2018-10-11 20:01 - 2018-07-22 08:53 - 000000000 ____D C:\Users\batman\AppData\Local\AVAST Software

2018-10-11 20:01 - 2018-07-21 23:07 - 000000000 ___RD C:\Users\batman\OneDrive - St. John's University

2018-10-11 20:00 - 2018-07-21 22:52 - 000000000 __SHD C:\Users\batman\IntelGraphicsProfiles

2018-10-11 19:58 - 2018-07-22 00:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2018-10-11 19:58 - 2018-06-28 16:44 - 000000000 ____D C:\ProgramData\NVIDIA

2018-10-11 19:57 - 2018-07-22 13:40 - 000000000 ____D C:\Users\batman\AppData\Roaming\vlc

2018-10-11 19:57 - 2018-04-11 17:04 - 023592960 _____ C:\WINDOWS\system32\config\HARDWARE

2018-10-11 19:57 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI

2018-10-11 16:45 - 2018-07-22 00:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2018-10-10 16:48 - 2018-07-31 07:12 - 000000000 ____D C:\Program Files (x86)\Dropbox

2018-10-09 21:33 - 2018-07-23 10:45 - 000000000 ____D C:\Program Files (x86)\Adobe

2018-10-09 21:32 - 2018-07-23 10:38 - 000000000 ____D C:\Users\batman\AppData\Local\Adobe

2018-10-09 19:38 - 2018-07-23 10:49 - 000000000 ____D C:\Users\batman\AppData\Local\CrashDumps

2018-10-09 19:38 - 2018-07-21 23:36 - 000000000 ____D C:\Users\batman\AppData\Roaming\uTorrent

2018-10-09 19:34 - 2018-07-22 09:22 - 000000000 ____D C:\Program Files\SUPERAntiSpyware

2018-10-09 18:29 - 2018-07-31 07:12 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job

2018-10-09 18:29 - 2018-07-31 07:12 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job

2018-10-09 18:29 - 2018-07-22 19:30 - 000000420 _____ C:\WINDOWS\Tasks\update-sys.job

2018-10-09 18:29 - 2018-07-22 19:30 - 000000420 _____ C:\WINDOWS\Tasks\update-S-1-5-21-2562023560-3925838451-1074170921-1001.job

2018-10-09 18:29 - 2018-07-22 00:03 - 004896032 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2018-10-09 18:27 - 2018-07-22 08:52 - 001028840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2018-10-09 18:27 - 2018-07-22 08:52 - 000467904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2018-10-09 18:27 - 2018-07-22 08:52 - 000381144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys

2018-10-09 18:27 - 2018-07-22 08:52 - 000208640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys

2018-10-09 18:27 - 2018-07-22 08:52 - 000201408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys

2018-10-09 18:27 - 2018-07-22 08:52 - 000163376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2018-10-09 18:27 - 2018-07-22 08:52 - 000111968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys

2018-10-09 18:27 - 2018-07-22 08:52 - 000088112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

2018-10-09 18:27 - 2018-07-22 08:52 - 000047064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys

2018-10-09 18:27 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2018-10-09 18:26 - 2018-07-22 08:52 - 000346760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys

2018-10-09 18:26 - 2018-07-22 08:52 - 000230512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys

2018-10-09 18:26 - 2018-07-22 08:52 - 000201928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys

2018-10-09 18:26 - 2018-07-22 08:52 - 000185240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys

2018-10-09 18:26 - 2018-07-22 08:52 - 000059664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys

2018-10-09 18:02 - 2018-08-22 19:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software

2018-10-09 18:02 - 2018-07-31 13:10 - 000002764 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-batmanbatman@gmail.com

2018-10-09 18:02 - 2018-07-31 07:12 - 000003452 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA

2018-10-09 18:02 - 2018-07-31 07:12 - 000003228 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore

2018-10-09 18:02 - 2018-07-22 19:30 - 000003056 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-2562023560-3925838451-1074170921-1001

2018-10-09 18:02 - 2018-07-22 19:30 - 000002800 _____ C:\WINDOWS\System32\Tasks\update-sys

2018-10-09 18:02 - 2018-07-22 00:08 - 000003492 _____ C:\WINDOWS\System32\Tasks\LenovoUtility Task

2018-10-09 18:02 - 2018-07-22 00:08 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2018-10-09 18:02 - 2018-07-22 00:08 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2018-10-09 18:02 - 2018-07-22 00:08 - 000003180 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification

2018-10-09 18:02 - 2018-07-22 00:08 - 000003176 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2018-10-09 18:02 - 2018-07-22 00:08 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2018-10-09 18:02 - 2018-07-22 00:08 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update

2018-10-09 18:02 - 2018-07-22 00:08 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2018-10-09 18:02 - 2018-07-22 00:08 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2018-10-09 18:02 - 2018-07-22 00:08 - 000002914 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2018-10-09 18:02 - 2018-07-22 00:08 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2562023560-3925838451-1074170921-1001

2018-10-09 18:02 - 2018-07-22 00:08 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2018-10-09 18:02 - 2018-07-22 00:08 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2018-10-09 18:02 - 2018-07-22 00:08 - 000002770 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2

2018-10-09 18:02 - 2018-07-22 00:08 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2018-10-09 18:02 - 2018-07-22 00:08 - 000002408 _____ C:\WINDOWS\System32\Tasks\App Explorer

2018-10-09 18:02 - 2018-07-22 00:08 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC

2018-10-09 18:02 - 2018-07-22 00:08 - 000002024 _____ C:\WINDOWS\System32\Tasks\RTFTrack

2018-10-09 18:02 - 2018-07-22 00:08 - 000002016 _____ C:\WINDOWS\System32\Tasks\RtsCM

2018-10-09 17:20 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness

2018-10-09 17:17 - 2018-07-22 09:20 - 000000000 ____D C:\Users\batman\AppData\LocalLow\uTorrent

2018-10-09 17:11 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp

2018-10-08 20:42 - 2018-07-21 22:52 - 000000000 ____D C:\Users\batman\AppData\Roaming\Adobe

2018-10-08 20:38 - 2018-07-23 10:39 - 000000000 ____D C:\ProgramData\Adobe

2018-10-08 20:09 - 2018-07-22 00:08 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo

2018-10-08 19:42 - 2018-07-23 11:07 - 000000000 ____D C:\Users\batman\AppData\LocalLow\Adobe

2018-10-07 22:40 - 2018-07-21 23:33 - 000000000 ____D C:\Users\batman\AppData\LocalLow\Mozilla

2018-10-07 22:23 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps

2018-10-07 22:15 - 2018-07-22 00:05 - 000002374 _____ C:\Users\batman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2018-10-01 18:48 - 2018-06-28 16:45 - 000477265 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip

2018-10-01 18:47 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput

2018-10-01 18:47 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2018-10-01 18:47 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\oobe

2018-10-01 18:47 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr

2018-10-01 18:47 - 2018-04-11 17:04 - 000000000 ____D C:\WINDOWS\system32\Dism

2018-10-01 18:39 - 2018-07-22 00:04 - 000000000 ____D C:\Program Files\Common Files\Dolby

2018-10-01 18:39 - 2018-06-28 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM

2018-10-01 18:39 - 2018-06-28 16:45 - 000000000 ____D C:\WINDOWS\system32\DAX3

2018-10-01 18:39 - 2018-06-28 16:45 - 000000000 ____D C:\WINDOWS\system32\DAX2

2018-09-30 22:35 - 2018-07-23 09:41 - 000001269 _____ C:\Users\batman\Desktop\batman.lnk

2018-09-23 18:27 - 2018-07-22 00:05 - 000000000 ____D C:\Users\batman

2018-09-18 17:35 - 2018-07-21 23:32 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2018-09-15 08:58 - 2018-07-21 22:52 - 000000000 ____D C:\Users\batman\AppData\Local\Packages

2018-09-11 17:37 - 2018-07-21 23:05 - 000000000 ____D C:\WINDOWS\system32\MRT

2018-09-11 17:26 - 2018-07-21 23:05 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe


==================== Files in the root of some directories =======


2018-09-30 15:13 - 2018-09-30 15:13 - 000000000 _____ () C:\Users\batman\AppData\Local\oobelibMkey.log

2018-07-22 19:30 - 2018-07-22 19:30 - 000000003 _____ () C:\Users\batman\AppData\Local\updater.log

2018-07-22 19:30 - 2018-07-22 19:30 - 000000425 _____ () C:\Users\batman\AppData\Local\UserProducts.xml


Some files in TEMP:

====================

2018-10-10 20:49 - 2018-09-19 08:01 - 000858912 _____ (Malwarebytes) C:\Users\batman\AppData\Local\Temp\mb-clean.exe

2018-10-10 20:49 - 2018-10-10 20:48 - 080022264 _____ (Malwarebytes ) C:\Users\batman\AppData\Local\Temp\mb3-setup-54035.54035-3.6.1.2711-1.0.463-1.0.6913.exe


==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

C:\WINDOWS\system32\drivers\rtrzcfjm.sys -> Access Denied <======= ATTENTION


LastRegBack: 2018-07-22 00:03


==================== End of FRST.txt ============================







Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018

Ran by batman (11-10-2018 20:09:13)

Running from C:\Users\batman\Desktop

Windows 10 Home Version 1803 17134.286 (X64) (2018-07-22 04:08:34)

Boot Mode: Normal

==========================================================



==================== Accounts: =============================


Administrator (S-1-5-21-2562023560-3925838451-1074170921-500 - Administrator - Disabled)

batman (S-1-5-21-2562023560-3925838451-1074170921-1001 - Administrator - Enabled) => C:\Users\batman

DefaultAccount (S-1-5-21-2562023560-3925838451-1074170921-503 - Limited - Disabled)

Guest (S-1-5-21-2562023560-3925838451-1074170921-501 - Limited - Disabled)

WDAGUtilityAccount (S-1-5-21-2562023560-3925838451-1074170921-504 - Limited - Disabled)


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


µTorrent (HKU\S-1-5-21-2562023560-3925838451-1074170921-1001\...\uTorrent) (Version: 3.5.4.44632 - BitTorrent Inc.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20071 - Adobe Systems Incorporated)

Adobe Master Collection CC 2017 (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C4}) (Version: 10.0 - Adobe Systems Incorporated)

Adobe Master Collection CC 2017 Plus (HKLM-x32\...\{F9BE417A-9EB7-4BA8-8BFE-83F4E69355C3}) (Version: 10.0 - Adobe Systems Incorporated)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.7.2354 - AVAST Software)

CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)

Dolby Atmos Windows API SDK (HKLM\...\{139C7F29-696B-4EEA-B4AF-2990C2ECF7AD}) (Version: 1.1.7.32 - Dolby Laboratories, Inc.)

Dolby Atmos Windows APP (HKLM\...\{D539F055-FFE0-422D-8D57-0D9427E6ABA9}) (Version: 1.1.8.23 - Dolby Laboratories, Inc.)

Dropbox (HKLM-x32\...\Dropbox) (Version: 59.4.93 - Dropbox, Inc.)

Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden

Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden

Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation) Hidden

Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden

Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden

Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.273.2.343 - SweetLabs for Lenovo) <==== ATTENTION

Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.273.2.343 - SweetLabs for Lenovo) <==== ATTENTION

Lenovo App Explorer (HKU\S-1-5-21-2562023560-3925838451-1074170921-1001\...\Host App Service) (Version: 0.273.2.780 - SweetLabs for Lenovo) <==== ATTENTION

Lenovo Pen Settings Service (HKLM\...\ISD Tablet Driver) (Version: 7.5.1.21 - Wacom Technology Corp.)

Lenovo Yoga Mode Control (Inf Install) (HKLM\...\ACPIVPC) (Version: 15.11.28.179 - Lenovo)

Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)

Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)

Microsoft OneDrive (HKU\S-1-5-21-2562023560-3925838451-1074170921-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24516 (HKLM-x32\...\{b8e12890-118d-4721-8e54-05d978086712}) (Version: 14.0.24516.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24516 (HKLM-x32\...\{c325004c-5538-45b3-a7ad-94473a4dcd3b}) (Version: 14.0.24516.0 - Microsoft Corporation)

Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1 - Mozilla)

NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)

PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8492 - Realtek Semiconductor Corp.) Hidden

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1260 - SUPERAntiSpyware.com)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{8CFAB044-7D2E-4655-B86D-99932E988980}) (Version: 2.45.0.0 - Microsoft Corporation)

VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)

Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

Zotero (HKLM-x32\...\Zotero 5.0.54 (x86 en-US)) (Version: 5.0.54 - Corporation for Digital Scholarship)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-09] (AVAST Software)

ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-09] (AVAST Software)

ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-09] (AVAST Software)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)

ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\igfxDTCM.dll [2018-03-16] (Intel Corporation)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-20] (NVIDIA Corporation)

ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-09] (AVAST Software)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {050BC6A5-A40D-4D47-B87C-36FAB3647651} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)

Task: {06702C74-D6EC-475B-BDD9-AAD3FC708ABE} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-15] (NVIDIA Corporation)

Task: {078D368E-3072-460A-B165-0F18CECFA040} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)

Task: {0B281E33-F782-4C7E-B737-F02E231C538E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)

Task: {0CD2C348-B78D-4DD6-8E75-840B608C5CD3} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-batmanbatman@gmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10] (Adobe Systems, Incorporated)

Task: {1436165A-D58E-4D4C-AB9B-5118C1E0F143} - System32\Tasks\update-S-1-5-21-2562023560-3925838451-1074170921-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)

Task: {143C5D4A-408F-4C44-8024-EB66CE693C7A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)

Task: {1ADCD7D0-FCD6-47F2-9482-4FAB22717329} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://

Task: {1D677370-3F97-434D-AF31-55D4F3572270} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd)

Task: {1F7362FE-8C62-4CB1-9024-6940BBE4D304} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)

Task: {2EA50E54-7507-4D4E-8B20-ACC221EFF28F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd)

Task: {33D03817-C9D8-4B79-AD5D-39C0B764CED5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2cccbe5d-4375-44cc-830d-3ebf9c99f9ec => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)

Task: {37F2ABA9-0BF3-4939-9087-69782E359520} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-07-31] (Dropbox, Inc.)

Task: {3AA92536-A168-4887-85ED-4124F05D9074} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)

Task: {3DA14080-A519-47E3-8BCF-6ECE83CB81AD} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-05-16] (Lenovo Group Limited)

Task: {3E5CEAB6-3CAB-4F84-B6C6-1DE97ACB1799} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe

Task: {3F1A7A0F-7D15-438F-99FE-5EBEFB6947AC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-15] (NVIDIA Corporation)

Task: {4825457F-B1D1-4621-AA81-9BF57D88B3F8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-07-31] (Dropbox, Inc.)

Task: {4AEEE8D5-87CF-4760-A37A-261675F81513} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [2018-04-11] (Microsoft Corporation)

Task: {5DFC14AA-5651-4839-B8E9-1BAB8BF29BFC} - System32\Tasks\Lenovo\Lenovo ITS PnP Task => C:\WINDOWS\System32\LITSSvc.exe [2017-10-30] (Lenovo.)

Task: {5F91BACB-3C2A-4817-85A9-B672D8441AA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)

Task: {61C3514C-DB48-479D-B2D4-D2C95872D0D7} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)

Task: {658ABD6D-504F-4C8F-8A32-FEF5873F4A8A} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)

Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()

Task: {67807ECA-186C-4D60-B43D-F2CDDEC97359} - System32\Tasks\RTFTrack => C:\WINDOWS\RTFTrack.exe [2017-10-29] (Realtek semiconductor)

Task: {6A622169-2233-41E6-8924-EFC36C972833} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)

Task: {6A7D8F00-8064-48F0-AC2E-DDDD66DD990D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-09-22] (AVAST Software)

Task: {6B754209-03C1-4D50-87CD-FDF20A79BDAB} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)

Task: {6E9DAD3F-B9E0-4096-8359-C9643391AEC8} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [2017-10-11] (Intel(R) Corporation)

Task: {6FABD914-22EB-4476-A756-D6378A9874D8} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\230cc56e-387c-4c46-98eb-9627c0d55247 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)

Task: {7511F66D-A5B1-4265-902A-3DC23C4BBFF4} - System32\Tasks\App Explorer => C:\Users\batman\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2018-05-29] (SweetLabs, Inc) <==== ATTENTION

Task: {768117F8-2A28-4B39-AC44-3EA059820959} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-15] (NVIDIA Corporation)

Task: {7779410F-6410-4E0C-88B8-BA099075507C} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)

Task: {7A637B88-FCF8-41D1-8237-1A7511CA58FD} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)

Task: {812FA2D5-CFBC-4B78-9806-49EE6F35E554} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\cc9a9d7a-7424-4f9a-a921-e5b4a516d6e5 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)

Task: {84B5E69B-2DA4-4339-B4BD-0F697847EE84} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)

Task: {89A33E7C-DA65-48CD-877C-765437701013} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\594caec6-001c-46ea-acb8-f212f8d9dad6 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)

Task: {967F3CA6-8D93-40B9-BC58-365997BAF8EA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)

Task: {9D43D060-E461-40DB-98B3-9966B1873DA8} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32

Task: {9FBD5916-E681-4516-9052-4B0C6A4175B1} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService

Task: {AEB5BE6A-1CFA-4B02-ACE2-F9513417030C} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)

Task: {CA81D91B-6A01-44C7-8888-F914A4DE4DD6} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)

Task: {CC9476AB-A509-47F3-8A05-E47D140965E2} - System32\Tasks\Lenovo\Lenovo YMC Uninstall Task => C:\WINDOWS\System32\YMC.exe [2018-05-02] (Lenovo)

Task: {D2253136-C2E4-47B1-A865-6048C570B498} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-15] (NVIDIA Corporation)

Task: {D7F9317B-4FBB-4163-AE86-DBE4F3AEE7DC} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [2018-04-11] (Microsoft Corporation)

Task: {E1FC21DD-E9B9-4CB9-B319-0BDBB5B2E980} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)

Task: {ED625319-7254-4E3D-9E9D-2F9D7C58969D} - System32\Tasks\RtsCM => C:\WINDOWS\RtsCM64.exe [2017-10-29] (Realtek Semiconductor Corp.)

Task: {F488EB15-744A-42EB-81D3-3C2E74BF243C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-10-09] (AVAST Software)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\update-S-1-5-21-2562023560-3925838451-1074170921-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe


==================== Shortcuts & WMI ========================


(The entries could be listed to be restored or removed.)



==================== Loaded Modules (Whitelisted) ==============


2018-05-03 00:44 - 2018-05-03 00:44 - 000174248 _____ () C:\WINDOWS\system32\IntelWifiIhv06.dll

2017-09-19 09:07 - 2017-09-19 09:07 - 000212784 _____ () C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe

2017-09-19 09:08 - 2017-09-19 09:08 - 000298288 _____ () C:\Program Files\Dolby\Dolby DAX3\API\RuntimeController.dll

2017-09-19 09:08 - 2017-09-19 09:08 - 000303408 _____ () C:\Program Files\Dolby\Dolby DAX3\API\TuningFileParser.dll

2018-10-10 21:12 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

2018-10-10 21:12 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll

2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll

2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll

2018-04-12 05:22 - 2018-04-12 05:22 - 000948736 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.18.0_x64__8wekyb3d8bbwe\e_sqlite3.dll

2018-07-22 09:56 - 2018-07-22 09:56 - 002426040 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.18.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll

2018-07-22 09:56 - 2018-07-22 09:56 - 000381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.18.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll

2018-07-21 23:10 - 2018-07-21 23:10 - 000843672 _____ () C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.17112.0_x64__8wekyb3d8bbwe\Microsoft.Services.Store.Engagement.dll

2018-04-12 05:23 - 2018-04-12 05:23 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.18.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll

2018-04-11 19:34 - 2018-04-11 19:34 - 004644864 _____ () C:\Windows\System32\Windows.UI.Input.Inking.Analysis.dll

2018-09-25 20:10 - 2018-09-14 22:17 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2018-07-22 09:53 - 2018-07-22 09:54 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe

2018-07-22 09:53 - 2018-07-22 09:54 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll

2018-07-22 09:53 - 2018-07-22 09:54 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll

2018-07-22 09:53 - 2018-07-22 09:54 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll

2018-07-22 09:53 - 2018-07-22 09:54 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll

2018-09-13 16:54 - 2018-09-13 16:55 - 000088888 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\zlib1.dll

2018-09-13 16:54 - 2018-09-13 16:55 - 001356088 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\libxml2.dll

2018-09-18 17:35 - 2018-09-15 04:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll

2018-09-18 17:35 - 2018-09-15 04:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll

2018-07-22 08:52 - 2018-07-22 08:52 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2018-10-09 18:27 - 2018-10-09 18:27 - 000598232 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)



==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)



==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)



==================== Hosts content: ==========================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2017-09-29 09:46 - 2018-10-11 16:45 - 000001056 _____ C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 na1r.services.adobe.com

127.0.0.1 hlrcv.stage.adobe.com

127.0.0.1 lmlicenses.wip4.adobe.com

127.0.0.1 lm.licenses.adobe.com

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com


==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-2562023560-3925838451-1074170921-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg

DNS Servers: 192.168.2.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


If an entry is included in the fixlist, it will be removed.


HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [{12C1ABC2-A1E3-4963-8250-1C1C1051FBFE}] => (Allow) C:\Users\batman\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{3AF7E05B-2324-4D5F-B9CD-54D382BC2486}] => (Allow) C:\Users\batman\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{329CA0B8-4551-4A35-A5F7-9AC43290A98F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{466A2E5B-7834-4FFC-802D-0D9AA82B9B05}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{7B305793-43E2-4414-9952-22FE8285E51F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\iTunes.exe

FirewallRules: [{0E5792AA-B2D4-42AB-90C7-AAC496198E8C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\iTunes.exe

FirewallRules: [{E928F9A1-C4CB-4D04-A0DD-929E710948E7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\iTunes.exe

FirewallRules: [{E6A5C94A-2EA9-4231-8CBA-57A5CB498BF2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\iTunes.exe

FirewallRules: [{48934989-01E7-4ED1-8F6F-481A0B0D9929}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe

FirewallRules: [{1565FC03-0C1A-44C6-A408-B650EA9CECDF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe

FirewallRules: [{2BFD30D6-2D4C-4594-A746-6741F8EC34C2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe

FirewallRules: [{87292CD8-549A-4576-9608-80E24338535F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe

FirewallRules: [{8548DC4D-393D-4EF5-8E61-BAFD5DA107FE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{529D406A-6CB3-47B1-9A3D-40FB872D5925}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.10827.20138.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe

FirewallRules: [{FDDE3D2E-EFFB-45BE-9C7F-13C2497288C9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

FirewallRules: [{709635CA-E1E8-4E28-9A4B-46664B6F4358}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

FirewallRules: [{8CC7DA95-861C-4E09-A25A-AE4A992689CB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

FirewallRules: [{BD31E25E-6D9A-4085-81C0-E9568346F01F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

FirewallRules: [TCP Query User{DEC02194-C524-48C4-B042-01A62F68572A}C:\users\batman\appdata\roaming\teamviewer\logs\5\teamviewer.exe] => (Block) C:\users\batman\appdata\roaming\teamviewer\logs\5\teamviewer.exe

FirewallRules: [UDP Query User{B2BF20B6-C22D-4401-BD91-F7CB9F87B465}C:\users\batman\appdata\roaming\teamviewer\logs\5\teamviewer.exe] => (Block) C:\users\batman\appdata\roaming\teamviewer\logs\5\teamviewer.exe

FirewallRules: [{08093988-C83F-4414-90E1-FF9F60C9E9C2}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

FirewallRules: [{8A8872FE-F171-4F58-8790-FB2C35A4689F}] => (Allow) C:\Users\batman\AppData\Local\racdhbo\audigtn.exe

FirewallRules: [{61D6AC90-CBAB-4025-BD6E-EDB550D15E4A}] => (Allow) C:\Users\batman\AppData\Local\racdhbo\audigtn.exe


==================== Restore Points =========================



==================== Faulty Device Manager Devices =============



==================== Event log errors: =========================


Application errors:

==================

Error: (10/11/2018 07:57:51 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90

Faulting module name: SelfProtectionSdk.dll, version: 3.0.0.360, time stamp: 0x5b995ba2

Exception code: 0xc0000409

Fault offset: 0x000000000014e2a9

Faulting process id: 0x2f90

Faulting application start time: 0x01d461003afab8cd

Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe

Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

Report Id: 9cb5fa87-80d3-47d7-b854-0eb17328a14f

Faulting package full name:

Faulting package-relative application ID:


Error: (10/11/2018 07:57:50 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90

Faulting module name: ntdll.dll, version: 10.0.17134.254, time stamp: 0xa5a334d4

Exception code: 0xc0000005

Fault offset: 0x000000000001d979

Faulting process id: 0x2f90

Faulting application start time: 0x01d461003afab8cd

Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: c9f68100-aaf2-47d7-9a21-21c80ea7e4ef

Faulting package full name:

Faulting package-relative application ID:


Error: (10/10/2018 09:17:04 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90

Faulting module name: MwacLib.dll, version: 3.1.0.476, time stamp: 0x5b999e29

Exception code: 0xc0000409

Fault offset: 0x00000000000582e5

Faulting process id: 0x29d4

Faulting application start time: 0x01d460ff7f5d7841

Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe

Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

Report Id: 7b1dff06-7961-4e61-8c49-4ab38132972a

Faulting package full name:

Faulting package-relative application ID:


Error: (10/10/2018 08:47:34 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90

Faulting module name: MwacLib.dll, version: 3.1.0.476, time stamp: 0x5b999e29

Exception code: 0xc0000409

Fault offset: 0x00000000000582e5

Faulting process id: 0x3a54

Faulting application start time: 0x01d460fb030fea65

Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe

Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

Report Id: c579c7a8-9672-41a5-bacc-b6e0d57e1e54

Faulting package full name:

Faulting package-relative application ID:


Error: (10/10/2018 05:03:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: regsvr32.exe, version: 10.0.17134.1, time stamp: 0x588a9605

Faulting module name: ntdll.dll, version: 10.0.17134.254, time stamp: 0xa5a334d4

Exception code: 0xc0000409

Fault offset: 0x000000000008a93f

Faulting process id: 0x42e0

Faulting application start time: 0x01d460da970acf68

Faulting application path: C:\WINDOWS\system32\regsvr32.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: 09d37dc9-2d53-43ab-8f33-3feeff5c11bb

Faulting package full name:

Faulting package-relative application ID:


Error: (10/09/2018 07:34:01 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: jhi_service.exe, version: 11.7.0.1054, time stamp: 0x5a0387cd

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x91f55660

Faulting process id: 0x29c8

Faulting application start time: 0x01d4601fdeff86f5

Faulting application path: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

Faulting module path: unknown

Report Id: a2895195-6836-4e22-865c-5aa8f7517b0a

Faulting package full name:

Faulting package-relative application ID:


Error: (10/09/2018 07:07:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: stringed.exe, version: 5.2.8.139, time stamp: 0x5bbd1fd2

Faulting module name: KERNELBASE.dll, version: 10.0.17134.165, time stamp: 0xb0bb231d

Exception code: 0xe0434352

Fault offset: 0x000000000003a388

Faulting process id: 0x3e8c

Faulting application start time: 0x01d46024dee2155a

Faulting application path: C:\Program Files (x86)\stringed\stringed.exe

Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll

Report Id: 7b69fe47-15ad-4c21-90a3-a7dde96595ac

Faulting package full name:

Faulting package-relative application ID:


Error: (10/09/2018 07:07:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: stringed.exe, version: 5.2.8.139, time stamp: 0x5bbd1fd2

Faulting module name: KERNELBASE.dll, version: 10.0.17134.165, time stamp: 0xb0bb231d

Exception code: 0xe0434352

Fault offset: 0x000000000003a388

Faulting process id: 0x3e34

Faulting application start time: 0x01d46024dee220c7

Faulting application path: C:\Program Files (x86)\stringed\stringed.exe

Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll

Report Id: 1b433039-4e61-4e10-b703-c8ef32c2c612

Faulting package full name:

Faulting package-relative application ID:



System errors:

=============

Error: (10/11/2018 08:08:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (10/11/2018 08:07:13 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Error: (10/11/2018 08:07:13 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Error: (10/11/2018 08:07:13 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Error: (10/11/2018 08:07:13 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Error: (10/11/2018 08:07:13 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Error: (10/11/2018 08:07:13 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Error: (10/11/2018 08:07:13 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.



CodeIntegrity:

===================================


Date: 2018-10-11 19:58:43.866

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.


Date: 2018-10-11 19:58:43.836

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.


Date: 2018-10-11 19:58:43.807

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.


Date: 2018-10-11 19:15:42.108

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.


Date: 2018-10-11 19:15:42.095

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.


Date: 2018-10-11 19:15:42.085

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.


Date: 2018-10-11 18:15:39.055

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.


Date: 2018-10-11 18:15:39.045

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.


==================== Memory info ===========================


Processor: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz

Percentage of memory in use: 33%

Total physical RAM: 16199.89 MB

Available physical RAM: 10821.33 MB

Total Virtual: 18631.89 MB

Available Virtual: 12228.73 MB


==================== Drives ================================


Drive c: (Windows) (Fixed) (Total:450.69 GB) (Free:63.14 GB) NTFS

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.14 GB) NTFS


\\?\Volume{57ae20f9-6e3f-4867-9201-240ed35da09d}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.59 GB) NTFS

\\?\Volume{a0dff18b-b129-4ac7-9ee3-13398c3a5f91}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32


==================== MBR & Partition Table ==================


========================================================

Disk: 0 (Size: 476.9 GB) (Disk ID: 3FB8B4A6)


Partition: GPT.


==================== End of Addition.txt ============================
 
Welcome aboard
p22002758.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================

redtarget.gif
In the future please use Notepad instead of Wordpad to open logs.
Wordpad creates an extra space and all logs are twice as long and harder for me to read.
Thank you :)

redtarget.gif
You're infected with Smartservice rootkit.
It can't be fixed from within Windows so you must follow these instructions.
Please pay attention to every single step.
http://www.smartestcomputing.us.com/topic/102856-smartservice-rootkit/?do=findComment&comment=351953
 
Thank you for your response! I have been trying to follow the instructions on the webpage you linked me to, but I am having some difficulty. I created the bootable USB, booted into it after turning off my computer, but I am having difficulty at the command prompt stage. I discovered that my USB is in Drive E, but I can't access it. Every time I type in "CD /E E:" without the quotes, I get the following message "The system cannot find the path specified."

Do you have any advice for me on how to get through this step?
 
The only thing I can access through the CD / function is my D drive, but I can't access FRST on there. My C drive is Windows. My D drive is Lenovo. My E drive is ESD-USB (the bootable USB we made). I am not sure what to do.
 
I am not sure if this is helpful or not. In the command prompt, under the first line that says "Microsoft Windows [Version 10.0.17134.112]," it says "Not enough memory resources are available to process this command." I do not see that on your screenshot, so that is an anomaly on my end. Under that is where it says "X:\Sources>"
 
At command prompt you type:
E:
and press Enter.
This should bring you to E drive.
 
That worked! Thank you :)

Below is a copy of my new FRST log in notepad format:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by SYSTEM on MININT-CF7S6QN (12-10-2018 21:21:27)
Running from E:\
Platform: Windows 10 Home Version 1803 17134.286 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool:

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18387808 2018-07-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503592 2018-07-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503592 2018-07-23] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-09] (AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3784512 2018-10-09] (Dropbox, Inc.)
HKU\batman\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd)
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"HKLM\System\ControlSet001\Services\wmgikz" => removed successfully
C:\Windows\System32\drivers\rtrzcfjm.sys => moved successfully
C:\Users\batman\AppData\Local\cornmpi\cornmpi.exe => moved successfully
C:\Users\batman\AppData\Local\cornmpi\dwbhixe.exe => moved successfully
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
S2 AESMService; C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1781f8bae8fdf5c0\aesm_service.exe [3233064 2018-01-26] (Intel Corporation)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-09] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-09] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-10-09] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-07-31] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-07-31] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-09-25] (Dropbox, Inc.)
S2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212784 2017-09-19] ()
S2 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-08] (Intel Corporation)
S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2410672 2017-10-16] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-08] (Intel Corporation)
S2 LITSSVC; C:\Windows\System32\LITSSvc.exe [788920 2017-10-30] (Lenovo.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [266080 2018-07-23] (Realtek Semiconductor)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-02] (Microsoft Corporation)
S2 WTabletServiceISD; C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_ec7e2e39054ef080\WTabletServiceISD.exe [2992064 2018-02-22] (Wacom Technology, Corp.)
S2 YMC; C:\Windows\System32\YMC.exe [231984 2018-05-02] (Lenovo)
S2 ImControllerService; "%SystemDrive%\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe" [X]
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (Apple Inc.)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201408 2018-10-09] (AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230512 2018-10-09] (AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201928 2018-10-09] (AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346760 2018-10-09] (AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59664 2018-10-09] (AVAST Software)
S0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15360 2018-07-22] (AVAST Software)
S1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [185240 2018-10-09] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47064 2018-10-09] (AVAST Software)
S1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42456 2018-10-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163376 2018-10-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111968 2018-10-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88112 2018-10-09] (AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028840 2018-10-09] (AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467904 2018-10-09] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208640 2018-10-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381144 2018-10-09] (AVAST Software)
S3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [74144 2017-11-08] (Intel Corporation)
S3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [69536 2017-11-08] (Intel Corporation)
S3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [382880 2017-11-08] (Intel Corporation)
S3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [98968 2017-10-15] (Intel Corporation)
S3 iaStorAfs; C:\Windows\System32\drivers\iaStorAfs.sys [69632 2017-10-16] (Intel Corporation)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [192008 2017-10-20] (Intel Corporation)
S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-10-10] (Malwarebytes)
S4 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [110424 2018-10-12] (Malwarebytes)
S3 Netwtw06; C:\Windows\system32\DRIVERS\Netwtw06.sys [8752120 2018-05-02] (Intel Corporation)
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5c0f2d8f376b3180\nvlddmkm.sys [17038280 2018-01-06] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-15] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50624 2017-11-15] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-11-15] (NVIDIA Corporation)
S3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3236320 2017-10-29] (Realtek Semiconductor Corp.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WacHIDRouterISD; C:\Windows\System32\drivers\WacHIDRouterISD.sys [79296 2018-02-22] (Wacom Technology, Corp.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
S1 aswbdisk; no ImagePath
S4 gkvhm; System32\drivers\sikhblwr.sys [X]
S1 sbkeagt; \??\C:\Users\batman\AppData\Local\Temp\sihzxdpw.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-12 20:33 - 2018-10-12 21:20 - 000000000 _____ C:\Recovery.txt
2018-10-12 16:59 - 2018-10-12 17:00 - 000000000 ____D C:\Users\batman\AppData\Local\racdhbo
2018-10-12 16:09 - 2018-10-12 16:56 - 000110424 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2018-10-11 16:09 - 2018-10-11 16:15 - 000046214 _____ C:\Users\batman\Desktop\Addition.txt
2018-10-11 16:08 - 2018-10-11 16:14 - 000071564 _____ C:\Users\batman\Desktop\FRST.txt
2018-10-11 16:08 - 2018-10-11 16:09 - 000000000 ____D C:\FRST
2018-10-11 16:08 - 2018-10-11 16:08 - 000000000 ____D C:\Users\batman\Desktop\FRST-OlderVersion
2018-10-11 16:07 - 2018-10-11 16:08 - 002414592 _____ (Farbar) C:\Users\batman\Desktop\FRST64.exe
2018-10-11 15:58 - 2018-10-12 16:56 - 000260384 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2018-10-11 15:58 - 2018-10-12 16:56 - 000118584 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2018-10-11 15:58 - 2018-10-12 16:56 - 000058400 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2018-10-10 17:17 - 2018-10-10 17:17 - 000200232 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2018-10-10 17:12 - 2018-10-10 17:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-10 17:12 - 2018-09-11 09:18 - 000152688 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbae64.sys
2018-10-10 15:01 - 2018-10-10 15:01 - 000000066 _____ C:\Users\batman\Desktop\BOD Follow Up.txt
2018-10-09 17:33 - 2018-10-09 17:33 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-10-09 17:24 - 2018-10-09 17:24 - 000226721 _____ C:\Users\batman\Documents\Agenda.pdf
2018-10-09 17:14 - 2018-10-09 17:14 - 000000000 ____D C:\Users\batman\AppData\Local\mbamtray
2018-10-09 15:03 - 2018-10-09 15:03 - 000000000 ____D C:\Users\batman\AppData\Local\mbam
2018-10-09 14:27 - 2018-10-09 14:27 - 000378584 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2018-10-09 14:27 - 2018-10-09 14:27 - 000042456 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2018-10-09 14:26 - 2018-10-09 14:26 - 000000000 ___HD C:\$AV_ASW
2018-10-09 14:19 - 2018-10-12 17:10 - 000000000 ____D C:\Users\batman\AppData\Local\msdkgxn
2018-10-09 14:16 - 2018-10-12 21:21 - 000000000 ____D C:\Users\batman\AppData\Local\cornmpi
2018-10-09 14:15 - 2018-10-09 14:26 - 000000000 ____D C:\Users\batman\AppData\Roaming\uolpgv
2018-10-09 14:14 - 2018-10-12 16:55 - 002921984 _____ C:\Windows\System32\atcpomhsvc.exe
2018-10-09 14:14 - 2018-10-09 15:34 - 000000000 ____D C:\Users\batman\AppData\Roaming\7006A99743931204349748
2018-10-09 14:14 - 2018-10-09 14:18 - 000000000 ____D C:\Windows\System32\coandmx
2018-10-09 14:14 - 2018-10-09 14:14 - 000000000 ____D C:\Windows\SysWOW64\coandmx
2018-10-09 14:14 - 2018-10-09 14:14 - 000000000 ____D C:\Users\batman\AppData\Roaming\TeamViewer
2018-10-09 14:13 - 2018-10-09 15:08 - 000000000 ____D C:\Users\batman\AppData\Roaming\RamExpert
2018-10-09 14:13 - 2018-10-09 14:13 - 000000000 ____D C:\Users\batman\AppData\Roaming\KC Softwares
2018-10-09 14:13 - 2018-10-09 14:13 - 000000000 ____D C:\Users\batman\AppData\Roaming\et
2018-10-09 14:10 - 2018-10-09 14:10 - 000000000 ____D C:\Users\batman\AppData\Local\Turbo.net
2018-10-09 14:09 - 2018-10-09 14:09 - 000000000 ____D C:\ProgramData\Vary
2018-10-09 14:08 - 2018-10-09 15:34 - 000000000 ____D C:\Program Files (x86)\Castles
2018-10-09 14:08 - 2018-10-09 15:08 - 000000000 ____D C:\Program Files (x86)\stringed
2018-10-09 14:08 - 2018-10-09 15:05 - 000000000 ___HD C:\Program Files (x86)\Gasification
2018-10-09 14:08 - 2018-10-09 15:05 - 000000000 ____D C:\Program Files (x86)\Obasanjo
2018-10-09 14:08 - 2018-10-09 15:05 - 000000000 ____D C:\Program Files (x86)\diptych
2018-10-09 14:08 - 2018-10-09 14:27 - 000000000 ___HD C:\Program Files (x86)\ratliff
2018-10-09 14:03 - 2018-10-09 14:03 - 000072043 _____ C:\Users\batman\Desktop\Citizens Bank.pdf
2018-10-09 13:16 - 2018-10-09 13:16 - 000000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_ldiagio_01009.Wdf
2018-10-08 16:55 - 2018-10-08 16:55 - 000000000 ____D C:\ProgramData\Wondershare
2018-10-08 16:54 - 2018-10-09 15:36 - 000000000 ____D C:\Users\batman\AppData\Roaming\Wondershare
2018-10-08 16:54 - 2018-10-08 16:54 - 000000000 ____D C:\Users\batman\AppData\Local\Wondershare
2018-10-08 12:33 - 2018-10-06 10:42 - 000195888 _____ (Microsoft Corporation) C:\Windows\System32\msvcp140_2.dll
2018-10-08 12:33 - 2018-10-06 10:42 - 000032048 _____ (Microsoft Corporation) C:\Windows\System32\msvcp140_1.dll
2018-10-07 18:17 - 2018-10-07 18:17 - 000135324 _____ C:\Users\batman\Desktop\PP-VAB-US-0193 Vabomere NTAP Brochure_9-27-18.pdf
2018-10-01 14:38 - 2018-10-01 14:39 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-10-01 14:38 - 2018-10-01 14:38 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-10-01 14:38 - 2018-07-23 01:23 - 007173504 _____ (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2018-10-01 14:38 - 2018-07-23 01:23 - 003674984 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2018-10-01 14:38 - 2018-07-23 01:23 - 003203968 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2018-10-01 14:38 - 2018-07-23 01:23 - 002927968 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2018-10-01 14:38 - 2018-07-23 01:22 - 007096560 _____ (Dolby Laboratories) C:\Windows\System32\DDPP64A.dll
2018-10-01 14:38 - 2018-07-23 01:22 - 001151336 _____ (Dolby Laboratories) C:\Windows\System32\DolbyDAX2APOProp.dll
2018-10-01 14:38 - 2018-07-23 01:22 - 000370528 _____ (Dolby Laboratories) C:\Windows\System32\HiFiDAX2API.dll
2018-10-01 14:38 - 2018-07-23 01:22 - 000124656 _____ (Real Sound Lab SIA) C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2018-10-01 14:38 - 2018-07-23 01:20 - 003317304 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2018-10-01 14:38 - 2018-07-23 01:20 - 001353288 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2018-10-01 14:38 - 2018-07-23 01:20 - 000453240 _____ (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2018-10-01 14:38 - 2018-07-23 01:20 - 000343672 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2018-10-01 14:38 - 2018-07-23 01:20 - 000157312 _____ (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2018-10-01 14:38 - 2018-07-23 01:20 - 000139728 _____ (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2018-10-01 14:38 - 2018-07-23 01:20 - 000090136 _____ (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2018-10-01 14:38 - 2018-07-23 01:19 - 005346960 _____ (Dolby Laboratories) C:\Windows\System32\DolbyDAX2APOv211.dll
2018-10-01 14:38 - 2018-07-23 01:19 - 001971328 _____ (Dolby Laboratories) C:\Windows\System32\DDPD64A.dll
2018-10-01 14:38 - 2018-07-23 01:19 - 001544216 _____ (Dolby Laboratories) C:\Windows\System32\DAX3APOProp.dll
2018-10-01 14:38 - 2018-07-23 01:19 - 000332976 _____ (Dolby Laboratories) C:\Windows\System32\DDPO64A.dll
2018-10-01 14:38 - 2018-07-23 01:19 - 000278240 _____ (Dolby Laboratories) C:\Windows\System32\DDPA64.dll
2018-10-01 14:38 - 2018-07-22 21:53 - 019165464 _____ C:\Windows\System32\Drivers\RTAIODAT.DAT
2018-10-01 14:38 - 2018-01-15 10:40 - 002856800 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2018-09-25 16:10 - 2018-09-15 00:46 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-09-25 16:10 - 2018-09-15 00:32 - 000392192 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2018-09-25 16:10 - 2018-09-15 00:31 - 001364992 _____ (Microsoft Corporation) C:\Windows\System32\bcastdvruserservice.dll
2018-09-25 16:10 - 2018-09-14 18:57 - 000272408 _____ (Microsoft Corporation) C:\Windows\System32\SgrmEnclave.dll
2018-09-25 16:10 - 2018-09-14 18:56 - 000269320 _____ (Microsoft Corporation) C:\Windows\System32\SgrmEnclave_secure.dll
2018-09-25 16:10 - 2018-09-14 18:51 - 001220920 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe
2018-09-25 16:10 - 2018-09-14 18:51 - 000076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hvservice.sys
2018-09-25 16:10 - 2018-09-14 18:50 - 001029432 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe
2018-09-25 16:10 - 2018-09-14 18:50 - 000567080 _____ (Microsoft Corporation) C:\Windows\System32\tcblaunch.exe
2018-09-25 16:10 - 2018-09-14 18:50 - 000134968 _____ (Microsoft Corporation) C:\Windows\System32\hvloader.dll
2018-09-25 16:10 - 2018-09-14 18:49 - 009090064 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2018-09-25 16:10 - 2018-09-14 18:49 - 007519896 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Protection.PlayReady.dll
2018-09-25 16:10 - 2018-09-14 18:49 - 001097760 _____ (Microsoft Corporation) C:\Windows\System32\msvproc.dll
2018-09-25 16:10 - 2018-09-14 18:48 - 000885968 _____ (Microsoft Corporation) C:\Windows\System32\CoreMessaging.dll
2018-09-25 16:10 - 2018-09-14 18:48 - 000713504 _____ (Microsoft Corporation) C:\Windows\System32\MSVideoDSP.dll
2018-09-25 16:10 - 2018-09-14 18:33 - 006567984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-25 16:10 - 2018-09-14 18:33 - 001129760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2018-09-25 16:10 - 2018-09-14 18:33 - 000581808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2018-09-25 16:10 - 2018-09-14 18:33 - 000567280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-09-25 16:10 - 2018-09-14 18:33 - 000357064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2018-09-25 16:10 - 2018-09-14 18:20 - 001627136 _____ (Microsoft Corporation) C:\Windows\System32\enterprisecsps.dll
2018-09-25 16:10 - 2018-09-14 18:19 - 004382720 _____ (Microsoft Corporation) C:\Windows\System32\EdgeContent.dll
2018-09-25 16:10 - 2018-09-14 18:19 - 000154112 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2018-09-25 16:10 - 2018-09-14 18:17 - 007577088 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2018-09-25 16:10 - 2018-09-14 18:16 - 005777920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-09-25 16:10 - 2018-09-14 16:59 - 000001310 _____ C:\Windows\System32\tcbres.wim
2018-09-25 16:10 - 2018-08-30 23:46 - 000542504 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2018-09-25 16:10 - 2018-08-30 23:45 - 000348328 _____ (Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
2018-09-25 16:10 - 2018-08-30 23:43 - 001524152 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
2018-09-25 16:10 - 2018-08-30 23:42 - 001636232 _____ (Microsoft Corporation) C:\Windows\System32\gdi32full.dll
2018-09-25 16:10 - 2018-08-30 23:27 - 000178176 _____ (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2018-09-25 16:10 - 2018-08-30 23:27 - 000056320 _____ (Microsoft Corporation) C:\Windows\System32\mf3216.dll
2018-09-25 16:10 - 2018-08-30 23:26 - 000101888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2018-09-25 16:10 - 2018-08-30 23:25 - 000270336 _____ (Microsoft Corporation) C:\Windows\System32\spp.dll
2018-09-25 16:10 - 2018-08-30 23:25 - 000266752 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2018-09-25 16:10 - 2018-08-30 23:24 - 001127936 _____ (Microsoft Corporation) C:\Windows\System32\nettrace.dll
2018-09-25 16:10 - 2018-08-30 23:24 - 000482304 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2018-09-25 16:10 - 2018-08-30 23:23 - 000765440 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2018-09-25 16:10 - 2018-08-30 23:22 - 001855488 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2018-09-25 16:10 - 2018-08-30 23:22 - 001661440 _____ (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2018-09-25 16:10 - 2018-08-30 22:55 - 001455960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2018-09-25 16:10 - 2018-08-30 22:53 - 001327504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2018-09-25 16:10 - 2018-08-30 22:41 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-09-25 16:10 - 2018-08-30 22:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2018-09-25 16:10 - 2018-08-30 22:40 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2018-09-25 16:10 - 2018-08-30 22:37 - 001585664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-09-25 16:10 - 2018-08-30 22:37 - 000622080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2018-09-25 16:10 - 2018-08-30 22:36 - 001469952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2018-09-25 16:10 - 2018-08-30 19:44 - 001064744 _____ (Microsoft Corporation) C:\Windows\System32\SecConfig.efi
2018-09-25 16:10 - 2018-08-30 19:43 - 002719216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2018-09-25 16:10 - 2018-08-30 19:43 - 000722880 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2018-09-25 16:10 - 2018-08-30 19:42 - 007436192 _____ (Microsoft Corporation) C:\Windows\System32\windows.storage.dll
2018-09-25 16:10 - 2018-08-30 19:42 - 002824672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2018-09-25 16:10 - 2018-08-30 19:42 - 002461312 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2018-09-25 16:10 - 2018-08-30 19:42 - 001767064 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2018-09-25 16:10 - 2018-08-30 19:42 - 001458552 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2018-09-25 16:10 - 2018-08-30 19:42 - 001258352 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2018-09-25 16:10 - 2018-08-30 19:42 - 001142000 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2018-09-25 16:10 - 2018-08-30 19:42 - 000983080 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2018-09-25 16:10 - 2018-08-30 19:42 - 000632296 _____ (Microsoft Corporation) C:\Windows\System32\dpx.dll
2018-09-25 16:10 - 2018-08-30 19:42 - 000604640 _____ (Microsoft Corporation) C:\Windows\System32\securekernel.exe
2018-09-25 16:10 - 2018-08-30 19:42 - 000527328 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2018-09-25 16:10 - 2018-08-30 19:42 - 000155112 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2018-09-25 16:10 - 2018-08-30 19:28 - 006043680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-09-25 16:10 - 2018-08-30 19:28 - 001989496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-09-25 16:10 - 2018-08-30 19:28 - 001514352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2018-09-25 16:10 - 2018-08-30 19:28 - 000453104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpx.dll
2018-09-25 16:10 - 2018-08-30 19:28 - 000134936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-09-25 16:10 - 2018-08-30 19:26 - 025847808 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2018-09-25 16:10 - 2018-08-30 19:21 - 022008320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-09-25 16:10 - 2018-08-30 19:20 - 022715904 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2018-09-25 16:10 - 2018-08-30 19:18 - 008189440 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll
2018-09-25 16:10 - 2018-08-30 19:17 - 000144384 _____ (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2018-09-25 16:10 - 2018-08-30 19:17 - 000020480 _____ (Microsoft Corporation) C:\Windows\System32\netevent.dll
2018-09-25 16:10 - 2018-08-30 19:16 - 019404288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-09-25 16:10 - 2018-08-30 19:16 - 006661120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-09-25 16:10 - 2018-08-30 19:15 - 004866560 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2018-09-25 16:10 - 2018-08-30 19:15 - 003392512 _____ (Microsoft Corporation) C:\Windows\System32\tquery.dll
2018-09-25 16:10 - 2018-08-30 19:15 - 000894464 _____ (Microsoft Corporation) C:\Windows\System32\webplatstorageserver.dll
2018-09-25 16:10 - 2018-08-30 19:15 - 000395776 _____ (Microsoft Corporation) C:\Windows\System32\Search.ProtocolHandler.MAPI2.dll
2018-09-25 16:10 - 2018-08-30 19:15 - 000075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys
2018-09-25 16:10 - 2018-08-30 19:14 - 002700288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-09-25 16:10 - 2018-08-30 19:14 - 000898560 _____ (Microsoft Corporation) C:\Windows\System32\WpcWebFilter.dll
2018-09-25 16:10 - 2018-08-30 19:14 - 000808448 _____ (Microsoft Corporation) C:\Windows\System32\EdgeManager.dll
2018-09-25 16:10 - 2018-08-30 19:14 - 000726528 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2018-09-25 16:10 - 2018-08-30 19:13 - 002738688 _____ (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2018-09-25 16:10 - 2018-08-30 19:13 - 001708544 _____ (Microsoft Corporation) C:\Windows\System32\MSPhotography.dll
2018-09-25 16:10 - 2018-08-30 19:13 - 000402432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2018-09-25 16:10 - 2018-08-30 19:12 - 000736256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2018-09-25 16:10 - 2018-08-30 19:12 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2018-09-25 16:10 - 2018-08-30 19:11 - 002236928 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2018-09-25 16:10 - 2018-08-30 19:11 - 001854976 _____ (Microsoft Corporation) C:\Windows\System32\wevtsvc.dll
2018-09-25 16:10 - 2018-08-30 19:11 - 001804288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2018-09-25 16:10 - 2018-08-30 19:11 - 001057792 _____ (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2018-09-25 16:10 - 2018-08-30 19:11 - 000796672 _____ (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2018-09-25 16:10 - 2018-08-30 19:11 - 000604160 _____ (Microsoft Corporation) C:\Windows\System32\updatehandlers.dll
2018-09-25 16:10 - 2018-08-30 19:11 - 000406528 _____ (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2018-09-25 16:10 - 2018-08-30 19:10 - 003711488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-09-25 16:10 - 2018-08-30 19:10 - 001375744 _____ (Microsoft Corporation) C:\Windows\System32\usocore.dll
2018-09-25 16:10 - 2018-08-30 19:10 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2018-09-25 16:10 - 2018-08-30 19:10 - 000889344 _____ (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2018-09-25 16:10 - 2018-08-30 19:10 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-09-25 16:10 - 2018-08-30 19:10 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-09-25 16:10 - 2018-08-30 19:10 - 000288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-25 16:10 - 2018-08-30 19:10 - 000176640 _____ (Microsoft Corporation) C:\Windows\System32\mssph.dll
2018-09-25 16:10 - 2018-08-30 19:09 - 002258944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-09-25 16:10 - 2018-08-30 19:09 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-09-25 16:10 - 2018-08-30 19:08 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2018-09-25 16:10 - 2018-08-30 19:07 - 001627648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-09-25 16:10 - 2018-08-30 19:07 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-09-25 16:10 - 2018-08-30 19:07 - 000735744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-09-25 16:10 - 2018-08-30 19:06 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-09-25 16:10 - 2018-08-27 23:17 - 023862784 _____ (Microsoft Corporation) C:\Windows\System32\Hydrogen.dll
2018-09-25 16:10 - 2018-08-27 22:56 - 001008640 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.MixedRealityCapture.dll
2018-09-25 16:10 - 2018-08-27 22:49 - 000677376 _____ (Microsoft Corporation) C:\Windows\System32\HeadTrackerStorage.dll
2018-09-25 16:10 - 2018-08-27 22:48 - 001274368 _____ (Microsoft Corporation) C:\Windows\System32\HoloSI.PCShell.dll
2018-09-25 16:10 - 2018-08-27 22:45 - 000713216 _____ (Microsoft Corporation) C:\Windows\System32\SharedRealitySvc.dll
2018-09-25 16:10 - 2018-08-27 21:51 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-25 16:10 - 2018-08-13 18:14 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2018-09-25 16:10 - 2018-08-13 18:14 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-09-25 16:10 - 2018-08-09 01:32 - 004527680 _____ (Microsoft Corporation) C:\Windows\System32\sppsvc.exe
2018-09-25 16:10 - 2018-08-09 01:31 - 001617728 _____ (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2018-09-25 16:10 - 2018-08-09 01:31 - 000766872 _____ (Microsoft Corporation) C:\Windows\System32\LicensingWinRT.dll
2018-09-25 16:10 - 2018-08-09 01:31 - 000253544 _____ (Microsoft Corporation) C:\Windows\System32\sppwinob.dll
2018-09-25 16:10 - 2018-08-09 01:31 - 000236624 _____ (Microsoft Corporation) C:\Windows\System32\EditionUpgradeManagerObj.dll
2018-09-25 16:10 - 2018-08-09 01:17 - 000064000 _____ (Microsoft Corporation) C:\Windows\System32\iemigplugin.dll
2018-09-25 16:10 - 2018-08-09 01:16 - 004491264 _____ (Microsoft Corporation) C:\Windows\System32\xpsrchvw.exe
2018-09-25 16:10 - 2018-08-09 01:14 - 012709376 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
 
2018-09-25 16:10 - 2018-08-09 01:14 - 000466944 _____ (Microsoft Corporation) C:\Windows\System32\DscCore.dll
2018-09-25 16:10 - 2018-08-09 01:14 - 000326144 _____ (Microsoft Corporation) C:\Windows\System32\CertEnrollUI.dll
2018-09-25 16:10 - 2018-08-09 01:14 - 000158720 _____ (Microsoft Corporation) C:\Windows\System32\fdeploy.dll
2018-09-25 16:10 - 2018-08-09 01:13 - 000521216 _____ (Microsoft Corporation) C:\Windows\System32\winspool.drv
2018-09-25 16:10 - 2018-08-09 01:13 - 000517120 _____ (Microsoft Corporation) C:\Windows\System32\certreq.exe
2018-09-25 16:10 - 2018-08-09 01:13 - 000340992 _____ (Microsoft Corporation) C:\Windows\System32\AcGenral.dll
2018-09-25 16:10 - 2018-08-09 01:13 - 000223232 _____ (Microsoft Corporation) C:\Windows\System32\TtlsExt.dll
2018-09-25 16:10 - 2018-08-09 01:12 - 002084864 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2018-09-25 16:10 - 2018-08-09 01:12 - 001787392 _____ (Microsoft Corporation) C:\Windows\System32\wsp_health.dll
2018-09-25 16:10 - 2018-08-09 01:12 - 000221184 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2018-09-25 16:10 - 2018-08-09 01:11 - 003652608 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2018-09-25 16:10 - 2018-08-09 01:11 - 002051584 _____ (Microsoft Corporation) C:\Windows\System32\wsp_fs.dll
2018-09-25 16:10 - 2018-08-09 01:11 - 001004032 _____ (Microsoft Corporation) C:\Windows\System32\clusapi.dll
2018-09-25 16:10 - 2018-08-09 01:11 - 000615424 _____ (Microsoft Corporation) C:\Windows\System32\resutils.dll
2018-09-25 16:10 - 2018-08-09 01:11 - 000181248 _____ (Microsoft Corporation) C:\Windows\System32\EditionUpgradeHelper.dll
2018-09-25 16:10 - 2018-08-09 01:10 - 001557504 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2018-09-25 16:10 - 2018-08-09 01:10 - 000836608 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2018-09-25 16:10 - 2018-08-09 01:10 - 000757248 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2018-09-25 16:10 - 2018-08-09 01:09 - 000217088 _____ (Microsoft Corporation) C:\Windows\System32\dinput8.dll
2018-09-25 16:10 - 2018-08-09 01:09 - 000165376 _____ (Microsoft Corporation) C:\Windows\System32\dinput.dll
2018-09-25 16:10 - 2018-08-09 01:09 - 000091136 _____ (Microsoft Corporation) C:\Windows\System32\mcbuilder.exe
2018-09-25 16:10 - 2018-08-09 00:36 - 000660896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicensingWinRT.dll
2018-09-25 16:10 - 2018-08-09 00:36 - 000221120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-25 16:10 - 2018-08-09 00:24 - 011901952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-09-25 16:10 - 2018-08-09 00:24 - 000131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdeploy.dll
2018-09-25 16:10 - 2018-08-09 00:23 - 003397632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-09-25 16:10 - 2018-08-09 00:23 - 001308160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2018-09-25 16:10 - 2018-08-09 00:23 - 000291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollUI.dll
2018-09-25 16:10 - 2018-08-09 00:22 - 001452544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2018-09-25 16:10 - 2018-08-09 00:22 - 000668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-09-25 16:10 - 2018-08-09 00:22 - 000485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2018-09-25 16:10 - 2018-08-09 00:22 - 000429568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certreq.exe
2018-09-25 16:10 - 2018-08-09 00:21 - 002894848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-09-25 16:10 - 2018-08-09 00:21 - 002016768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-09-25 16:10 - 2018-08-09 00:21 - 001274368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2018-09-25 16:10 - 2018-08-09 00:21 - 000775168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2018-09-25 16:10 - 2018-08-09 00:20 - 002401792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2018-09-25 16:10 - 2018-08-09 00:20 - 000423424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2018-09-25 16:10 - 2018-08-09 00:20 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dinput8.dll
2018-09-25 16:10 - 2018-08-09 00:20 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dinput.dll
2018-09-25 16:10 - 2018-08-09 00:19 - 000080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2018-09-25 16:10 - 2018-08-08 21:02 - 001035144 _____ (Microsoft Corporation) C:\Windows\System32\ApplyTrustOffline.exe
2018-09-25 16:10 - 2018-08-08 21:01 - 000777400 _____ (Microsoft Corporation) C:\Windows\System32\pkeyhelper.dll
2018-09-25 16:10 - 2018-08-08 20:55 - 000230304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
2018-09-25 16:10 - 2018-08-08 20:54 - 001019016 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2018-09-25 16:10 - 2018-08-08 20:54 - 000709824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2018-09-25 16:10 - 2018-08-08 20:54 - 000375704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2018-09-25 16:10 - 2018-08-08 20:54 - 000203568 _____ (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2018-09-25 16:10 - 2018-08-08 20:54 - 000170912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2018-09-25 16:10 - 2018-08-08 20:53 - 002765440 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2018-09-25 16:10 - 2018-08-08 20:53 - 001947720 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2018-09-25 16:10 - 2018-08-08 20:53 - 001026456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2018-09-25 16:10 - 2018-08-08 20:53 - 000932136 _____ (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
2018-09-25 16:10 - 2018-08-08 20:53 - 000482480 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase_enclave.dll
2018-09-25 16:10 - 2018-08-08 20:53 - 000158720 _____ (Microsoft Corporation) C:\Windows\System32\vertdll.dll
2018-09-25 16:10 - 2018-08-08 20:53 - 000125600 _____ (Microsoft Corporation) C:\Windows\System32\cryptxml.dll
2018-09-25 16:10 - 2018-08-08 20:30 - 000829856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2018-09-25 16:10 - 2018-08-08 20:30 - 000183992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2018-09-25 16:10 - 2018-08-08 20:29 - 002253584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-09-25 16:10 - 2018-08-08 20:29 - 001620880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-09-25 16:10 - 2018-08-08 20:29 - 001174552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-09-25 16:10 - 2018-08-08 20:29 - 000099208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptxml.dll
2018-09-25 16:10 - 2018-08-08 20:28 - 003395072 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2018-09-25 16:10 - 2018-08-08 20:28 - 001589248 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll
2018-09-25 16:10 - 2018-08-08 20:27 - 000428032 _____ (Microsoft Corporation) C:\Windows\System32\MusNotification.exe
2018-09-25 16:10 - 2018-08-08 20:27 - 000117248 _____ (Microsoft Corporation) C:\Windows\System32\eShims.dll
2018-09-25 16:10 - 2018-08-08 20:27 - 000051200 _____ (Microsoft Corporation) C:\Windows\System32\CertEnrollCtrl.exe
2018-09-25 16:10 - 2018-08-08 20:26 - 000990720 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2018-09-25 16:10 - 2018-08-08 20:26 - 000572416 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-25 16:10 - 2018-08-08 20:26 - 000528384 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2018-09-25 16:10 - 2018-08-08 20:26 - 000319488 _____ (Microsoft Corporation) C:\Windows\System32\MusNotificationUx.exe
2018-09-25 16:10 - 2018-08-08 20:26 - 000238592 _____ (Microsoft Corporation) C:\Windows\System32\TtlsAuth.dll
2018-09-25 16:10 - 2018-08-08 20:26 - 000221184 _____ (Microsoft Corporation) C:\Windows\System32\TtlsCfg.dll
2018-09-25 16:10 - 2018-08-08 20:26 - 000209408 _____ (Microsoft Corporation) C:\Windows\System32\AppXApplicabilityBlob.dll
2018-09-25 16:10 - 2018-08-08 20:25 - 003320320 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2018-09-25 16:10 - 2018-08-08 20:25 - 000898560 _____ (Microsoft Corporation) C:\Windows\System32\MusUpdateHandlers.dll
2018-09-25 16:10 - 2018-08-08 20:25 - 000797184 _____ (Microsoft Corporation) C:\Windows\System32\certca.dll
2018-09-25 16:10 - 2018-08-08 20:25 - 000596992 _____ (Microsoft Corporation) C:\Windows\System32\TileDataRepository.dll
2018-09-25 16:10 - 2018-08-08 20:25 - 000460288 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2018-09-25 16:10 - 2018-08-08 20:25 - 000392704 _____ (Microsoft Corporation) C:\Windows\System32\WaaSMedicSvc.dll
2018-09-25 16:10 - 2018-08-08 20:25 - 000145408 _____ (Microsoft Corporation) C:\Windows\System32\updatepolicy.dll
2018-09-25 16:10 - 2018-08-08 20:24 - 002368512 _____ (Microsoft Corporation) C:\Windows\System32\WebRuntimeManager.dll
2018-09-25 16:10 - 2018-08-08 20:24 - 001535488 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2018-09-25 16:10 - 2018-08-08 20:23 - 003148288 _____ (Microsoft Corporation) C:\Windows\System32\CertEnroll.dll
2018-09-25 16:10 - 2018-08-08 20:23 - 002904064 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2018-09-25 16:10 - 2018-08-08 20:23 - 002172928 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2018-09-25 16:10 - 2018-08-08 20:23 - 000916992 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2018-09-25 16:10 - 2018-08-08 20:22 - 004615680 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2018-09-25 16:10 - 2018-08-08 20:22 - 001586176 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2018-09-25 16:10 - 2018-08-08 20:22 - 001551360 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.desktop.dll
2018-09-25 16:10 - 2018-08-08 20:22 - 000316928 _____ (Microsoft Corporation) C:\Windows\System32\GlobCollationHost.dll
2018-09-25 16:10 - 2018-08-08 20:21 - 000505344 _____ (Microsoft Corporation) C:\Windows\System32\edgeIso.dll
2018-09-25 16:10 - 2018-08-08 20:13 - 001189376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-09-25 16:10 - 2018-08-08 20:13 - 000042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollCtrl.exe
2018-09-25 16:10 - 2018-08-08 20:12 - 000652288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certca.dll
2018-09-25 16:10 - 2018-08-08 20:11 - 002900992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-09-25 16:10 - 2018-08-08 20:11 - 000471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2018-09-25 16:10 - 2018-08-08 20:11 - 000350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-09-25 16:10 - 2018-08-08 20:11 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-09-25 16:10 - 2018-08-08 20:11 - 000178176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TtlsAuth.dll
2018-09-25 16:10 - 2018-08-08 20:11 - 000164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TtlsCfg.dll
2018-09-25 16:10 - 2018-08-08 20:11 - 000122368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2018-09-25 16:10 - 2018-08-08 20:10 - 002893824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2018-09-25 16:10 - 2018-08-08 20:10 - 000835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-09-25 16:10 - 2018-08-08 20:10 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-09-25 16:10 - 2018-08-08 20:09 - 004191232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-09-25 16:10 - 2018-08-08 20:09 - 001466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-09-25 16:10 - 2018-08-08 20:08 - 000195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2018-09-25 16:10 - 2018-08-08 19:08 - 000806416 _____ C:\Windows\SysWOW64\locale.nls
2018-09-25 16:10 - 2018-08-08 19:08 - 000806416 _____ C:\Windows\System32\locale.nls
2018-09-25 03:52 - 2018-09-25 03:52 - 000051024 _____ (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
2018-09-25 03:52 - 2018-09-25 03:52 - 000050232 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-dev.sys
2018-09-25 03:52 - 2018-09-25 03:52 - 000050232 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-canary.sys
2018-09-25 03:52 - 2018-09-25 03:52 - 000045640 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-stable.sys
2018-09-23 17:18 - 2018-09-23 17:19 - 000000000 ____D C:\Users\batman\Desktop\Seinfeld
2018-09-22 06:31 - 2018-09-22 06:31 - 000000165 ____H C:\Users\batman\Desktop\~$Introduction to Pharmacokinetic and Pharmacodynamic Parameters for Antibiotics.pptx
2018-09-16 11:12 - 2018-09-16 11:12 - 000000652 _____ C:\Users\batman\Desktop\Contact Lenses.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-12 17:13 - 2018-06-28 12:44 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-12 17:13 - 2018-04-11 15:38 - 000000000 ____D C:\Windows\LiveKernelReports
2018-10-12 17:12 - 2018-07-21 18:52 - 000000000 __SHD C:\Users\batman\IntelGraphicsProfiles
2018-10-12 17:12 - 2018-04-11 15:36 - 000000000 ____D C:\Windows\INF
2018-10-12 17:11 - 2018-07-22 09:40 - 000000000 ____D C:\Users\batman\AppData\Roaming\vlc
2018-10-12 17:06 - 2018-04-11 15:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-12 17:02 - 2018-07-22 04:48 - 000793700 _____ C:\Windows\System32\PerfStringBackup.INI
2018-10-12 16:57 - 2018-07-22 04:53 - 000000000 ____D C:\Users\batman\AppData\Local\AVAST Software
2018-10-12 16:57 - 2018-07-21 19:07 - 000000000 ___RD C:\Users\batman\OneDrive - St. John's University
2018-10-12 16:56 - 2018-07-21 20:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-12 16:56 - 2018-07-21 20:03 - 000000000 ____D C:\Windows\System32\SleepStudy
2018-10-12 16:15 - 2018-07-21 20:05 - 000000000 ____D C:\users\batman
2018-10-12 16:12 - 2018-07-21 20:05 - 000000000 ____D C:\Users\batman\AppData\Local\Host App Service
2018-10-12 16:08 - 2018-04-11 13:04 - 023592960 _____ C:\Windows\System32\config\HARDWARE
2018-10-11 16:06 - 2018-07-22 04:52 - 000004264 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-10-11 15:57 - 2018-04-11 13:04 - 000786432 _____ C:\Windows\System32\config\BBI
2018-10-10 12:48 - 2018-07-31 03:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-10-09 17:33 - 2018-07-23 06:45 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-10-09 17:32 - 2018-07-23 06:38 - 000000000 ____D C:\Users\batman\AppData\Local\Adobe
2018-10-09 15:38 - 2018-07-23 06:49 - 000000000 ____D C:\Users\batman\AppData\Local\CrashDumps
2018-10-09 15:38 - 2018-07-21 19:36 - 000000000 ____D C:\Users\batman\AppData\Roaming\uTorrent
2018-10-09 15:34 - 2018-07-22 05:22 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-10-09 14:29 - 2018-07-31 03:12 - 000000938 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-10-09 14:29 - 2018-07-31 03:12 - 000000934 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-10-09 14:29 - 2018-07-22 15:30 - 000000420 _____ C:\Windows\Tasks\update-sys.job
2018-10-09 14:29 - 2018-07-22 15:30 - 000000420 _____ C:\Windows\Tasks\update-S-1-5-21-2562023560-3925838451-1074170921-1001.job
2018-10-09 14:29 - 2018-07-21 20:03 - 004896032 _____ C:\Windows\System32\FNTCACHE.DAT
2018-10-09 14:27 - 2018-07-22 04:52 - 001028840 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2018-10-09 14:27 - 2018-07-22 04:52 - 000467904 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2018-10-09 14:27 - 2018-07-22 04:52 - 000381144 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2018-10-09 14:27 - 2018-07-22 04:52 - 000208640 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2018-10-09 14:27 - 2018-07-22 04:52 - 000201408 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys
2018-10-09 14:27 - 2018-07-22 04:52 - 000163376 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2018-10-09 14:27 - 2018-07-22 04:52 - 000111968 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2018-10-09 14:27 - 2018-07-22 04:52 - 000088112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2018-10-09 14:27 - 2018-07-22 04:52 - 000047064 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2018-10-09 14:27 - 2018-04-11 15:38 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-10-09 14:26 - 2018-07-22 04:52 - 000346760 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbloga.sys
2018-10-09 14:26 - 2018-07-22 04:52 - 000230512 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsdrivera.sys
2018-10-09 14:26 - 2018-07-22 04:52 - 000201928 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsha.sys
2018-10-09 14:26 - 2018-07-22 04:52 - 000185240 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHdsKe.sys
2018-10-09 14:26 - 2018-07-22 04:52 - 000059664 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbuniva.sys
2018-10-09 14:02 - 2018-08-22 15:46 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-10-09 14:02 - 2018-07-31 09:10 - 000002764 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-batmanbatman@gmail.com
2018-10-09 14:02 - 2018-07-31 03:12 - 000003452 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-10-09 14:02 - 2018-07-31 03:12 - 000003228 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-10-09 14:02 - 2018-07-22 15:30 - 000003056 _____ C:\Windows\System32\Tasks\update-S-1-5-21-2562023560-3925838451-1074170921-1001
2018-10-09 14:02 - 2018-07-22 15:30 - 000002800 _____ C:\Windows\System32\Tasks\update-sys
2018-10-09 14:02 - 2018-07-21 20:08 - 000003492 _____ C:\Windows\System32\Tasks\LenovoUtility Task
2018-10-09 14:02 - 2018-07-21 20:08 - 000003398 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 14:02 - 2018-07-21 20:08 - 000003346 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-10-09 14:02 - 2018-07-21 20:08 - 000003180 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2018-10-09 14:02 - 2018-07-21 20:08 - 000003176 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 14:02 - 2018-07-21 20:08 - 000003122 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-10-09 14:02 - 2018-07-21 20:08 - 000002988 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-10-09 14:02 - 2018-07-21 20:08 - 000002984 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 14:02 - 2018-07-21 20:08 - 000002956 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 14:02 - 2018-07-21 20:08 - 000002914 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 14:02 - 2018-07-21 20:08 - 000002860 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2562023560-3925838451-1074170921-1001
2018-10-09 14:02 - 2018-07-21 20:08 - 000002838 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 14:02 - 2018-07-21 20:08 - 000002786 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 14:02 - 2018-07-21 20:08 - 000002770 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2018-10-09 14:02 - 2018-07-21 20:08 - 000002744 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 14:02 - 2018-07-21 20:08 - 000002408 _____ C:\Windows\System32\Tasks\App Explorer
2018-10-09 14:02 - 2018-07-21 20:08 - 000002220 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-10-09 14:02 - 2018-07-21 20:08 - 000002024 _____ C:\Windows\System32\Tasks\RTFTrack
2018-10-09 14:02 - 2018-07-21 20:08 - 000002016 _____ C:\Windows\System32\Tasks\RtsCM
2018-10-09 13:20 - 2018-04-11 15:38 - 000000000 ____D C:\Windows\AppReadiness
2018-10-09 13:17 - 2018-07-22 05:20 - 000000000 ____D C:\Users\batman\AppData\LocalLow\uTorrent
2018-10-09 13:11 - 2018-04-11 15:30 - 000000000 ____D C:\Windows\CbsTemp
2018-10-08 16:42 - 2018-07-21 18:52 - 000000000 ____D C:\Users\batman\AppData\Roaming\Adobe
2018-10-08 16:38 - 2018-07-23 06:39 - 000000000 ____D C:\ProgramData\Adobe
2018-10-08 16:09 - 2018-07-21 20:08 - 000000000 ____D C:\Windows\System32\Tasks\Lenovo
2018-10-08 15:42 - 2018-07-23 07:07 - 000000000 ____D C:\Users\batman\AppData\LocalLow\Adobe
2018-10-07 18:40 - 2018-07-21 19:33 - 000000000 ____D C:\Users\batman\AppData\LocalLow\Mozilla
2018-10-07 18:23 - 2018-04-11 15:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-01 14:48 - 2018-06-28 12:45 - 000477265 _____ C:\Windows\System32\Drivers\rtkhdasetting.zip
2018-10-01 14:47 - 2018-04-11 15:38 - 000000000 ____D C:\Windows\TextInput
2018-10-01 14:47 - 2018-04-11 15:38 - 000000000 ____D C:\Windows\SysWOW64\Dism
2018-10-01 14:47 - 2018-04-11 15:38 - 000000000 ____D C:\Windows\System32\oobe
2018-10-01 14:47 - 2018-04-11 15:38 - 000000000 ____D C:\Windows\bcastdvr
2018-10-01 14:47 - 2018-04-11 13:04 - 000000000 ____D C:\Windows\System32\Dism
2018-10-01 14:39 - 2018-07-21 20:04 - 000000000 ____D C:\Program Files\Common Files\Dolby
2018-10-01 14:39 - 2018-06-28 12:45 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-10-01 14:39 - 2018-06-28 12:45 - 000000000 ____D C:\Windows\System32\DAX3
2018-10-01 14:39 - 2018-06-28 12:45 - 000000000 ____D C:\Windows\System32\DAX2
2018-09-30 18:35 - 2018-07-23 05:41 - 000001269 _____ C:\Users\batman\Desktop\batman.lnk
2018-09-15 04:58 - 2018-07-21 18:52 - 000000000 ____D C:\Users\batman\AppData\Local\Packages

Some files in TEMP:
====================
2018-10-10 16:49 - 2018-09-19 04:01 - 000858912 _____ (Malwarebytes) C:\Users\batman\AppData\Local\Temp\mb-clean.exe
2018-10-10 16:49 - 2018-10-10 16:48 - 080022264 _____ (Malwarebytes ) C:\Users\batman\AppData\Local\Temp\mb3-setup-54035.54035-3.6.1.2711-1.0.463-1.0.6913.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2018-07-22 00:00] - [2018-07-22 00:00] - 000677376 _____ (Microsoft Corporation) 3E56F9D58EBBB1B33E31B86267DBECFC

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2018-07-22 00:00] - [2018-07-22 00:00] - 003932672 _____ (Microsoft Corporation) E4A81EDDFF8B844D85C8B45354E4144E

C:\Windows\SysWOW64\explorer.exe
[2018-07-22 00:00] - [2018-07-22 00:00] - 003611368 _____ (Microsoft Corporation) 499B0D1F6277F17B3BAC525B8717C064

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2018-08-15 05:27] - [2018-07-13 20:19] - 000636944 _____ (Microsoft Corporation) 2FC61B2CF84792516D543CA94139A92C

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2018-07-22 00:00] - [2018-07-22 00:00] - 001160192 _____ (Microsoft Corporation) 107661923943E9DC06ED2713AC5F7753

C:\Windows\System32\dnsapi.dll
[2018-07-22 00:00] - [2018-07-22 00:00] - 000766608 _____ (Microsoft Corporation) F4B9F200B9D7EBC8BD4C8E39F02A44E3

C:\Windows\SysWOW64\dnsapi.dll
[2018-07-22 00:00] - [2018-07-22 00:00] - 000573904 _____ (Microsoft Corporation) BE663A3C8E4F3ED2E8404A808614BCE3

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 6%
Total physical RAM: 16199.89 MB
Available physical RAM: 15119.55 MB
Total Virtual: 16199.89 MB
Available Virtual: 15153.35 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:450.69 GB) (Free:60.74 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.14 GB) NTFS
Drive e: (ESD-USB) (Removable) (Total:14.52 GB) (Free:10.72 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

\\?\Volume{57ae20f9-6e3f-4867-9201-240ed35da09d}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.59 GB) NTFS
\\?\Volume{a0dff18b-b129-4ac7-9ee3-13398c3a5f91}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 3FB8B4A6)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 14.5 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2018-07-21 20:03

==================== End of FRST.txt ============================
 
Good job! :)

Restart computer normally and...

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
RogueKiller Report:

RogueKiller V12.13.4.0 (x64) [Oct 8 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : batman [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 10/12/2018 21:36:56 (Duration : 00:19:02)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 19 ¤¤¤
[PUP.SweetLabs|PUP.Gen1] (X64) HKEY_USERS\S-1-5-19\Software\Host App Service -> Deleted
[PUP.SweetLabs|PUP.Gen1] (X86) HKEY_USERS\S-1-5-19\Software\Host App Service -> Deleted
[PUP.SweetLabs|PUP.Gen1] (X64) HKEY_USERS\S-1-5-20\Software\Host App Service -> Deleted
[PUP.SweetLabs|PUP.Gen1] (X86) HKEY_USERS\S-1-5-20\Software\Host App Service -> Deleted
[PUP.SweetLabs|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2562023560-3925838451-1074170921-1001\Software\Host App Service -> Deleted
[PUP.SweetLabs|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2562023560-3925838451-1074170921-1001\Software\Host App Service -> Deleted
[PUP.SweetLabs|PUP.Gen1] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Deleted
[PUP.SweetLabs|PUP.Gen1] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Deleted
[PUP.SweetLabs|PUP.Gen1] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Deleted
[PUP.SweetLabs|PUP.Gen1] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Deleted
[PUP.SweetLabs|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2562023560-3925838451-1074170921-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Deleted
[PUP.SweetLabs|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2562023560-3925838451-1074170921-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbkeagt (\??\C:\Users\batman\AppData\Local\Temp\sihzxdpw.sys) -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2562023560-3925838451-1074170921-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo17win10.msn.com/?pc=LCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2562023560-3925838451-1074170921-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo17win10.msn.com/?pc=LCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2562023560-3925838451-1074170921-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo17win10.msn.com/?pc=LCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2562023560-3925838451-1074170921-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo17win10.msn.com/?pc=LCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8A8872FE-F171-4F58-8790-FB2C35A4689F} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\batman\AppData\Local\racdhbo\audigtn.exe|Name=Service 14410a644d2b197b (In)|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {61D6AC90-CBAB-4025-BD6E-EDB550D15E4A} : v2.28|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\batman\AppData\Local\racdhbo\audigtn.exe|Name=Service 14410a644d2b197b (Out)| [x] -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 9 ¤¤¤
[PUP.SweetLabs|PUP.Gen1][Folder] C:\ProgramData\Host App Service -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo App Explorer.lnk [LNK@] C:\Users\batman\AppData\Local\HOSTAP~1\Engine\HOSTAP~1.EXE /OPEN"defd46ddcae7ce35ae9673132f9cf2200f2f1563" -> Deleted
[PUP.uTorrentAds][File] C:\Users\batman\AppData\Roaming\uTorrent\updates\3.5.4_44498\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\batman\AppData\Roaming\uTorrent\updates\3.5.4_44520\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\batman\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe -> Deleted
[PUP.SweetLabs|PUP.Gen1][Folder] C:\Users\batman\AppData\Local\Host App Service -> Removed at reboot [91]
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\ (1).defaultRegistry -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\.defaultRegistry -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\analytics.db -> Removed at reboot [20]
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Apps\48f805ed6f2dfa6c212a004a4f1ad09fa37acf90 (1).pokki -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Apps\48f805ed6f2dfa6c212a004a4f1ad09fa37acf90.pokki -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Apps\installed_apps.db -> Deleted
[PUP.SweetLabs|PUP.Gen1][Folder] C:\Users\batman\AppData\Local\Host App Service\Apps -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\HostAppService.exe -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\HostAppService.VisualElementsManifest.xml -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\HostAppServiceInterface.exe -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\HostAppServiceUpdateManager.exe -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe -> Removed at reboot [5]
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\HostAppServiceUpdaterMetrics.exe -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\Lenovo.Account.SSO.dll -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\LenovoIdSSO.dll -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\LenovoIdSSOWrapper.dll -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\MahApps.Metro.dll -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\Newtonsoft.Json.dll -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\NLog.dll -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\SLTool.dll -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\SLToolWrapper.dll -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\startmenu\TileLogo_150.png -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\startmenu\TileLogo_70.png -> Deleted
[PUP.SweetLabs|PUP.Gen1][Folder] C:\Users\batman\AppData\Local\Host App Service\Engine\startmenu -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\System.Windows.Interactivity.dll -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\vcruntime140.dll -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Engine\WebAppHelper.exe -> Deleted
[PUP.SweetLabs|PUP.Gen1][Folder] C:\Users\batman\AppData\Local\Host App Service\Engine -> Removed at reboot [91]
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\engine_update.db -> Removed at reboot [20]
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\IconCache\persistent\App Explorer (1).ico -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\IconCache\persistent\App Explorer.ico -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\IconCache\persistent\Lenovo App Explorer (1).ico -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\IconCache\persistent\Lenovo App Explorer.ico -> Deleted
[PUP.SweetLabs|PUP.Gen1][Folder] C:\Users\batman\AppData\Local\Host App Service\IconCache\persistent -> Deleted
[PUP.SweetLabs|PUP.Gen1][Folder] C:\Users\batman\AppData\Local\Host App Service\IconCache -> Deleted
[PUP.SweetLabs|PUP.Gen1][Folder] C:\Users\batman\AppData\Local\Host App Service\Setup -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Uninstall (1).exe -> Deleted
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Local\Host App Service\Uninstall.exe -> Deleted
[PUP.Y2Go][Folder] C:\Users\batman\AppData\Local\OneDrive -> Deleted
[PUP.Y2Go][Folder] C:\Users\batman\AppData\Local\OneDrive\cache\qmlcache -> Deleted
[PUP.Y2Go][Folder] C:\Users\batman\AppData\Local\OneDrive\cache -> Deleted
[PUP.SweetLabs|PUP.Gen1][Folder] C:\ProgramData\Host App Service -> ERROR [3]
[PUP.SweetLabs|PUP.Gen1][File] C:\Users\batman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo App Explorer.lnk [LNK@] C:\Users\batman\AppData\Local\HOSTAP~1\Engine\HOSTAP~1.EXE /OPEN"defd46ddcae7ce35ae9673132f9cf2200f2f1563" -> Removed at reboot [2]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Deleted
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://cpprod.stjohns.edu/cp/home/loginf] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HFS512GD9TNG-62A0A +++++
--- User ---
[MBR] a9b9a75efdbd3e496eb324d9f9786eea
[BSP] de92d65244c52f42778b00856791db38 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 461509 MB
3 - Basic data partition | Offset (sectors): 945737728 | Size: 25600 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 998166528 | Size: 1000 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
MalwareBytes Report:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/12/18
Scan Time: 10:06 PM
Log File: a36872d2-ce8c-11e8-8d14-0c5415ea8188.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7323
License: Trial

-System Information-
OS: Windows 10 (Build 17134.286)
CPU: x64
File System: NTFS
User: DESKTOP-K6KNP79\batman

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 274089
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 12 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 
AdwCleaner Report:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-12-2018
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 8
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service

***** [ Files ] *****

Deleted C:\Windows\System32\Tasks_Migrated\App Explorer

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\App Explorer

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7511F66D-A5B1-4265-902A-3DC23C4BBFF4}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1799 octets] - [12/10/2018 22:10:58]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
Thank you again for your help! These programs found many things that were not found before. Are there any further steps that should be taken?

Best,
Damur
 
Yes.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
FRST.txt is below:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by batman (administrator) on DESKTOP-K6KNP79 (12-10-2018 22:26:18)
Running from C:\Users\batman\Desktop
Loaded Profiles: batman (Available Profiles: batman)
Platform: Windows 10 Home Version 1803 17134.286 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\Windows\System32\YMC.exe
(Lenovo.) C:\Windows\System32\LITSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_ec7e2e39054ef080\WTabletServiceISD.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\IntelCpHDCPSvc.exe
() C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_ec7e2e39054ef080\WTabletServiceISD.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\igfxEM.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Lenovo(beijing) Limited) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.46.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1781f8bae8fdf5c0\aesm_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Users\batman\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\FileCoAuth.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18387808 2018-07-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503592 2018-07-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503592 2018-07-23] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-09] (AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3784512 2018-10-09] (Dropbox, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2562023560-3925838451-1074170921-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{292d1bcb-9cec-4fd8-8809-7639eba55fa2}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-2562023560-3925838451-1074170921-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2562023560-3925838451-1074170921-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/

FireFox:
========
FF DefaultProfile: f8dho2tw.default
FF DefaultProfile: vk4dsqms.default
FF ProfilePath: C:\Users\batman\AppData\Roaming\Zotero\Zotero\Profiles\f8dho2tw.default [2018-08-08]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero\extensions\zoteroWinWordIntegration@zotero.org [2018-08-07] [Legacy] [not signed]
FF ProfilePath: C:\Users\batman\AppData\Roaming\Mozilla\Firefox\Profiles\vk4dsqms.default [2018-10-12]
FF Extension: (Avast SafePrice) - C:\Users\batman\AppData\Roaming\Mozilla\Firefox\Profiles\vk4dsqms.default\Extensions\sp@avast.com.xpi [2018-07-22]
FF Extension: (Avast Online Security) - C:\Users\batman\AppData\Roaming\Mozilla\Firefox\Profiles\vk4dsqms.default\Extensions\wrc@avast.com.xpi [2018-07-22]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-21] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://cpprod.stjohns.edu/cp/home/loginf
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default [2018-10-12]
CHR Extension: (Slides) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-21]
CHR Extension: (Docs) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-21]
CHR Extension: (Google Drive) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-21]
CHR Extension: (YouTube) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-21]
CHR Extension: (Honey) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-10-12]
CHR Extension: (Adblock Plus) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-10]
CHR Extension: (Adobe Acrobat) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-10-09]
CHR Extension: (Zotero Connector) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2018-09-09]
CHR Extension: (Sheets) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-21]
CHR Extension: (Google Docs Offline) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Piggy - Automatic Coupons & Cash Back) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2018-10-07]
CHR Extension: (Video Downloader professional) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmdldgcmokdpmacblnehppgkjphcbpnn [2018-10-01]
CHR Extension: (Wikibuy) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2018-10-11]
CHR Extension: (Video Speed Controller) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2018-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-21]
CHR Extension: (Gmail) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-21]
CHR Extension: (Chrome Media Router) - C:\Users\batman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-23]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1781f8bae8fdf5c0\aesm_service.exe [3233064 2018-01-26] (Intel Corporation)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-09] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-09] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-10-09] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-07-31] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-07-31] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-09-25] (Dropbox, Inc.)
R2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212784 2017-09-19] ()
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-08] (Intel Corporation)
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2410672 2017-10-16] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71408 2018-05-16] (Lenovo Group Limited)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
R2 LITSSVC; C:\WINDOWS\System32\LITSSvc.exe [788920 2017-10-30] (Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [266080 2018-07-23] (Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-02] (Microsoft Corporation)
R2 WTabletServiceISD; C:\WINDOWS\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_ec7e2e39054ef080\WTabletServiceISD.exe [2992064 2018-02-22] (Wacom Technology, Corp.)
R2 YMC; C:\WINDOWS\System32\YMC.exe [231984 2018-05-02] (Lenovo)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (Apple Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201408 2018-10-09] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230512 2018-10-09] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201928 2018-10-09] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346760 2018-10-09] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59664 2018-10-09] (AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-07-22] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [185240 2018-10-09] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47064 2018-10-09] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42456 2018-10-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163376 2018-10-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111968 2018-10-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88112 2018-10-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028840 2018-10-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467904 2018-10-09] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208640 2018-10-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381144 2018-10-09] (AVAST Software)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74144 2017-11-08] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69536 2017-11-08] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [382880 2017-11-08] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98968 2017-10-15] (Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [69632 2017-10-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [192008 2017-10-20] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [200232 2018-10-10] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [118584 2018-10-12] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [58400 2018-10-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260384 2018-10-12] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [110424 2018-10-12] (Malwarebytes)
R3 Netwtw06; C:\WINDOWS\system32\DRIVERS\Netwtw06.sys [8752120 2018-05-03] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_5c0f2d8f376b3180\nvlddmkm.sys [17038280 2018-01-07] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-11-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-11-15] (NVIDIA Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3236320 2017-10-29] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-10-12] ()
R3 WacHIDRouterISD; C:\WINDOWS\System32\drivers\WacHIDRouterISD.sys [79296 2018-02-22] (Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
U1 aswbdisk; no ImagePath
S4 gkvhm; System32\drivers\sikhblwr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-13 00:33 - 2018-10-13 01:22 - 000000000 _____ C:\Recovery.txt
2018-10-12 22:26 - 2018-10-12 22:26 - 000022993 _____ C:\Users\batman\Desktop\FRST.txt
2018-10-12 22:25 - 2018-10-12 22:25 - 002414592 _____ (Farbar) C:\Users\batman\Desktop\FRST64.exe
2018-10-12 22:19 - 2018-10-12 22:20 - 000000000 ____D C:\Users\batman\Desktop\Cleaning
2018-10-12 22:19 - 2018-10-12 22:19 - 000006982 _____ C:\Users\batman\Documents\cc_20181012_221939.reg
2018-10-12 22:18 - 2018-10-12 22:18 - 000000000 ____D C:\Users\batman\AppData\Local\OneDrive
2018-10-12 22:13 - 2018-10-12 22:13 - 000260384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-10-12 22:13 - 2018-10-12 22:13 - 000118584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-10-12 22:13 - 2018-10-12 22:13 - 000110424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-10-12 22:13 - 2018-10-12 22:13 - 000058400 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-10-12 22:10 - 2018-10-12 22:10 - 007592144 _____ (Malwarebytes) C:\Users\batman\Downloads\adwcleaner_7.2.4.0.exe
2018-10-12 22:10 - 2018-10-12 22:10 - 007592144 _____ (Malwarebytes) C:\Users\batman\Downloads\adwcleaner_7.2.4.0 (1).exe
2018-10-12 22:09 - 2018-10-12 22:12 - 000000000 ____D C:\AdwCleaner
2018-10-12 22:09 - 2018-10-12 22:09 - 007567568 _____ (Malwarebytes) C:\Users\batman\Downloads\AdwCleaner.exe
2018-10-12 22:06 - 2018-10-12 22:06 - 000000000 ___HD C:\OneDriveTemp
2018-10-12 21:36 - 2018-10-12 21:36 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-10-12 21:36 - 2018-10-12 21:36 - 000000000 ____D C:\ProgramData\RogueKiller
2018-10-12 21:36 - 2018-10-12 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-10-12 21:36 - 2018-10-12 21:36 - 000000000 ____D C:\Program Files\RogueKiller
2018-10-12 20:59 - 2018-10-12 21:30 - 000000000 ____D C:\Users\batman\AppData\Local\racdhbo
2018-10-11 20:08 - 2018-10-12 22:26 - 000000000 ____D C:\FRST
2018-10-10 21:17 - 2018-10-10 21:17 - 000200232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-10-10 21:12 - 2018-10-10 21:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-10 21:12 - 2018-10-10 21:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-10 21:12 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-10-10 19:01 - 2018-10-10 19:01 - 000000066 _____ C:\Users\batman\Desktop\BOD Follow Up.txt
2018-10-10 17:03 - 2018-10-10 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-10-09 21:33 - 2018-10-11 21:01 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-09 21:33 - 2018-10-09 21:33 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-10-09 21:24 - 2018-10-09 21:24 - 000226721 _____ C:\Users\batman\Documents\Agenda.pdf
2018-10-09 21:14 - 2018-10-09 21:14 - 000000000 ____D C:\Users\batman\AppData\Local\mbamtray
2018-10-09 19:03 - 2018-10-09 19:03 - 000000000 ____D C:\Users\batman\AppData\Local\mbam
2018-10-09 18:27 - 2018-10-09 18:27 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-10-09 18:27 - 2018-10-09 18:27 - 000042456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2018-10-09 18:26 - 2018-10-09 18:26 - 000000000 ___HD C:\$AV_ASW
2018-10-09 18:19 - 2018-10-12 21:10 - 000000000 ____D C:\Users\batman\AppData\Local\msdkgxn
2018-10-09 18:16 - 2018-10-13 01:21 - 000000000 ____D C:\Users\batman\AppData\Local\cornmpi
2018-10-09 18:15 - 2018-10-09 18:26 - 000000000 ____D C:\Users\batman\AppData\Roaming\uolpgv
2018-10-09 18:14 - 2018-10-12 20:55 - 002921984 _____ C:\WINDOWS\system32\atcpomhsvc.exe
2018-10-09 18:14 - 2018-10-09 19:34 - 000000000 ____D C:\Users\batman\AppData\Roaming\7006A99743931204349748
2018-10-09 18:14 - 2018-10-09 18:18 - 000000000 ____D C:\WINDOWS\system32\coandmx
2018-10-09 18:14 - 2018-10-09 18:14 - 000000000 ____D C:\WINDOWS\SysWOW64\coandmx
2018-10-09 18:14 - 2018-10-09 18:14 - 000000000 ____D C:\Users\batman\AppData\Roaming\TeamViewer
2018-10-09 18:13 - 2018-10-09 19:08 - 000000000 ____D C:\Users\batman\AppData\Roaming\RamExpert
2018-10-09 18:13 - 2018-10-09 18:13 - 000000000 ____D C:\Users\batman\AppData\Roaming\KC Softwares
2018-10-09 18:13 - 2018-10-09 18:13 - 000000000 ____D C:\Users\batman\AppData\Roaming\et
2018-10-09 18:10 - 2018-10-09 18:10 - 000000000 ____D C:\Users\batman\AppData\Local\Turbo.net
2018-10-09 18:09 - 2018-10-09 18:09 - 000000000 ____D C:\ProgramData\Vary
2018-10-09 18:08 - 2018-10-09 19:34 - 000000000 ____D C:\Program Files (x86)\Castles
2018-10-09 18:08 - 2018-10-09 19:08 - 000000000 ____D C:\Program Files (x86)\stringed
2018-10-09 18:08 - 2018-10-09 19:05 - 000000000 ___HD C:\Program Files (x86)\Gasification
2018-10-09 18:08 - 2018-10-09 19:05 - 000000000 ____D C:\Program Files (x86)\Obasanjo
2018-10-09 18:08 - 2018-10-09 19:05 - 000000000 ____D C:\Program Files (x86)\diptych
2018-10-09 18:08 - 2018-10-09 18:27 - 000000000 ___HD C:\Program Files (x86)\ratliff
2018-10-09 18:03 - 2018-10-09 18:03 - 000072043 _____ C:\Users\batman\Desktop\Citizens Bank.pdf
2018-10-09 17:16 - 2018-10-09 17:16 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_01009.Wdf
2018-10-08 20:55 - 2018-10-08 20:55 - 000000000 ____D C:\ProgramData\Wondershare
2018-10-08 20:54 - 2018-10-09 19:36 - 000000000 ____D C:\Users\batman\AppData\Roaming\Wondershare
2018-10-08 20:54 - 2018-10-08 20:54 - 000000000 ____D C:\Users\batman\AppData\Local\Wondershare
2018-10-08 16:33 - 2018-10-06 14:42 - 000195888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_2.dll
2018-10-08 16:33 - 2018-10-06 14:42 - 000032048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_1.dll
2018-10-07 22:17 - 2018-10-07 22:17 - 000135324 _____ C:\Users\batman\Desktop\PP-VAB-US-0193 Vabomere NTAP Brochure_9-27-18.pdf
2018-10-01 18:38 - 2018-10-01 18:39 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-10-01 18:38 - 2018-10-01 18:38 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-10-01 18:38 - 2018-07-23 05:23 - 007173504 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2018-10-01 18:38 - 2018-07-23 05:23 - 003674984 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-10-01 18:38 - 2018-07-23 05:23 - 003203968 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2018-10-01 18:38 - 2018-07-23 05:23 - 002927968 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2018-10-01 18:38 - 2018-07-23 05:22 - 007096560 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2018-10-01 18:38 - 2018-07-23 05:22 - 001151336 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2018-10-01 18:38 - 2018-07-23 05:22 - 000370528 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2018-10-01 18:38 - 2018-07-23 05:22 - 000124656 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2018-10-01 18:38 - 2018-07-23 05:20 - 003317304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-10-01 18:38 - 2018-07-23 05:20 - 001353288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2018-10-01 18:38 - 2018-07-23 05:20 - 000453240 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2018-10-01 18:38 - 2018-07-23 05:20 - 000343672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2018-10-01 18:38 - 2018-07-23 05:20 - 000157312 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2018-10-01 18:38 - 2018-07-23 05:20 - 000139728 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2018-10-01 18:38 - 2018-07-23 05:20 - 000090136 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2018-10-01 18:38 - 2018-07-23 05:19 - 005346960 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2018-10-01 18:38 - 2018-07-23 05:19 - 001971328 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2018-10-01 18:38 - 2018-07-23 05:19 - 001544216 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2018-10-01 18:38 - 2018-07-23 05:19 - 000332976 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2018-10-01 18:38 - 2018-07-23 05:19 - 000278240 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2018-10-01 18:38 - 2018-07-23 01:53 - 019165464 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-10-01 18:38 - 2018-01-15 14:40 - 002856800 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2018-09-25 20:10 - 2018-09-15 04:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-09-25 20:10 - 2018-09-15 04:32 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-09-25 20:10 - 2018-09-15 04:31 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-09-25 20:10 - 2018-09-14 22:57 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-09-25 20:10 - 2018-09-14 22:56 - 000269320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-09-25 20:10 - 2018-09-14 22:51 - 001220920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-09-25 20:10 - 2018-09-14 22:51 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-09-25 20:10 - 2018-09-14 22:50 - 001029432 _____ (Microsoft Corporation)
 
C:\WINDOWS\system32\hvax64.exe
2018-09-25 20:10 - 2018-09-14 22:50 - 000567080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-09-25 20:10 - 2018-09-14 22:50 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-09-25 20:10 - 2018-09-14 22:49 - 009090064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-09-25 20:10 - 2018-09-14 22:49 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-09-25 20:10 - 2018-09-14 22:49 - 001097760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-09-25 20:10 - 2018-09-14 22:48 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-09-25 20:10 - 2018-09-14 22:48 - 000713504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-09-25 20:10 - 2018-09-14 22:33 - 006567984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-25 20:10 - 2018-09-14 22:33 - 001129760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-09-25 20:10 - 2018-09-14 22:33 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-09-25 20:10 - 2018-09-14 22:33 - 000567280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-09-25 20:10 - 2018-09-14 22:33 - 000357064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-09-25 20:10 - 2018-09-14 22:20 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-09-25 20:10 - 2018-09-14 22:19 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-09-25 20:10 - 2018-09-14 22:19 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-09-25 20:10 - 2018-09-14 22:17 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-09-25 20:10 - 2018-09-14 22:16 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-09-25 20:10 - 2018-09-14 20:59 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-09-25 20:10 - 2018-08-31 03:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-09-25 20:10 - 2018-08-31 03:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-09-25 20:10 - 2018-08-31 03:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-09-25 20:10 - 2018-08-31 03:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-09-25 20:10 - 2018-08-31 03:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-09-25 20:10 - 2018-08-31 03:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2018-09-25 20:10 - 2018-08-31 03:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-09-25 20:10 - 2018-08-31 03:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2018-09-25 20:10 - 2018-08-31 03:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-09-25 20:10 - 2018-08-31 03:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-09-25 20:10 - 2018-08-31 03:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-09-25 20:10 - 2018-08-31 03:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-09-25 20:10 - 2018-08-31 03:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-09-25 20:10 - 2018-08-31 03:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-09-25 20:10 - 2018-08-31 02:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-09-25 20:10 - 2018-08-31 02:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-09-25 20:10 - 2018-08-31 02:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-09-25 20:10 - 2018-08-31 02:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2018-09-25 20:10 - 2018-08-31 02:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2018-09-25 20:10 - 2018-08-31 02:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-09-25 20:10 - 2018-08-31 02:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-09-25 20:10 - 2018-08-31 02:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-09-25 20:10 - 2018-08-30 23:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-09-25 20:10 - 2018-08-30 23:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-09-25 20:10 - 2018-08-30 23:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-09-25 20:10 - 2018-08-30 23:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-09-25 20:10 - 2018-08-30 23:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-09-25 20:10 - 2018-08-30 23:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-09-25 20:10 - 2018-08-30 23:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-09-25 20:10 - 2018-08-30 23:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-09-25 20:10 - 2018-08-30 23:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-09-25 20:10 - 2018-08-30 23:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-09-25 20:10 - 2018-08-30 23:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-09-25 20:10 - 2018-08-30 23:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2018-09-25 20:10 - 2018-08-30 23:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-09-25 20:10 - 2018-08-30 23:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-09-25 20:10 - 2018-08-30 23:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-09-25 20:10 - 2018-08-30 23:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-09-25 20:10 - 2018-08-30 23:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-09-25 20:10 - 2018-08-30 23:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-09-25 20:10 - 2018-08-30 23:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2018-09-25 20:10 - 2018-08-30 23:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-09-25 20:10 - 2018-08-30 23:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-09-25 20:10 - 2018-08-30 23:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-09-25 20:10 - 2018-08-30 23:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-09-25 20:10 - 2018-08-30 23:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-09-25 20:10 - 2018-08-30 23:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-09-25 20:10 - 2018-08-30 23:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
2018-09-25 20:10 - 2018-08-30 23:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-09-25 20:10 - 2018-08-30 23:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-09-25 20:10 - 2018-08-30 23:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-09-25 20:10 - 2018-08-30 23:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-09-25 20:10 - 2018-08-30 23:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-09-25 20:10 - 2018-08-30 23:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-09-25 20:10 - 2018-08-30 23:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-09-25 20:10 - 2018-08-30 23:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-09-25 20:10 - 2018-08-30 23:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-09-25 20:10 - 2018-08-30 23:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-09-25 20:10 - 2018-08-30 23:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-09-25 20:10 - 2018-08-30 23:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-09-25 20:10 - 2018-08-30 23:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-09-25 20:10 - 2018-08-30 23:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-09-25 20:10 - 2018-08-30 23:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-09-25 20:10 - 2018-08-30 23:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
2018-09-25 20:10 - 2018-08-30 23:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-09-25 20:10 - 2018-08-30 23:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-09-25 20:10 - 2018-08-30 23:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-09-25 20:10 - 2018-08-30 23:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-09-25 20:10 - 2018-08-30 23:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-09-25 20:10 - 2018-08-30 23:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-09-25 20:10 - 2018-08-30 23:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-09-25 20:10 - 2018-08-30 23:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-09-25 20:10 - 2018-08-30 23:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-09-25 20:10 - 2018-08-30 23:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-09-25 20:10 - 2018-08-30 23:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-09-25 20:10 - 2018-08-30 23:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-09-25 20:10 - 2018-08-30 23:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-09-25 20:10 - 2018-08-30 23:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-25 20:10 - 2018-08-30 23:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-09-25 20:10 - 2018-08-30 23:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-09-25 20:10 - 2018-08-30 23:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-09-25 20:10 - 2018-08-30 23:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-09-25 20:10 - 2018-08-30 23:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-09-25 20:10 - 2018-08-30 23:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-09-25 20:10 - 2018-08-30 23:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-09-25 20:10 - 2018-08-30 23:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-09-25 20:10 - 2018-08-28 03:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-09-25 20:10 - 2018-08-28 02:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-09-25 20:10 - 2018-08-28 02:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-09-25 20:10 - 2018-08-28 02:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-09-25 20:10 - 2018-08-28 02:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2018-09-25 20:10 - 2018-08-28 01:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-25 20:10 - 2018-08-13 22:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2018-09-25 20:10 - 2018-08-13 22:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-09-25 20:10 - 2018-08-09 05:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-09-25 20:10 - 2018-08-09 05:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-09-25 20:10 - 2018-08-09 05:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-09-25 20:10 - 2018-08-09 05:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-09-25 20:10 - 2018-08-09 05:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-09-25 20:10 - 2018-08-09 05:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-09-25 20:10 - 2018-08-09 05:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-09-25 20:10 - 2018-08-09 05:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-09-25 20:10 - 2018-08-09 05:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2018-09-25 20:10 - 2018-08-09 05:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2018-09-25 20:10 - 2018-08-09 05:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2018-09-25 20:10 - 2018-08-09 05:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-09-25 20:10 - 2018-08-09 05:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2018-09-25 20:10 - 2018-08-09 05:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-09-25 20:10 - 2018-08-09 05:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-09-25 20:10 - 2018-08-09 05:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-09-25 20:10 - 2018-08-09 05:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-09-25 20:10 - 2018-08-09 05:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-09-25 20:10 - 2018-08-09 05:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-09-25 20:10 - 2018-08-09 05:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-09-25 20:10 - 2018-08-09 05:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-09-25 20:10 - 2018-08-09 05:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-09-25 20:10 - 2018-08-09 05:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-09-25 20:10 - 2018-08-09 05:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-09-25 20:10 - 2018-08-09 05:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-09-25 20:10 - 2018-08-09 05:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-09-25 20:10 - 2018-08-09 05:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-09-25 20:10 - 2018-08-09 05:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-09-25 20:10 - 2018-08-09 05:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-09-25 20:10 - 2018-08-09 04:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-09-25 20:10 - 2018-08-09 04:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-25 20:10 - 2018-08-09 04:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-09-25 20:10 - 2018-08-09 04:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2018-09-25 20:10 - 2018-08-09 04:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-09-25 20:10 - 2018-08-09 04:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-09-25 20:10 - 2018-08-09 04:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2018-09-25 20:10 - 2018-08-09 04:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-09-25 20:10 - 2018-08-09 04:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-09-25 20:10 - 2018-08-09 04:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-09-25 20:10 - 2018-08-09 04:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2018-09-25 20:10 - 2018-08-09 04:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-09-25 20:10 - 2018-08-09 04:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-09-25 20:10 - 2018-08-09 04:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-09-25 20:10 - 2018-08-09 04:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-09-25 20:10 - 2018-08-09 04:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-09-25 20:10 - 2018-08-09 04:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-09-25 20:10 - 2018-08-09 04:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2018-09-25 20:10 - 2018-08-09 04:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2018-09-25 20:10 - 2018-08-09 04:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-09-25 20:10 - 2018-08-09 01:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-09-25 20:10 - 2018-08-09 01:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2018-09-25 20:10 - 2018-08-09 00:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-09-25 20:10 - 2018-08-09 00:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-09-25 20:10 - 2018-08-09 00:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-09-25 20:10 - 2018-08-09 00:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-09-25 20:10 - 2018-08-09 00:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-09-25 20:10 - 2018-08-09 00:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-09-25 20:10 - 2018-08-09 00:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-09-25 20:10 - 2018-08-09 00:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-09-25 20:10 - 2018-08-09 00:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-09-25 20:10 - 2018-08-09 00:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-09-25 20:10 - 2018-08-09 00:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-09-25 20:10 - 2018-08-09 00:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-09-25 20:10 - 2018-08-09 00:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2018-09-25 20:10 - 2018-08-09 00:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-09-25 20:10 - 2018-08-09 00:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-09-25 20:10 - 2018-08-09 00:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-09-25 20:10 - 2018-08-09 00:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-09-25 20:10 - 2018-08-09 00:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-09-25 20:10 - 2018-08-09 00:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2018-09-25 20:10 - 2018-08-09 00:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-09-25 20:10 - 2018-08-09 00:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-09-25 20:10 - 2018-08-09 00:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-09-25 20:10 - 2018-08-09 00:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-09-25 20:10 - 2018-08-09 00:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2018-09-25 20:10 - 2018-08-09 00:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-09-25 20:10 - 2018-08-09 00:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-25 20:10 - 2018-08-09 00:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-09-25 20:10 - 2018-08-09 00:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-09-25 20:10 - 2018-08-09 00:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-09-25 20:10 - 2018-08-09 00:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-09-25 20:10 - 2018-08-09 00:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-09-25 20:10 - 2018-08-09 00:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-09-25 20:10 - 2018-08-09 00:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-09-25 20:10 - 2018-08-09 00:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2018-09-25 20:10 - 2018-08-09 00:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-09-25 20:10 - 2018-08-09 00:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-09-25 20:10 - 2018-08-09 00:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2018-09-25 20:10 - 2018-08-09 00:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-09-25 20:10 - 2018-08-09 00:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-09-25 20:10 - 2018-08-09 00:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-09-25 20:10 - 2018-08-09 00:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2018-09-25 20:10 - 2018-08-09 00:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-09-25 20:10 - 2018-08-09 00:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-09-25 20:10 - 2018-08-09 00:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-09-25 20:10 - 2018-08-09 00:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-09-25 20:10 - 2018-08-09 00:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-09-25 20:10 - 2018-08-09 00:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-09-25 20:10 - 2018-08-09 00:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-09-25 20:10 - 2018-08-09 00:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-09-25 20:10 - 2018-08-09 00:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-09-25 20:10 - 2018-08-09 00:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2018-09-25 20:10 - 2018-08-09 00:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2018-09-25 20:10 - 2018-08-09 00:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-09-25 20:10 - 2018-08-09 00:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-09-25 20:10 - 2018-08-09 00:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-09-25 20:10 - 2018-08-09 00:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-09-25 20:10 - 2018-08-09 00:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll
2018-09-25 20:10 - 2018-08-09 00:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-09-25 20:10 - 2018-08-09 00:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-09-25 20:10 - 2018-08-09 00:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2018-09-25 20:10 - 2018-08-09 00:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-09-25 20:10 - 2018-08-09 00:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-09-25 20:10 - 2018-08-09 00:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-09-25 20:10 - 2018-08-09 00:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-09-25 20:10 - 2018-08-09 00:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-09-25 20:10 - 2018-08-08 23:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-09-25 20:10 - 2018-08-08 23:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls
2018-09-25 07:52 - 2018-09-25 07:52 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-09-25 07:52 - 2018-09-25 07:52 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-09-25 07:52 - 2018-09-25 07:52 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-09-25 07:52 - 2018-09-25 07:52 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-09-23 21:18 - 2018-09-23 21:19 - 000000000 ____D C:\Users\batman\Desktop\Seinfeld
2018-09-22 10:31 - 2018-09-22 10:31 - 000000165 ____H C:\Users\batman\Desktop\~$Introduction to Pharmacokinetic and Pharmacodynamic Parameters for Antibiotics.pptx
2018-09-16 15:12 - 2018-09-16 15:12 - 000000652 _____ C:\Users\batman\Desktop\Contact Lenses.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-12 22:23 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-12 22:20 - 2018-07-22 08:48 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-10-12 22:20 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2018-10-12 22:18 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-10-12 22:14 - 2018-07-22 08:53 - 000000000 ____D C:\Users\batman\AppData\Local\AVAST Software
2018-10-12 22:13 - 2018-07-22 00:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-12 22:13 - 2018-07-22 00:08 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2018-10-12 22:13 - 2018-07-21 23:07 - 000000000 ___RD C:\Users\batman\OneDrive - St. John's University
2018-10-12 22:13 - 2018-07-21 22:52 - 000000000 __SHD C:\Users\batman\IntelGraphicsProfiles
2018-10-12 22:13 - 2018-06-28 16:44 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-12 22:12 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-10-12 22:12 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-10-12 21:55 - 2017-09-29 09:46 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-10-12 21:30 - 2018-07-22 00:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-12 21:11 - 2018-07-22 13:40 - 000000000 ____D C:\Users\batman\AppData\Roaming\vlc
2018-10-12 20:15 - 2018-07-22 00:05 - 000000000 ____D C:\Users\batman
2018-10-12 20:08 - 2018-04-11 17:04 - 023592960 _____ C:\WINDOWS\system32\config\HARDWARE
2018-10-11 20:06 - 2018-07-22 08:52 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-10-10 16:48 - 2018-07-31 07:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-10-09 21:33 - 2018-07-23 10:45 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-10-09 21:32 - 2018-07-23 10:38 - 000000000 ____D C:\Users\batman\AppData\Local\Adobe
2018-10-09 19:38 - 2018-07-23 10:49 - 000000000 ____D C:\Users\batman\AppData\Local\CrashDumps
2018-10-09 19:38 - 2018-07-21 23:36 - 000000000 ____D C:\Users\batman\AppData\Roaming\uTorrent
2018-10-09 19:34 - 2018-07-22 09:22 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-10-09 18:29 - 2018-07-31 07:12 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-10-09 18:29 - 2018-07-31 07:12 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-10-09 18:29 - 2018-07-22 19:30 - 000000420 _____ C:\WINDOWS\Tasks\update-sys.job
2018-10-09 18:29 - 2018-07-22 19:30 - 000000420 _____ C:\WINDOWS\Tasks\update-S-1-5-21-2562023560-3925838451-1074170921-1001.job
2018-10-09 18:29 - 2018-07-22 00:03 - 004896032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-09 18:27 - 2018-07-22 08:52 - 001028840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-10-09 18:27 - 2018-07-22 08:52 - 000467904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-10-09 18:27 - 2018-07-22 08:52 - 000381144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-10-09 18:27 - 2018-07-22 08:52 - 000208640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-10-09 18:27 - 2018-07-22 08:52 - 000201408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-10-09 18:27 - 2018-07-22 08:52 - 000163376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-10-09 18:27 - 2018-07-22 08:52 - 000111968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-10-09 18:27 - 2018-07-22 08:52 - 000088112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-10-09 18:27 - 2018-07-22 08:52 - 000047064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-10-09 18:27 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-10-09 18:26 - 2018-07-22 08:52 - 000346760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-10-09 18:26 - 2018-07-22 08:52 - 000230512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-10-09 18:26 - 2018-07-22 08:52 - 000201928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-10-09 18:26 - 2018-07-22 08:52 - 000185240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-10-09 18:26 - 2018-07-22 08:52 - 000059664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-10-09 18:02 - 2018-08-22 19:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-10-09 18:02 - 2018-07-31 13:10 - 000002764 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-batmanbatman@gmail.com
2018-10-09 18:02 - 2018-07-31 07:12 - 000003452 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-10-09 18:02 - 2018-07-31 07:12 - 000003228 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-10-09 18:02 - 2018-07-22 19:30 - 000003056 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-2562023560-3925838451-1074170921-1001
2018-10-09 18:02 - 2018-07-22 19:30 - 000002800 _____ C:\WINDOWS\System32\Tasks\update-sys
2018-10-09 18:02 - 2018-07-22 00:08 - 000003492 _____ C:\WINDOWS\System32\Tasks\LenovoUtility Task
2018-10-09 18:02 - 2018-07-22 00:08 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 18:02 - 2018-07-22 00:08 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-10-09 18:02 - 2018-07-22 00:08 - 000003180 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2018-10-09 18:02 - 2018-07-22 00:08 - 000003176 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 18:02 - 2018-07-22 00:08 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-10-09 18:02 - 2018-07-22 00:08 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-10-09 18:02 - 2018-07-22 00:08 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 18:02 - 2018-07-22 00:08 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 18:02 - 2018-07-22 00:08 - 000002914 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 18:02 - 2018-07-22 00:08 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2562023560-3925838451-1074170921-1001
2018-10-09 18:02 - 2018-07-22 00:08 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 18:02 - 2018-07-22 00:08 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 18:02 - 2018-07-22 00:08 - 000002770 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-10-09 18:02 - 2018-07-22 00:08 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-09 18:02 - 2018-07-22 00:08 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-10-09 18:02 - 2018-07-22 00:08 - 000002024 _____ C:\WINDOWS\System32\Tasks\RTFTrack
2018-10-09 18:02 - 2018-07-22 00:08 - 000002016 _____ C:\WINDOWS\System32\Tasks\RtsCM
2018-10-09 17:20 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-09 17:17 - 2018-07-22 09:20 - 000000000 ____D C:\Users\batman\AppData\LocalLow\uTorrent
2018-10-09 17:11 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-10-08 20:42 - 2018-07-21 22:52 - 000000000 ____D C:\Users\batman\AppData\Roaming\Adobe
2018-10-08 20:38 - 2018-07-23 10:39 - 000000000 ____D C:\ProgramData\Adobe
2018-10-08 19:42 - 2018-07-23 11:07 - 000000000 ____D C:\Users\batman\AppData\LocalLow\Adobe
2018-10-07 22:40 - 2018-07-21 23:33 - 000000000 ____D C:\Users\batman\AppData\LocalLow\Mozilla
2018-10-07 22:23 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-07 22:15 - 2018-07-22 00:05 - 000002374 _____ C:\Users\batman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-01 18:48 - 2018-06-28 16:45 - 000477265 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-10-01 18:47 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-10-01 18:47 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-10-01 18:47 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-10-01 18:47 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-10-01 18:47 - 2018-04-11 17:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-10-01 18:39 - 2018-07-22 00:04 - 000000000 ____D C:\Program Files\Common Files\Dolby
2018-10-01 18:39 - 2018-06-28 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-10-01 18:39 - 2018-06-28 16:45 - 000000000 ____D C:\WINDOWS\system32\DAX3
2018-10-01 18:39 - 2018-06-28 16:45 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-09-30 22:35 - 2018-07-23 09:41 - 000001269 _____ C:\Users\batman\Desktop\batman.lnk
2018-09-18 17:35 - 2018-07-21 23:32 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-15 08:58 - 2018-07-21 22:52 - 000000000 ____D C:\Users\batman\AppData\Local\Packages

==================== Files in the root of some directories =======

2018-09-30 15:13 - 2018-09-30 15:13 - 000000000 _____ () C:\Users\batman\AppData\Local\oobelibMkey.log
2018-07-22 19:30 - 2018-07-22 19:30 - 000000003 _____ () C:\Users\batman\AppData\Local\updater.log
2018-07-22 19:30 - 2018-07-22 19:30 - 000000425 _____ () C:\Users\batman\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2018-10-12 21:36 - 2018-08-09 00:53 - 001947720 _____ (Microsoft Corporation) C:\Users\batman\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-22 00:03

==================== End of FRST.txt ============================
 
Addition.txt is below:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by batman (12-10-2018 22:26:42)
Running from C:\Users\batman\Desktop
Windows 10 Home Version 1803 17134.286 (X64) (2018-07-22 04:08:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2562023560-3925838451-1074170921-500 - Administrator - Disabled)
batman (S-1-5-21-2562023560-3925838451-1074170921-1001 - Administrator - Enabled) => C:\Users\batman
DefaultAccount (S-1-5-21-2562023560-3925838451-1074170921-503 - Limited - Disabled)
Guest (S-1-5-21-2562023560-3925838451-1074170921-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2562023560-3925838451-1074170921-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2562023560-3925838451-1074170921-1001\...\uTorrent) (Version: 3.5.4.44632 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Master Collection CC 2017 (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C4}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Master Collection CC 2017 Plus (HKLM-x32\...\{F9BE417A-9EB7-4BA8-8BFE-83F4E69355C3}) (Version: 10.0 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.7.2354 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
Dolby Atmos Windows API SDK (HKLM\...\{139C7F29-696B-4EEA-B4AF-2990C2ECF7AD}) (Version: 1.1.7.32 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{D539F055-FFE0-422D-8D57-0D9427E6ABA9}) (Version: 1.1.8.23 - Dolby Laboratories, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 59.4.93 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Lenovo Pen Settings Service (HKLM\...\ISD Tablet Driver) (Version: 7.5.1.21 - Wacom Technology Corp.)
Lenovo Yoga Mode Control (Inf Install) (HKLM\...\ACPIVPC) (Version: 15.11.28.179 - Lenovo)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2562023560-3925838451-1074170921-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24516 (HKLM-x32\...\{b8e12890-118d-4721-8e54-05d978086712}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24516 (HKLM-x32\...\{c325004c-5538-45b3-a7ad-94473a4dcd3b}) (Version: 14.0.24516.0 - Microsoft Corporation)
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1 - Mozilla)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8492 - Realtek Semiconductor Corp.) Hidden
RogueKiller version 12.13.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.13.4.0 - Adlice Software)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1260 - SUPERAntiSpyware.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{8CFAB044-7D2E-4655-B86D-99932E988980}) (Version: 2.45.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zotero (HKLM-x32\...\Zotero 5.0.54 (x86 en-US)) (Version: 5.0.54 - Corporation for Digital Scholarship)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-09] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-09] (AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-09] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\igfxDTCM.dll [2018-03-16] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-20] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-09] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {050BC6A5-A40D-4D47-B87C-36FAB3647651} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)
Task: {06702C74-D6EC-475B-BDD9-AAD3FC708ABE} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-15] (NVIDIA Corporation)
Task: {078D368E-3072-460A-B165-0F18CECFA040} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)
Task: {0B281E33-F782-4C7E-B737-F02E231C538E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {0CD2C348-B78D-4DD6-8E75-840B608C5CD3} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-batmanbatman@gmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10] (Adobe Systems, Incorporated)
Task: {1436165A-D58E-4D4C-AB9B-5118C1E0F143} - System32\Tasks\update-S-1-5-21-2562023560-3925838451-1074170921-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {143C5D4A-408F-4C44-8024-EB66CE693C7A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)
Task: {1ADCD7D0-FCD6-47F2-9482-4FAB22717329} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {1D677370-3F97-434D-AF31-55D4F3572270} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd)
Task: {1F7362FE-8C62-4CB1-9024-6940BBE4D304} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {29174688-5DD8-4E06-B790-62629A2978E5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2f4fefdd-cecf-4875-97af-a5658d69febc => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {2EA50E54-7507-4D4E-8B20-ACC221EFF28F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd)
Task: {37F2ABA9-0BF3-4939-9087-69782E359520} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-07-31] (Dropbox, Inc.)
Task: {3AA92536-A168-4887-85ED-4124F05D9074} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)
Task: {3DA14080-A519-47E3-8BCF-6ECE83CB81AD} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-05-16] (Lenovo Group Limited)
Task: {3E5CEAB6-3CAB-4F84-B6C6-1DE97ACB1799} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {3F1A7A0F-7D15-438F-99FE-5EBEFB6947AC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-15] (NVIDIA Corporation)
Task: {4825457F-B1D1-4621-AA81-9BF57D88B3F8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-07-31] (Dropbox, Inc.)
Task: {48AF70E7-9265-4BDC-8815-7C97520E0BBC} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a287c33d-b991-4c78-9964-20d03d9b4723 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {4AEEE8D5-87CF-4760-A37A-261675F81513} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [2018-04-11] (Microsoft Corporation)
Task: {5F91BACB-3C2A-4817-85A9-B672D8441AA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)
Task: {61C3514C-DB48-479D-B2D4-D2C95872D0D7} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)
Task: {658ABD6D-504F-4C8F-8A32-FEF5873F4A8A} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {67807ECA-186C-4D60-B43D-F2CDDEC97359} - System32\Tasks\RTFTrack => C:\WINDOWS\RTFTrack.exe [2017-10-29] (Realtek semiconductor)
Task: {6A622169-2233-41E6-8924-EFC36C972833} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)
Task: {6A7D8F00-8064-48F0-AC2E-DDDD66DD990D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-09-22] (AVAST Software)
Task: {6B754209-03C1-4D50-87CD-FDF20A79BDAB} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)
Task: {6E9DAD3F-B9E0-4096-8359-C9643391AEC8} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [2017-10-11] (Intel(R) Corporation)
Task: {74A5D1BE-DD00-49DE-999C-704E3011B477} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\eb898dd8-77b0-4e20-a3ec-c290a3b794f5 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {768117F8-2A28-4B39-AC44-3EA059820959} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-15] (NVIDIA Corporation)
Task: {7779410F-6410-4E0C-88B8-BA099075507C} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)
Task: {7A637B88-FCF8-41D1-8237-1A7511CA58FD} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)
Task: {7AAAE259-17D5-4EAC-BB02-3AE2C87479A0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\eeb6349b-ae7a-4bd5-bb86-d00f743ba197 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {84B5E69B-2DA4-4339-B4BD-0F697847EE84} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)
Task: {967F3CA6-8D93-40B9-BC58-365997BAF8EA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)
Task: {9D43D060-E461-40DB-98B3-9966B1873DA8} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {9FBD5916-E681-4516-9052-4B0C6A4175B1} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {A506C377-B21D-49BB-AA28-1C2EF1267586} - System32\Tasks\Lenovo\Lenovo ITS PnP Task => C:\WINDOWS\System32\LITSSvc.exe [2017-10-30] (Lenovo.)
Task: {AEB5BE6A-1CFA-4B02-ACE2-F9513417030C} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)
Task: {CA81D91B-6A01-44C7-8888-F914A4DE4DD6} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)
Task: {CC9476AB-A509-47F3-8A05-E47D140965E2} - System32\Tasks\Lenovo\Lenovo YMC Uninstall Task => C:\WINDOWS\System32\YMC.exe [2018-05-02] (Lenovo)
Task: {D2253136-C2E4-47B1-A865-6048C570B498} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-15] (NVIDIA Corporation)
Task: {D7F9317B-4FBB-4163-AE86-DBE4F3AEE7DC} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [2018-04-11] (Microsoft Corporation)
Task: {E1FC21DD-E9B9-4CB9-B319-0BDBB5B2E980} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\258B26BE-BC5E-4B92-A3A6-A9D9ABE4F0BF\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [2018-04-11] (Microsoft Corporation)
Task: {ED625319-7254-4E3D-9E9D-2F9D7C58969D} - System32\Tasks\RtsCM => C:\WINDOWS\RtsCM64.exe [2017-10-29] (Realtek Semiconductor Corp.)
Task: {F488EB15-744A-42EB-81D3-3C2E74BF243C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-10-09] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2562023560-3925838451-1074170921-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-05-03 00:44 - 2018-05-03 00:44 - 000174248 _____ () C:\WINDOWS\system32\IntelWifiIhv06.dll
2018-10-10 21:12 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-10-10 21:12 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-19 09:07 - 2017-09-19 09:07 - 000212784 _____ () C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
2017-09-19 09:08 - 2017-09-19 09:08 - 000298288 _____ () C:\Program Files\Dolby\Dolby DAX3\API\RuntimeController.dll
2017-09-19 09:08 - 2017-09-19 09:08 - 000303408 _____ () C:\Program Files\Dolby\Dolby DAX3\API\TuningFileParser.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-09-25 20:10 - 2018-09-14 22:17 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-22 09:53 - 2018-07-22 09:54 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-22 09:53 - 2018-07-22 09:54 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-22 09:53 - 2018-07-22 09:54 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-22 09:53 - 2018-07-22 09:54 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-22 09:53 - 2018-07-22 09:54 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-09-13 16:54 - 2018-09-13 16:55 - 000088888 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\zlib1.dll
2018-09-13 16:54 - 2018-09-13 16:55 - 001356088 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\libxml2.dll
2018-09-18 17:35 - 2018-09-15 04:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-18 17:35 - 2018-09-15 04:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2018-07-22 08:52 - 2018-07-22 08:52 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-10-09 18:27 - 2018-10-09 18:27 - 000598232 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 09:46 - 2018-10-11 16:45 - 000001056 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2562023560-3925838451-1074170921-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{12C1ABC2-A1E3-4963-8250-1C1C1051FBFE}] => (Allow) C:\Users\batman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3AF7E05B-2324-4D5F-B9CD-54D382BC2486}] => (Allow) C:\Users\batman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{329CA0B8-4551-4A35-A5F7-9AC43290A98F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{466A2E5B-7834-4FFC-802D-0D9AA82B9B05}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7B305793-43E2-4414-9952-22FE8285E51F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{0E5792AA-B2D4-42AB-90C7-AAC496198E8C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{E928F9A1-C4CB-4D04-A0DD-929E710948E7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{E6A5C94A-2EA9-4231-8CBA-57A5CB498BF2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{48934989-01E7-4ED1-8F6F-481A0B0D9929}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{1565FC03-0C1A-44C6-A408-B650EA9CECDF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{2BFD30D6-2D4C-4594-A746-6741F8EC34C2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{87292CD8-549A-4576-9608-80E24338535F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12090.167.37085.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{8548DC4D-393D-4EF5-8E61-BAFD5DA107FE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{529D406A-6CB3-47B1-9A3D-40FB872D5925}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.10827.20138.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe
FirewallRules: [{FDDE3D2E-EFFB-45BE-9C7F-13C2497288C9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{709635CA-E1E8-4E28-9A4B-46664B6F4358}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{8CC7DA95-861C-4E09-A25A-AE4A992689CB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{BD31E25E-6D9A-4085-81C0-E9568346F01F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [TCP Query User{DEC02194-C524-48C4-B042-01A62F68572A}C:\users\batman\appdata\roaming\teamviewer\logs\5\teamviewer.exe] => (Block) C:\users\batman\appdata\roaming\teamviewer\logs\5\teamviewer.exe
FirewallRules: [UDP Query User{B2BF20B6-C22D-4401-BD91-F7CB9F87B465}C:\users\batman\appdata\roaming\teamviewer\logs\5\teamviewer.exe] => (Block) C:\users\batman\appdata\roaming\teamviewer\logs\5\teamviewer.exe
FirewallRules: [{08093988-C83F-4414-90E1-FF9F60C9E9C2}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2018 09:55:56 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/12/2018 09:55:56 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/12/2018 09:55:47 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/12/2018 09:55:47 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/12/2018 09:30:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
Faulting module name: SelfProtectionSdk.dll, version: 3.0.0.360, time stamp: 0x5b995ba2
Exception code: 0xc0000409
Fault offset: 0x000000000014e2a9
Faulting process id: 0x1258
Faulting application start time: 0x01d46293331d3114
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
Report Id: 5c44433b-e3c0-4dbf-ad6e-706924291b1c
Faulting package full name:
Faulting package-relative application ID:

Error: (10/12/2018 08:15:36 PM) (Source: ESENT) (EventID: 104) (User: )
Description: svchost (12960,T,97) The database engine stopped the instance (0) with error (-510).



Internal Timing Sequence:
[1] 0.000012 +J(0)
[2] 0.000064 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[3] 0.000015 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[4] 0.000010 +J(0)
[5] 0.016832 +J(0) +M(C:0K, Fs:12, WS:40K # 0K, PF:0K # 0K, P:0K)
[6] 0.000018 +J(0)
[7] -
[8] 0.000011 +J(0)
[9] 0.016344 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:41/1) +M(C:0K, Fs:43, WS:152K # 0K, PF:-24K # 0K, P:-24K)
[10] -
[11] 0.000012 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[12] -
[13] 0.000072 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K)
[14] 0.000120 +J(0)
[15] 0.000027 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-12K # 0K, P:-12K)
[16] 0.000003 +J(0).

Error: (10/12/2018 08:15:36 PM) (Source: ESENT) (EventID: 492) (User: )
Description: svchost (12960,T,97) The logfile sequence in "C:\ProgramData\Microsoft\SmsRouter\MessageStore\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.

Error: (10/12/2018 08:15:36 PM) (Source: ESENT) (EventID: 413) (User: )
Description: svchost (12960,T,97) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1022.


System errors:
=============
Error: (10/12/2018 10:24:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-K6KNP79)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-K6KNP79\batman SID (S-1-5-21-2562023560-3925838451-1074170921-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/12/2018 10:23:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/12/2018 10:22:34 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-K6KNP79)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-K6KNP79\batman SID (S-1-5-21-2562023560-3925838451-1074170921-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/12/2018 10:18:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/12/2018 10:13:56 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-K6KNP79)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-K6KNP79\batman SID (S-1-5-21-2562023560-3925838451-1074170921-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/12/2018 10:13:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/12/2018 10:13:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/12/2018 10:13:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2018-10-12 20:56:24.175
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.

Date: 2018-10-12 20:56:24.057
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.

Date: 2018-10-12 20:56:23.875
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.

Date: 2018-10-12 20:09:13.865
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.

Date: 2018-10-12 20:09:13.769
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.

Date: 2018-10-12 20:09:13.748
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.

Date: 2018-10-12 19:06:06.656
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.

Date: 2018-10-12 19:06:06.647
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\atcpomhsvc.exe that did not meet the Unchecked signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 25%
Total physical RAM: 16199.89 MB
Available physical RAM: 12057.05 MB
Total Virtual: 18631.89 MB
Available Virtual: 13590.34 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:450.69 GB) (Free:63.64 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.14 GB) NTFS

\\?\Volume{57ae20f9-6e3f-4867-9201-240ed35da09d}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.59 GB) NTFS
\\?\Volume{a0dff18b-b129-4ac7-9ee3-13398c3a5f91}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 3FB8B4A6)

Partition: GPT.

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    679 bytes · Views: 2
I am unable to copy and paste the fixlog.txt body to this reply. The website is marking my post as spam. Would it be alright for me to upload the file?
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
786
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back