Jump to content

High CPU Consumer, Game Lag, Loud Fan


Recommended Posts

Thanks for the update, I do not believe this is a malware issue. Is the cpu reading a constant 99% with "taskhostw.exe" the main user...? Can you also do the following:

Select the Windows key and X key together, from the winx menu select "Command Prompt (Admin)"

At the prompt type or copy/paste :- DISM /Online /Cleanup-Image /CheckHealth then hit the enter key. What results do you get..?

If the winx menu shows powershell (admin) instead of command prompt (admin) reset back as follows:

Select > start > settings > Personalization > Taskbar > flick switch to OFF under "Replace Command prompt with PowerShell etc etc"

Thank you,

Kevin...

Link to post
Share on other sites

  • Replies 55
  • Created
  • Last Reply

Top Posters In This Topic

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.11.2018
Ran by Rog (administrator) on DESKTOP-TQPRN0M (12-11-2018 18:03:28)
Running from C:\Users\Rog\Desktop\Fix
Loaded Profiles: Rog (Available Profiles: Rog)
Platform: Windows 10 Home Single Language Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.281_none_eada712a1d8142be\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit64.exe [53832 2015-07-15] ()
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [63272 2015-12-24] ()
HKLM-x32\...\Run: [Gaming Mouse Driver] => C:\Program Files (x86)\Gaming Mouse\Monitor.EXE [491520 2015-01-22] ()
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-08-04] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1767816 2016-08-05] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1953688 2016-08-05] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems Inc.)
HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3207968 2018-09-08] (Valve Corporation)
Startup: C:\Users\Rog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-11-15]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Rog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-10-19]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
Startup: C:\Users\Rog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-06-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{35d6185e-ef25-4ecc-bdb7-3e765424e5dd}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{cd67af25-ade7-4f28-ba48-275d6751c8b1}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{f344cc46-d43c-4bcd-8a20-52164cf76315}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131646836558108605&GUID=BAC0ED47-BDE3-47FC-8D5C-D246C4C0D3D4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-43982905-3560842919-2321973015-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-43982905-3560842919-2321973015-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-43982905-3560842919-2321973015-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-43982905-3560842919-2321973015-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-13] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2018-11-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-13] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-43982905-3560842919-2321973015-1001 -> hxxp://www.google.com

FireFox:
========
FF DefaultProfile: wcssj3h6.default
FF ProfilePath: C:\Users\Rog\AppData\Roaming\Mozilla\Firefox\Profiles\wcssj3h6.default [2018-11-12]
FF NewTab: Mozilla\Firefox\Profiles\wcssj3h6.default -> about:newtab
FF SearchPlugin: C:\Users\Rog\AppData\Roaming\Mozilla\Firefox\Profiles\wcssj3h6.default\searchplugins\google-avast.xml [2017-03-13]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-11-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-10-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-10-10] (NVIDIA Corporation)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [No File]
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-10-06] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-43982905-3560842919-2321973015-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rog\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2018-11-12] <==== ATTENTION
CHR Extension: (Slides) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-12]
CHR Extension: (Kaspersky Protection) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-11-12]
CHR Extension: (Docs) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-12]
CHR Extension: (Google Drive) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-12]
CHR Extension: (YouTube) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-11-12]
CHR Extension: (Sheets) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-12]
CHR Extension: (Google Docs Offline) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-12]
CHR Extension: (Gmail) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-12]
CHR Extension: (Chrome Media Router) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-12]
CHR Profile: C:\Users\Rog\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-12]
CHR Profile: C:\Users\Rog\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-12]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [126648 2016-06-16] (ASUSTek Computer Inc.)
S4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe [75264 2015-12-24] (ASUS Cloud Corporation) [File not signed]
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7212480 2018-08-09] ()
S4 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] ()
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2018-06-22] (EasyAntiCheat Ltd)
S4 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-11-09] (Intel Corporation)
S4 FBAgent; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe [73032 2014-08-13] ()
S4 HnGSteamService; C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [735528 2018-05-30] (Reto-Moto ApS)
S4 ibtsiva; C:\WINDOWS\System32\ibtsiva.exe [550568 2018-05-02] (Intel Corporation)
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
S4 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-05-26] (Intel Corporation)
S4 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdatesvr.exe [133480 2016-03-31] (Zhuhai Kingsoft Office Software Co.,Ltd)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\vssbridge64.exe [416560 2018-11-06] (AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265824 2018-04-16] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation)
S4 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [49704 2016-06-07] (ASUSTeK COMPUTER INC.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
S4 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1897184 2016-05-17] (Intel Corporation)
S4 Tran_Process_Proc; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe [71024 2014-03-25] ()
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-24] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-24] (Microsoft Corporation)
S4 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848288 2018-04-16] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S2 ShMonitor; "C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe" [X]
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-26] (Apple Inc.)
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [95224 2016-05-20] (ASUS Corporation)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-02-23] (Bluestack System Inc. )
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-11-09] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-11-09] (Intel Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-03-11] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-03-11] (Disc Soft Ltd)
S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-11-07] (EnigmaSoft Limited)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-11-09] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-10-18] (Malwarebytes)
S3 farmntio; C:\Windows\system32\drivers\farmntio.sys [25144 2014-03-25] () [File not signed]
R1 gfdriver; C:\WINDOWS\System32\drivers\gfdriver.sys [51904 2015-01-14] (Titan ARC Corp.)
S3 GMLXDFltr01; C:\WINDOWS\system32\drivers\GMLXDFltr01.sys [10752 2014-07-24] (LXD Development, Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-11-06] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [198168 2018-04-19] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [73416 2018-11-06] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [123152 2018-11-06] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [89168 2018-11-06] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2017-03-30] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [220472 2018-11-06] (AO Kaspersky Lab)
R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [1214752 2018-11-06] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [185576 2018-11-06] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1113912 2018-11-06] (AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45768 2018-11-06] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [48080 2018-02-12] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [238528 2018-11-06] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [100136 2018-11-09] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [289856 2018-11-06] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [110640 2018-11-06] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [193168 2018-11-06] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [161080 2018-07-20] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-11-11] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [119136 2018-11-12] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63768 2018-11-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-12] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [111152 2018-11-12] (Malwarebytes)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-11] (Intel Corporation)
R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8743448 2018-04-26] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_eb18ef0e5d636f6f\nvlddmkm.sys [20337064 2018-10-12] (NVIDIA Corporation)
R0 nvpciflt; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_eb18ef0e5d636f6f\nvpciflt.sys [48496 2018-10-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-05-17] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-11] (Microsoft Corporation)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2018-01-15] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-10-24] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [328696 2018-10-24] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-24] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-21] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-12 16:09 - 2018-11-12 16:09 - 000000000 ____D C:\ProgramData\Sophos
2018-11-12 16:08 - 2018-11-12 16:08 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2018-11-12 16:08 - 2018-11-12 16:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-11-12 16:08 - 2018-11-12 16:08 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-11-12 16:04 - 2018-11-12 16:06 - 210619224 _____ (Sophos Limited) C:\Users\Rog\Downloads\Sophos Virus Removal Tool.exe
2018-11-12 16:01 - 2018-11-12 16:01 - 000000000 ____D C:\Users\Rog\AppData\Roaming\Google
2018-11-12 15:59 - 2018-11-12 17:39 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-11-12 15:59 - 2018-11-12 15:59 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-12 15:59 - 2018-11-12 15:59 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-11-12 15:59 - 2018-11-12 15:59 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-11-12 15:54 - 2018-11-12 15:54 - 000001018 _____ C:\Users\Rog\Downloads\fixlist.txt
2018-11-12 15:53 - 2018-11-12 15:57 - 000000000 ____D C:\Users\Rog\Desktop\Fix
2018-11-12 00:00 - 2018-11-12 00:00 - 000063145 _____ C:\Users\Rog\Desktop\Addition.txt
2018-11-11 23:57 - 2018-11-12 18:03 - 000000000 ____D C:\FRST
2018-11-11 23:53 - 2018-11-11 23:53 - 000001819 _____ C:\Users\Rog\Desktop\AdwCleaner[C03].txt
2018-11-11 23:50 - 2018-11-11 23:50 - 007592144 _____ (Malwarebytes) C:\Users\Rog\Downloads\adwcleaner_7.2.4.0.exe
2018-11-11 23:49 - 2018-11-11 23:49 - 000001229 _____ C:\Users\Rog\Desktop\Malwarebytesscan.txt
2018-11-11 23:39 - 2018-11-11 23:39 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-11-11 23:39 - 2018-11-11 23:39 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-11 23:39 - 2018-11-11 23:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-11 23:39 - 2018-11-11 23:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-11 23:39 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-11 23:37 - 2018-11-11 23:39 - 079602504 _____ (Malwarebytes ) C:\Users\Rog\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7793 (1).exe
2018-11-11 23:33 - 2018-11-11 23:35 - 079602504 _____ (Malwarebytes ) C:\Users\Rog\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7793.exe
2018-11-11 20:16 - 2018-11-11 20:16 - 000032784 _____ C:\Users\Rog\Downloads\Upgrade.2018.720p.BluRay.x264-DRONES English.zip
2018-11-11 20:16 - 2018-08-17 03:11 - 000088632 ____N C:\Users\Rog\Desktop\Upgrade.2018.720p.BluRay.x264-DRONES.srt
2018-11-10 22:50 - 2018-11-10 22:50 - 000092922 _____ C:\Users\Rog\Documents\expense-receipt.pdf
2018-11-09 16:14 - 2018-11-09 16:14 - 000058257 _____ C:\Users\Rog\Desktop\mbst-clean-results.txt
2018-11-09 16:14 - 2018-11-09 16:14 - 000000000 ____D C:\Users\Rog\AppData\Local\mbamtray
2018-11-09 16:14 - 2018-11-09 16:14 - 000000000 ____D C:\Users\Rog\AppData\Local\mbam
2018-11-09 16:13 - 2018-11-09 16:14 - 079503552 _____ (Malwarebytes ) C:\WINDOWS\SysWOW64\mb-setup.exe
2018-11-09 16:11 - 2018-11-09 16:11 - 002415616 _____ (Farbar) C:\Users\Rog\Downloads\FRSTEnglish.exe
2018-11-09 16:10 - 2018-11-09 16:10 - 003567392 _____ C:\Users\Rog\Downloads\mb-support-1.3.0.549.exe
2018-11-09 15:37 - 2018-11-09 15:37 - 006221992 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Rog\Downloads\GPU-Z_ASUS_ROG_2.14.0.exe
2018-11-09 15:36 - 2018-11-09 15:50 - 000000000 ____D C:\Program Files\PeerBlock
2018-11-09 15:35 - 2018-11-09 15:35 - 002374320 _____ (PeerBlock, LLC ) C:\Users\Rog\Downloads\PeerBlock-Setup_v1.2_r693.exe
2018-11-08 21:49 - 2018-11-08 21:50 - 007880748 _____ C:\Users\Rog\Downloads\SSRN-id880566.pdf
2018-11-08 20:46 - 2018-11-08 20:46 - 001523677 _____ C:\Users\Rog\Downloads\SSRN-id1961708.pdf
2018-11-08 13:23 - 2018-11-09 16:04 - 000100136 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2018-11-07 19:57 - 2018-11-07 19:57 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-11-07 19:18 - 2018-11-07 19:18 - 000232610 _____ C:\Users\Rog\Downloads\Could_Lehman_Brothers_Collapse_Be_Anticipated_An_.pdf
2018-11-07 16:52 - 2018-11-09 16:12 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-11-07 16:51 - 2018-11-07 16:51 - 006625600 _____ (Zemana Ltd. ) C:\Users\Rog\Downloads\Zemana.AntiMalware.Setup (1).exe
2018-11-07 16:50 - 2018-11-07 16:50 - 011576808 _____ (SurfRight B.V.) C:\Users\Rog\Downloads\hitmanpro_x64 (2).exe
2018-11-07 16:35 - 2018-11-07 16:36 - 079073704 _____ (Malwarebytes ) C:\Users\Rog\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7717.exe
2018-11-07 16:09 - 2018-11-07 16:47 - 000061624 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2018-11-07 16:09 - 2018-11-07 16:47 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2018-11-07 16:09 - 2018-11-07 16:09 - 000001057 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2018-11-07 16:09 - 2018-11-07 16:09 - 000000000 ____D C:\sh5ldr
2018-11-07 16:09 - 2018-11-07 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2018-11-07 16:02 - 2018-11-07 16:02 - 001235408 _____ (GridinSoft LLC) C:\Users\Rog\Downloads\setup-gsam-cnet.exe
2018-11-07 15:48 - 2018-11-07 15:48 - 000000000 ____D C:\ProgramData\GridinSoft
2018-11-07 15:47 - 2018-11-07 15:47 - 000873360 _____ (GridinSoft LLC) C:\Users\Rog\Downloads\setup-antimalware-9.exe
2018-11-06 23:25 - 2018-11-06 23:25 - 000012881 _____ C:\Users\Rog\Downloads\Growth Rates.xlsx
2018-11-06 16:50 - 2018-11-06 16:50 - 000002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2018-11-06 16:50 - 2018-11-06 16:50 - 000001141 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-11-06 16:50 - 2018-11-06 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2018-11-06 16:50 - 2018-11-06 16:50 - 000000000 ____D C:\Program Files (x86)\Evernote
2018-11-06 16:23 - 2018-11-06 16:23 - 000289856 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2018-11-06 16:22 - 2018-11-06 18:24 - 000193168 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2018-11-06 16:22 - 2018-11-06 16:22 - 000238528 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2018-11-06 16:22 - 2018-11-06 16:22 - 000110640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2018-11-06 16:09 - 2018-11-06 16:09 - 002269184 _____ C:\Users\Rog\Downloads\Session 2 Slides.ppt
2018-11-06 16:03 - 2018-11-09 16:12 - 000000000 ____D C:\Program Files\Common Files\AV
2018-11-06 16:03 - 2018-11-06 16:03 - 000002210 _____ C:\Users\Public\Desktop\Safe Money.lnk
2018-11-06 16:03 - 2018-11-06 16:03 - 000002182 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2018-11-06 16:03 - 2018-11-06 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2018-11-06 16:03 - 2018-11-06 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-11-06 16:03 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2018-11-06 16:02 - 2018-11-12 16:40 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-11-06 16:02 - 2018-11-06 16:21 - 000220472 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2018-11-06 16:02 - 2018-11-06 16:20 - 001113912 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2018-11-06 16:02 - 2018-11-06 16:20 - 000152960 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2018-11-06 16:02 - 2018-11-06 16:19 - 001214752 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2018-11-06 16:02 - 2018-11-06 16:03 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-11-06 16:01 - 2018-11-06 16:01 - 002573024 _____ (Kaspersky Lab) C:\Users\Rog\Downloads\startup_14832.exe
2018-11-06 15:52 - 2018-11-06 15:52 - 000309319 _____ C:\Users\Rog\Downloads\InternationalReview_2010.pdf
2018-11-06 12:13 - 2018-11-06 12:13 - 007592144 _____ (Malwarebytes) C:\Users\Rog\Downloads\AdwCleaner.exe
2018-11-06 12:01 - 2018-11-06 12:02 - 080022264 _____ (Malwarebytes ) C:\Users\Rog\Downloads\mb3-setup-1878.1878-3.6.1.2711.exe
2018-11-06 11:59 - 2018-11-06 12:00 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Rog\Downloads\iExplore.exe
2018-11-06 11:54 - 2018-11-06 11:54 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-11-06 11:53 - 2018-11-06 11:53 - 011576808 _____ (SurfRight B.V.) C:\Users\Rog\Downloads\hitmanpro_x64 (1).exe
2018-11-06 11:50 - 2018-11-11 23:39 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-06 11:49 - 2018-11-06 11:50 - 078955096 _____ (Malwarebytes ) C:\Users\Rog\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7699 (1).exe
2018-11-06 03:59 - 2018-11-06 15:37 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-11-06 03:58 - 2018-11-06 03:58 - 003017632 _____ C:\Users\Rog\Downloads\SecurityTaskManager_Setup.exe
2018-11-06 03:46 - 2018-11-06 03:47 - 078955096 _____ (Malwarebytes ) C:\Users\Rog\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7699.exe
2018-11-06 03:46 - 2018-11-06 03:46 - 000000000 ____D C:\WINDOWS\Panther
2018-11-06 02:26 - 2018-11-07 15:34 - 001208200 _____ C:\WINDOWS\ntbtlog.txt
2018-11-06 02:26 - 2018-11-07 13:09 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-11-06 01:44 - 2018-10-10 22:38 - 000133432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-11-06 01:41 - 2018-10-12 15:38 - 000978312 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2018-11-06 01:41 - 2018-10-12 15:38 - 000978312 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-11-06 01:41 - 2018-10-12 15:38 - 000845184 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2018-11-06 01:41 - 2018-10-12 15:38 - 000845184 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-11-06 01:41 - 2018-10-12 15:38 - 000268168 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2018-11-06 01:41 - 2018-10-12 15:38 - 000268168 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-11-06 01:41 - 2018-10-12 15:38 - 000243616 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2018-11-06 01:41 - 2018-10-12 15:38 - 000243616 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-11-06 01:41 - 2018-10-12 15:37 - 002017888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441634.dll
2018-11-06 01:41 - 2018-10-12 15:37 - 001997736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-11-06 01:41 - 2018-10-12 15:37 - 001508112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-11-06 01:41 - 2018-10-12 15:37 - 001468464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441634.dll
2018-11-06 01:41 - 2018-10-12 15:37 - 001455560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-11-06 01:41 - 2018-10-12 15:37 - 001122672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-11-06 01:41 - 2018-10-12 15:37 - 000631664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-11-06 01:41 - 2018-10-12 15:37 - 000522184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-11-06 01:41 - 2018-10-12 15:36 - 040254128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-11-06 01:41 - 2018-10-12 15:36 - 035151944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-11-06 01:41 - 2018-10-12 15:36 - 004937960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-11-06 01:41 - 2018-10-12 15:36 - 004310600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-11-06 01:41 - 2018-10-12 15:36 - 000750256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-11-06 01:41 - 2018-10-12 15:36 - 000608488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 035298072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 029973400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 015907200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 013202856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 001471392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 001462184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 001167376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 001151960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 001145512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 000914552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 000822552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 000794416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 000637456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-11-06 01:41 - 2018-10-12 12:35 - 019705728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-11-06 01:41 - 2018-10-12 12:35 - 016984816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-11-06 01:41 - 2018-10-11 23:16 - 001685104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2018-11-06 01:41 - 2018-10-11 23:16 - 000227856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2018-11-06 01:41 - 2018-10-11 23:16 - 000047576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-11-06 01:26 - 2018-11-06 01:27 - 029571356 _____ (NVIDIA Corporation) C:\Users\Rog\Downloads\Unconfirmed 486273.crdownload
2018-11-05 01:59 - 2018-11-05 01:59 - 000001377 _____ C:\Users\Public\Desktop\IntelProcessor Diagnostic Tool 64bit.lnk
2018-11-05 01:59 - 2018-11-05 01:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2018-11-05 01:59 - 2018-11-05 01:59 - 000000000 ____D C:\Program Files\Intel Corporation
2018-11-05 01:57 - 2018-11-05 01:58 - 104405911 _____ (Intel Corporation) C:\Users\Rog\Downloads\IPDT_Installer_4.1.0.31_64bit.exe
2018-11-05 01:43 - 2018-11-05 01:43 - 001734994 _____ (7Byte Computers ) C:\Users\Rog\Downloads\hotcpu.exe
2018-11-05 00:16 - 2018-11-05 00:16 - 001578160 _____ C:\Users\Rog\Downloads\res2005ir-annual-report-and-accounts-2005.pdf
2018-11-05 00:02 - 2018-11-05 00:02 - 019755520 _____ C:\Users\Rog\Downloads\FSRFA Session 13 - Summary  review (2).ppt
2018-11-04 17:17 - 2018-11-04 17:19 - 107455726 _____ C:\Users\Rog\Downloads\PES 2018 more FPS (Demo File).rar
2018-10-30 19:40 - 2018-10-30 19:40 - 006147584 _____ C:\Users\Rog\Downloads\Session 8 Slides (1).ppt
2018-10-30 12:28 - 2018-10-30 12:28 - 019739648 _____ C:\Users\Rog\Downloads\FSRFA Session 13 - Summary  review (1).ppt
2018-10-30 12:25 - 2018-10-30 12:25 - 019755520 _____ C:\Users\Rog\Downloads\FSRFA Session 13 - Summary  review.ppt
2018-10-30 12:09 - 2018-10-30 12:09 - 006147584 _____ C:\Users\Rog\Downloads\Session 8 Slides.ppt
2018-10-29 19:02 - 2018-10-29 19:02 - 003220480 _____ C:\Users\Rog\Downloads\FSRFA Session 1 - Overview and Intro to Risk Final.ppt
2018-10-29 15:41 - 2018-10-29 15:41 - 000155704 _____ C:\Users\Rog\Downloads\bsm_cw.pdf
2018-10-29 09:08 - 2018-10-29 09:08 - 000029273 _____ C:\Users\Rog\Downloads\sicario-day-of-the-soldado-2018-720p-bluray-x264-yts-ag-english-133712.zip
2018-10-28 22:21 - 2018-10-28 22:21 - 000277094 _____ C:\Users\Rog\Desktop\brp 1.pdf
2018-10-28 22:20 - 2018-10-28 22:21 - 000254814 _____ C:\Users\Rog\Documents\brp.pdf
2018-10-27 18:15 - 2018-10-27 18:15 - 000030441 _____ C:\Users\Rog\Downloads\elysium-english-yify-6342.zip
2018-10-27 18:15 - 2014-02-08 09:07 - 000078837 _____ C:\Users\Rog\Desktop\elysium-yify-english.srt
2018-10-26 21:25 - 2018-10-26 21:25 - 000035089 _____ C:\Users\Rog\Downloads\StartUp.S01E10.720p.WEBrip-Downloado.site-.srt
2018-10-26 19:35 - 2018-10-26 19:35 - 000014996 _____ C:\Users\Rog\Downloads\StartUp-01x09-Hostile-Takeover.WEB-DL.x264.English.rar
2018-10-26 19:35 - 2018-10-26 19:35 - 000014240 _____ C:\Users\Rog\Downloads\StartUp-01x08-Pro-Rata.WEB-DL.x264.English.rar
2018-10-26 19:35 - 2018-10-26 19:35 - 000012715 _____ C:\Users\Rog\Downloads\StartUp-01x10-Recapitalization.WEB-DL.x264.English.rar
2018-10-26 01:09 - 2018-10-26 01:09 - 000018447 _____ C:\Users\Rog\Downloads\StartUp-01x07-Valuation.WEB-DL-AAC2.0-H.264.English.rar
2018-10-25 22:58 - 2018-10-25 22:58 - 000017400 _____ C:\Users\Rog\Downloads\StartUp-01x06-Bootstrapped.WEB-DL-AAC2.0-H.264.English.rar
2018-10-25 22:58 - 2018-10-25 22:58 - 000012545 _____ C:\Users\Rog\Downloads\StartUp-01x05-Buyout.WEB-DL.English.rar
2018-10-25 22:57 - 2018-10-25 22:57 - 000014262 _____ C:\Users\Rog\Downloads\StartUp-01x04-Angel-Investor.WEB-DL-1.rar
2018-10-24 21:48 - 2018-10-24 21:48 - 000019417 _____ C:\Users\Rog\Downloads\StartUp-01x03-Proof-of-Concept.WEB-DL.AAC2_.0.H.264.English.C.edit_.rar
2018-10-24 21:06 - 2018-10-24 21:06 - 000015412 _____ C:\Users\Rog\Downloads\StartUp-01x02-Ground-Floor.WEB_.DL_.AAC2_.0.H.264.English.C.edit_-1.rar
2018-10-24 20:14 - 2018-10-24 20:14 - 000020695 _____ C:\Users\Rog\Downloads\StartUp-01x01-Seed-Money.WEB_.DL_.HEVC_.English.C..rar
2018-10-23 12:30 - 2018-11-01 17:30 - 000000000 ____D C:\Users\Rog\Desktop\MSc Fintech
2018-10-22 19:32 - 2018-10-22 19:32 - 000064660 _____ C:\Users\Rog\Downloads\inside-job-english-yify-8771.zip
2018-10-21 20:07 - 2018-10-21 20:07 - 004026368 _____ C:\Users\Rog\Downloads\FSRFA Session 11 - Credit Assessment Behavioural Conduct and AI FINAL.ppt
2018-10-21 19:34 - 2018-10-21 19:34 - 000149829 _____ C:\Users\Rog\Downloads\w5t3 - do people like nudges_ - sunstein.pdf
2018-10-21 19:28 - 2018-10-21 19:28 - 000620234 _____ C:\Users\Rog\Downloads\w5t3 - a critical assessment of libertarian paternalism - rebonato.pdf
2018-10-21 19:28 - 2018-10-21 19:28 - 000572482 _____ C:\Users\Rog\Downloads\w5t3 - can nudges be transparent and yet effective_ - bruns et al.pdf
2018-10-21 19:23 - 2018-10-21 19:23 - 000559977 _____ C:\Users\Rog\Downloads\w5t2 - the power of suggestion - madrian shea.pdf
2018-10-21 19:20 - 2018-10-21 19:20 - 000132330 _____ C:\Users\Rog\Downloads\w5t2 - save more tomorrow - benartzi thaler.pdf
2018-10-21 19:16 - 2018-10-21 19:16 - 000800994 _____ C:\Users\Rog\Downloads\w5t2 - choices in repeated gambles and retirement savings - benartzi thaler.pdf
2018-10-21 19:13 - 2018-10-21 19:13 - 000214625 _____ C:\Users\Rog\Downloads\w5t2 - choice architecture - thaler sunstein balz.pdf
2018-10-21 19:01 - 2018-10-21 19:01 - 000208745 _____ C:\Users\Rog\Downloads\w5t1 - libertarian paternalism - thaler sunstein.pdf
2018-10-20 21:11 - 2018-10-20 21:11 - 000027194 _____ C:\Users\Rog\Downloads\The Wire_1x01_en.zip
2018-10-19 11:13 - 2018-10-19 11:13 - 000032469 _____ C:\Users\Rog\Downloads\braveheart-english-yify-11222.zip
2018-10-19 11:09 - 2018-10-19 11:09 - 000015920 _____ C:\Users\Rog\Downloads\braveheart-1995-720p-brrip-x264-1-1gb-yify-english-92015.zip
2018-10-17 23:24 - 2018-10-17 23:24 - 000018820 _____ C:\Users\Rog\Downloads\mad-max-fury-road-english-yify-59249.zip
2018-10-16 23:27 - 2018-10-16 23:27 - 000524431 _____ C:\Users\Rog\Downloads\Untitled_10162018_212536.pdf
2018-10-16 23:25 - 2018-10-16 23:26 - 001950525 _____ C:\Users\Rog\Downloads\Untitled_10162018_212406.pdf
2018-10-15 22:35 - 2018-10-15 22:35 - 000029831 _____ C:\Users\Rog\Downloads\slumdog-millionaire-english-yify-6789.zip
2018-10-15 22:35 - 2014-02-14 07:52 - 000077636 _____ C:\Users\Rog\Downloads\Slumdog.Millionaire.2008.1080p.BluRay.x264.YIFY.srt
2018-10-15 19:45 - 2018-10-15 19:45 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-10-15 19:45 - 2018-10-15 19:45 - 000000000 ____D C:\Program Files (x86)\Cisco
2018-10-14 22:16 - 2018-10-14 22:16 - 000019862 _____ C:\Users\Rog\Downloads\Peaky.Blinders.S04E04.BDRip_.x264-HAGGiS.rar
2018-10-14 22:16 - 2018-10-14 22:16 - 000018676 _____ C:\Users\Rog\Downloads\Peaky.Blinders.S04E02.BDRip_.x264-HAGGiS.rar
2018-10-14 22:16 - 2018-10-14 22:16 - 000017698 _____ C:\Users\Rog\Downloads\Peaky.Blinders.S04E03.BDRip_.x264-HAGGiS.rar
2018-10-14 22:16 - 2018-10-14 22:16 - 000017411 _____ C:\Users\Rog\Downloads\Peaky.Blinders.S04E05.BDRip_.x264-HAGGiS.rar
2018-10-14 22:16 - 2018-10-14 22:16 - 000014657 _____ C:\Users\Rog\Downloads\Peaky.Blinders.S04E06.BDRip_.x264-HAGGiS.rar
2018-10-14 20:09 - 2018-09-21 09:18 - 021386888 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-10-14 20:09 - 2018-09-21 08:22 - 020381784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-10-14 20:09 - 2018-09-21 04:12 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-10-14 20:09 - 2018-09-21 04:09 - 004790160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-10-14 20:09 - 2018-09-21 04:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-10-14 20:09 - 2018-09-21 04:08 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-10-14 20:09 - 2018-09-21 04:08 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-10-14 20:09 - 2018-09-21 03:58 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-10-14 20:09 - 2018-09-21 03:43 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-10-14 20:09 - 2018-09-21 03:41 - 003396096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-10-14 20:09 - 2018-09-21 03:40 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-10-14 20:09 - 2018-09-21 03:39 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-10-14 20:09 - 2018-09-21 03:37 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-10-14 20:09 - 2018-09-21 03:37 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-10-14 20:09 - 2018-09-21 03:37 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-10-14 20:09 - 2018-09-21 03:36 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-10-14 20:09 - 2018-09-21 03:36 - 001034240 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-10-14 20:09 - 2018-09-20 09:23 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-10-14 20:09 - 2018-09-20 09:22 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-10-14 20:09 - 2018-09-20 09:18 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-10-14 20:09 - 2018-09-20 09:17 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-14 20:09 - 2018-09-20 09:17 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-10-14 20:09 - 2018-09-20 08:46 - 001454440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-10-14 20:09 - 2018-09-20 08:35 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-10-14 20:09 - 2018-09-20 08:34 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-10-14 20:09 - 2018-09-20 08:29 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-10-14 20:09 - 2018-09-20 04:29 - 006569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-10-14 20:09 - 2018-09-20 04:29 - 006039368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-10-14 20:09 - 2018-09-20 04:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-10-14 20:09 - 2018-09-20 04:21 - 022013440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-10-14 20:09 - 2018-09-20 04:17 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-10-14 20:09 - 2018-09-20 04:15 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-10-14 20:09 - 2018-09-20 04:13 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-10-14 20:09 - 2018-09-20 04:11 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-10-14 20:09 - 2018-09-20 04:10 - 001221128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-10-14 20:09 - 2018-09-20 04:10 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-10-14 20:09 - 2018-09-20 04:09 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-10-14 20:09 - 2018-09-20 04:09 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-10-14 20:09 - 2018-09-20 04:09 - 007432136 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-10-14 20:09 - 2018-09-20 04:09 - 002825232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-10-14 20:09 - 2018-09-20 04:09 - 002462888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-14 20:09 - 2018-09-20 04:09 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-14 20:09 - 2018-09-20 04:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-10-14 20:09 - 2018-09-20 04:08 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-10-14 20:09 - 2018-09-20 03:53 - 025851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-10-14 20:09 - 2018-09-20 03:46 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-10-14 20:09 - 2018-09-20 03:44 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-10-14 20:09 - 2018-09-20 03:44 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-10-14 20:09 - 2018-09-20 03:42 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-10-14 20:09 - 2018-09-20 03:41 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-10-14 20:09 - 2018-09-20 03:41 - 005746688 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2018-10-14 20:09 - 2018-09-20 03:40 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-14 20:09 - 2018-09-20 03:40 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-10-14 20:09 - 2018-09-20 03:37 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-10-14 20:09 - 2018-09-20 03:37 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-10-14 20:09 - 2018-09-20 03:36 - 001375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-10-14 20:09 - 2018-09-08 08:12 - 000452112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-10-14 20:09 - 2018-09-08 08:07 - 002868536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-10-14 20:09 - 2018-09-08 08:07 - 001610552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-10-14 20:09 - 2018-09-08 08:07 - 000792376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-10-14 20:09 - 2018-09-08 08:07 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-10-14 20:09 - 2018-09-08 08:07 - 000612360 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-10-14 20:09 - 2018-09-08 08:02 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-10-14 20:09 - 2018-09-08 07:58 - 001520744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-10-14 20:09 - 2018-09-08 07:40 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-10-14 20:09 - 2018-09-08 07:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-10-14 20:09 - 2018-09-08 07:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-10-14 20:09 - 2018-09-08 07:39 - 002052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-10-14 20:09 - 2018-09-08 07:39 - 001787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-10-14 20:09 - 2018-09-08 07:38 - 001288192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-10-14 20:09 - 2018-09-08 07:38 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-10-14 20:09 - 2018-09-08 07:38 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-10-14 20:09 - 2018-09-08 07:38 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-10-14 20:09 - 2018-09-08 07:14 - 001328056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-10-14 20:09 - 2018-09-08 06:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-10-14 20:09 - 2018-09-08 06:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-10-14 20:09 - 2018-09-08 06:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-10-14 20:09 - 2018-09-08 06:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-10-14 20:09 - 2018-09-08 06:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-10-14 20:09 - 2018-09-08 04:08 - 000462880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-10-14 20:09 - 2018-09-08 03:59 - 000361544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-10-14 20:09 - 2018-09-08 03:57 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-10-14 20:09 - 2018-09-08 03:57 - 001016984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-10-14 20:09 - 2018-09-08 03:57 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-10-14 20:09 - 2018-09-08 03:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-10-14 20:09 - 2018-09-08 03:44 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-10-14 20:09 - 2018-09-08 03:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-10-14 20:09 - 2018-09-08 03:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-10-14 20:09 - 2018-09-08 03:30 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2018-10-14 20:09 - 2018-09-08 03:29 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-10-14 20:09 - 2018-09-08 03:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-10-14 20:09 - 2018-09-08 03:28 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-10-14 20:09 - 2018-09-08 03:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-10-14 20:09 - 2018-09-08 03:27 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-10-14 20:09 - 2018-09-08 03:26 - 002328064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2018-10-14 20:09 - 2018-09-08 03:26 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-10-14 20:09 - 2018-09-08 03:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-10-14 20:09 - 2018-09-08 03:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-10-14 20:09 - 2018-09-08 03:25 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-10-14 20:09 - 2018-09-08 03:24 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-10-14 20:09 - 2018-09-08 03:24 - 001096704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-10-14 20:09 - 2018-09-08 03:24 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-10-14 20:09 - 2018-09-08 03:24 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2018-10-14 20:09 - 2018-09-08 03:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
2018-10-14 20:09 - 2018-09-08 03:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2018-10-14 20:09 - 2018-09-08 03:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-10-14 20:08 - 2018-09-21 09:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-10-14 20:08 - 2018-09-21 08:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-10-14 20:08 - 2018-09-21 04:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-10-14 20:08 - 2018-09-21 04:13 - 000480568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-10-14 20:08 - 2018-09-21 04:11 - 000753056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-10-14 20:08 - 2018-09-21 04:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-10-14 20:08 - 2018-09-21 04:09 - 001062920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-10-14 20:08 - 2018-09-21 04:09 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-10-14 20:08 - 2018-09-21 04:08 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-10-14 20:08 - 2018-09-21 04:08 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-10-14 20:08 - 2018-09-21 04:08 - 001257864 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-10-14 20:08 - 2018-09-21 04:08 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-10-14 20:08 - 2018-09-21 04:08 - 000982600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-10-14 20:08 - 2018-09-21 04:08 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-10-14 20:08 - 2018-09-21 04:08 - 000261008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-10-14 20:08 - 2018-09-21 04:08 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-10-14 20:08 - 2018-09-21 04:07 - 000604664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-10-14 20:08 - 2018-09-21 03:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-10-14 20:08 - 2018-09-21 03:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-10-14 20:08 - 2018-09-21 03:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-10-14 20:08 - 2018-09-21 03:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-10-14 20:08 - 2018-09-21 03:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-10-14 20:08 - 2018-09-21 03:42 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-10-14 20:08 - 2018-09-21 03:39 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-10-14 20:08 - 2018-09-21 03:39 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-10-14 20:08 - 2018-09-21 03:39 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-10-14 20:08 - 2018-09-21 03:38 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-10-14 20:08 - 2018-09-21 03:38 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-10-14 20:08 - 2018-09-21 03:37 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-10-14 20:08 - 2018-09-21 03:36 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-10-14 20:08 - 2018-09-21 03:36 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-10-14 20:08 - 2018-09-21 03:36 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-10-14 20:08 - 2018-09-20 09:40 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-10-14 20:08 - 2018-09-20 09:37 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-14 20:08 - 2018-09-20 09:19 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-10-14 20:08 - 2018-09-20 09:18 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-10-14 20:08 - 2018-09-20 09:17 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-14 20:08 - 2018-09-20 09:16 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-10-14 20:08 - 2018-09-20 08:30 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-10-14 20:08 - 2018-09-20 08:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-10-14 20:08 - 2018-09-20 08:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-10-14 20:08 - 2018-09-20 08:28 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2018-10-14 20:08 - 2018-09-20 06:43 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-10-14 20:08 - 2018-09-20 05:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-10-14 20:08 - 2018-09-20 04:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-10-14 20:08 - 2018-09-20 04:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-10-14 20:08 - 2018-09-20 04:28 - 001129544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-10-14 20:08 - 2018-09-20 04:28 - 000581792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-10-14 20:08 - 2018-09-20 04:28 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-10-14 20:08 - 2018-09-20 04:12 - 004529664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2018-10-14 20:08 - 2018-09-20 04:12 - 000272200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-10-14 20:08 - 2018-09-20 04:12 - 000269128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-10-14 20:08 - 2018-09-20 04:11 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-10-14 20:08 - 2018-09-20 04:11 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-10-14 20:08 - 2018-09-20 04:11 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-10-14 20:08 - 2018-09-20 04:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-10-14 20:08 - 2018-09-20 04:10 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-10-14 20:08 - 2018-09-20 04:10 - 000566800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-10-14 20:08 - 2018-09-20 04:10 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-14 20:08 - 2018-09-20 04:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-10-14 20:08 - 2018-09-20 04:10 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-10-14 20:08 - 2018-09-20 04:10 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-10-14 20:08 - 2018-09-20 04:09 - 001767096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-14 20:08 - 2018-09-20 04:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-10-14 20:08 - 2018-09-20 04:09 - 001097744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-10-14 20:08 - 2018-09-20 04:09 - 000885952 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-10-14 20:08 - 2018-09-20 04:09 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-10-14 20:08 - 2018-09-20 04:09 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-10-14 20:08 - 2018-09-20 04:09 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-10-14 20:08 - 2018-09-20 03:43 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2018-10-14 20:08 - 2018-09-20 03:43 - 000052736 _____ C:\WINDOWS\system32\runexehelper.exe
2018-10-14 20:08 - 2018-09-20 03:42 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-10-14 20:08 - 2018-09-20 03:42 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-10-14 20:08 - 2018-09-20 03:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-10-14 20:08 - 2018-09-20 03:41 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-10-14 20:08 - 2018-09-20 03:41 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-10-14 20:08 - 2018-09-20 03:41 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-10-14 20:08 - 2018-09-20 03:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-10-14 20:08 - 2018-09-20 03:38 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-10-14 20:08 - 2018-09-20 03:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-14 20:08 - 2018-09-20 02:21 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-10-14 20:08 - 2018-09-20 01:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-10-14 20:08 - 2018-09-08 08:07 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-10-14 20:08 - 2018-09-08 08:07 - 000144696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-10-14 20:08 - 2018-09-08 08:07 - 000069944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-10-14 20:08 - 2018-09-08 08:02 - 000645112 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-10-14 20:08 - 2018-09-08 07:58 - 001639352 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-10-14 20:08 - 2018-09-08 07:57 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-10-14 20:08 - 2018-09-08 07:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-10-14 20:08 - 2018-09-08 07:43 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-10-14 20:08 - 2018-09-08 07:43 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
2018-10-14 20:08 - 2018-09-08 07:42 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-10-14 20:08 - 2018-09-08 07:42 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-10-14 20:08 - 2018-09-08 07:42 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-10-14 20:08 - 2018-09-08 07:42 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
2018-10-14 20:08 - 2018-09-08 07:41 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-10-14 20:08 - 2018-09-08 07:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2018-10-14 20:08 - 2018-09-08 07:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2018-10-14 20:08 - 2018-09-08 07:40 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2018-10-14 20:08 - 2018-09-08 07:39 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-10-14 20:08 - 2018-09-08 07:39 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-10-14 20:08 - 2018-09-08 07:38 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-10-14 20:08 - 2018-09-08 07:37 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-10-14 20:08 - 2018-09-08 07:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-10-14 20:08 - 2018-09-08 07:13 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-10-14 20:08 - 2018-09-08 07:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-10-14 20:08 - 2018-09-08 07:03 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-10-14 20:08 - 2018-09-08 07:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-10-14 20:08 - 2018-09-08 07:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-10-14 20:08 - 2018-09-08 07:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2018-10-14 20:08 - 2018-09-08 06:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-10-14 20:08 - 2018-09-08 06:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-10-14 20:08 - 2018-09-08 06:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-10-14 20:08 - 2018-09-08 06:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-10-14 20:08 - 2018-09-08 06:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-10-14 20:08 - 2018-09-08 06:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2018-10-14 20:08 - 2018-09-08 06:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-10-14 20:08 - 2018-09-08 03:59 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-10-14 20:08 - 2018-09-08 03:58 - 000744976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-10-14 20:08 - 2018-09-08 03:58 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-10-14 20:08 - 2018-09-08 03:58 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-10-14 20:08 - 2018-09-08 03:57 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-10-14 20:08 - 2018-09-08 03:57 - 000368448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2018-10-14 20:08 - 2018-09-08 03:57 - 000267576 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-10-14 20:08 - 2018-09-08 03:45 - 000295416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-10-14 20:08 - 2018-09-08 03:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-10-14 20:08 - 2018-09-08 03:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2018-10-14 20:08 - 2018-09-08 03:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-10-14 20:08 - 2018-09-08 03:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-10-14 20:08 - 2018-09-08 03:31 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
2018-10-14 20:08 - 2018-09-08 03:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2018-10-14 20:08 - 2018-09-08 03:30 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-10-14 20:08 - 2018-09-08 03:30 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2018-10-14 20:08 - 2018-09-08 03:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2018-10-14 20:08 - 2018-09-08 03:29 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-10-14 20:08 - 2018-09-08 03:29 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2018-10-14 20:08 - 2018-09-08 03:29 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-10-14 20:08 - 2018-09-08 03:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-10-14 20:08 - 2018-09-08 03:28 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-10-14 20:08 - 2018-09-08 03:28 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-10-14 20:08 - 2018-09-08 03:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
2018-10-14 20:08 - 2018-09-08 03:27 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-10-14 20:08 - 2018-09-08 03:27 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2018-10-14 20:08 - 2018-09-08 03:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2018-10-14 20:08 - 2018-09-08 03:27 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-10-14 20:08 - 2018-09-08 03:26 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-10-14 20:08 - 2018-09-08 03:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-10-14 20:08 - 2018-09-08 03:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-10-14 20:08 - 2018-09-08 03:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-10-14 20:08 - 2018-09-08 03:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
2018-10-14 20:08 - 2018-09-08 03:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2018-10-14 20:08 - 2018-09-08 03:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2018-10-14 20:08 - 2018-09-08 03:25 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-10-14 20:08 - 2018-09-08 03:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
2018-10-14 20:08 - 2018-09-08 03:24 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2018-10-14 20:08 - 2018-09-08 03:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
2018-10-14 20:08 - 2018-09-08 03:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll
2018-10-14 11:46 - 2018-10-14 11:46 - 000019743 _____ C:\Users\Rog\Downloads\Peaky.Blinders.S04E01.BDRip_.x264-HAGGiS.rar
2018-10-14 11:46 - 2018-02-10 12:07 - 000054646 ____N C:\Users\Rog\Downloads\Peaky.Blinders.S04E01.BDRip.x264-HAGGiS.srt
2018-10-13 21:48 - 2018-10-13 21:48 - 000689026 _____ C:\Users\Rog\Downloads\w4t5 - anomalies in intertemporal choice - loewenstein prelec.pdf
2018-10-13 21:44 - 2018-10-13 21:44 - 000584906 _____ C:\Users\Rog\Downloads\w4t4 - myopic loss aversion - benartzi thaler.pdf
2018-10-13 21:43 - 2018-10-13 21:43 - 000524898 _____ C:\Users\Rog\Downloads\w4t4 - disposition effect - shefrin statman.pdf
2018-10-13 21:41 - 2018-10-13 21:41 - 002527049 _____ C:\Users\Rog\Downloads\w4t3 - mental accounting and consumer choice - thaler.pdf
2018-10-13 21:40 - 2018-10-13 23:11 - 539862656 _____ C:\Users\Rog\Downloads\The.Theory.of.Everything.2014.1080p.BRrip.YIFY.FardaDL.mkv.crdownload
2018-10-13 21:28 - 2018-10-13 21:28 - 001179899 _____ C:\Users\Rog\Downloads\w4t2 - overconfidence and excess entry - camerer lovallo.pdf
2018-10-13 21:23 - 2018-10-13 21:23 - 000200780 _____ C:\Users\Rog\Downloads\w4t2 - hot hand and gamblers fallacies - ayton fischer.pdf
2018-10-13 21:18 - 2018-10-13 21:18 - 000185748 _____ C:\Users\Rog\Downloads\w4t2 - anchoring effect - ariely loewenstein prelec.pdf
2018-10-13 21:14 - 2018-10-13 21:14 - 002230462 _____ C:\Users\Rog\Downloads\w4t2 - heuristics and biases - tversky kahneman.pdf
2018-10-13 21:08 - 2018-10-13 21:08 - 001615708 _____ C:\Users\Rog\Downloads\w4t1 - when choice is demotivating - iyengar lepper.pdf
2018-10-13 12:09 - 2018-10-13 12:29 - 107546112 _____ C:\Users\Rog\Downloads\The.Purge.S01E01.480p.HDTV.mkv.crdownload
2018-10-13 12:07 - 2018-10-13 12:07 - 000000045 _____ C:\Users\Rog\Documents\Utility.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-12 18:03 - 2017-04-07 08:32 - 000101804 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-11-12 18:02 - 2018-05-16 23:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-12 18:02 - 2017-02-10 23:35 - 000000182 _____ C:\Users\Rog\AppData\Roaming\sp_data.sys
2018-11-12 17:37 - 2018-04-11 23:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-12 16:58 - 2018-05-16 23:56 - 000004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7D0DDB6E-7D0A-44F3-B317-11896FF06FE1}
2018-11-12 16:16 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-12 16:13 - 2017-03-09 12:12 - 000000000 ____D C:\Users\Rog\Documents\Assassin's Creed Unity
2018-11-12 16:05 - 2018-05-16 23:51 - 000426712 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-12 16:05 - 2018-04-11 23:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-12 16:01 - 2017-07-18 01:20 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-12 15:59 - 2018-05-16 23:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-12 15:59 - 2018-04-11 21:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-11-12 15:57 - 2017-07-13 07:43 - 000000000 ____D C:\Users\Rog\AppData\LocalLow\Temp
2018-11-12 15:56 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-11-12 15:56 - 2015-10-30 07:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-11-12 15:54 - 2018-05-16 23:56 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-11-12 15:54 - 2018-05-16 23:56 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-11-12 15:54 - 2017-02-12 19:08 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-11 23:26 - 2018-05-16 23:51 - 000000000 ____D C:\Users\Rog
2018-11-11 20:14 - 2017-08-10 19:13 - 000000000 ____D C:\Users\Rog\Downloads\PopcornTime
2018-11-10 23:38 - 2017-02-14 10:41 - 000000000 ____D C:\Users\Rog\AppData\Roaming\vlc
2018-11-10 16:09 - 2018-04-11 23:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-09 15:19 - 2017-03-21 19:55 - 001101840 _____ C:\WINDOWS\ZAM.krnl.trace
2018-11-09 15:08 - 2018-05-18 18:20 - 000000000 ____D C:\Users\Rog\AppData\Local\D3DSCache
2018-11-09 13:46 - 2017-02-11 00:11 - 000000000 ____D C:\Users\Rog\AppData\Local\CrashDumps
2018-11-09 11:42 - 2017-02-10 23:38 - 000000000 ____D C:\Users\Rog\AppData\Local\NVIDIA
2018-11-08 22:54 - 2017-04-04 16:41 - 000000000 ____D C:\Users\Rog\AppData\Local\Package Cache
2018-11-07 16:08 - 2018-05-09 14:36 - 000000000 ____D C:\Program Files\Epic Games
2018-11-07 16:08 - 2018-05-09 14:34 - 000000000 ____D C:\ProgramData\Epic
2018-11-07 15:44 - 2017-10-23 11:04 - 000000000 ___HD C:\Users\Rog\MicrosoftEdgeBackups
2018-11-07 13:14 - 2018-06-04 22:33 - 000000000 ____D C:\ProgramData\Freemake
2018-11-07 13:14 - 2018-06-04 22:33 - 000000000 ____D C:\Program Files (x86)\Freemake
2018-11-07 00:52 - 2018-03-13 23:23 - 000007601 _____ C:\Users\Rog\AppData\Local\resmon.resmoncfg
2018-11-06 23:25 - 2017-10-18 22:27 - 000000000 ____D C:\Users\Rog\AppData\Local\Packages
2018-11-06 22:55 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-06 16:50 - 2018-05-16 23:56 - 000004586 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-11-06 16:50 - 2018-05-16 23:56 - 000004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-06 16:50 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-06 16:50 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-06 16:22 - 2018-07-20 07:21 - 000089168 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kldisk.sys
2018-11-06 16:22 - 2017-12-27 10:10 - 000073416 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupdisk.sys
2018-11-06 16:21 - 2018-02-02 03:45 - 000123152 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupflt.sys
2018-11-06 16:20 - 2017-11-29 07:03 - 000045768 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpnpflt.sys
2018-11-06 16:02 - 2018-04-11 23:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-06 12:13 - 2017-03-19 18:59 - 000000000 ____D C:\AdwCleaner
2018-11-06 11:45 - 2017-02-11 00:15 - 000000000 ____D C:\Users\Rog\AppData\Local\ElevatedDiagnostics
2018-11-06 04:01 - 2018-05-16 23:56 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2018-11-06 04:01 - 2016-03-31 03:48 - 000000000 ____D C:\Program Files (x86)\ASUS
2018-11-06 02:13 - 2018-04-11 23:38 - 000000000 ____D C:\PerfLogs
2018-11-06 01:44 - 2017-07-18 01:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-11-06 01:44 - 2017-07-18 01:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-11-06 01:43 - 2017-07-18 01:20 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-11-06 01:27 - 2018-08-02 05:01 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:27 - 2018-08-02 05:01 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-08-02 05:00 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-08-02 05:00 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-08-02 05:00 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-05-16 23:56 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-05-16 23:56 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-05-16 23:56 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-05-16 23:56 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-05-16 23:56 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-05-16 23:56 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-05 16:51 - 2018-04-11 23:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-05 13:23 - 2017-02-10 23:39 - 000000000 ____D C:\Users\Rog\AppData\Local\NVIDIA Corporation
2018-11-05 02:14 - 2017-10-19 01:01 - 000000000 ____D C:\Users\Rog\AppData\Roaming\Rainmeter
2018-10-26 19:35 - 2017-07-16 16:52 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-24 21:27 - 2018-02-28 13:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-10-23 21:51 - 2018-02-05 16:03 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-23 13:48 - 2018-06-22 03:52 - 000000000 ____D C:\ProgramData\Packages
2018-10-20 21:11 - 2018-05-16 23:56 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-43982905-3560842919-2321973015-1001
2018-10-20 21:11 - 2018-05-16 23:51 - 000002359 _____ C:\Users\Rog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-20 21:11 - 2017-02-10 23:58 - 000000000 ___RD C:\Users\Rog\OneDrive
2018-10-16 23:30 - 2018-03-28 19:58 - 000000000 ____D C:\Users\Rog\Desktop\iceland
2018-10-16 22:58 - 2017-02-12 19:34 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-10-15 19:45 - 2017-07-18 01:20 - 000000000 ____D C:\Program Files (x86)\Intel
2018-10-15 19:45 - 2016-10-25 06:01 - 000000000 ____D C:\ProgramData\Intel
2018-10-15 19:45 - 2016-10-25 06:01 - 000000000 ____D C:\Program Files\Intel
2018-10-15 19:45 - 2016-03-31 03:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-15 19:45 - 2015-10-30 06:28 - 000000000 ____D C:\Users\Default.migrated
2018-10-14 20:20 - 2018-05-16 23:49 - 000825440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-14 20:20 - 2017-10-18 19:25 - 000000000 ___RD C:\Users\Rog\3D Objects
2018-10-14 20:20 - 2016-11-20 23:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-14 20:19 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-10-14 20:18 - 2018-04-11 23:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-10-14 20:18 - 2018-04-11 23:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-10-14 20:18 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-10-14 20:18 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-10-14 20:18 - 2018-04-11 23:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-10-14 20:08 - 2017-02-12 20:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-14 20:03 - 2017-02-12 20:27 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-13 20:27 - 2018-05-16 23:56 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2018-02-18 14:22 - 2018-02-18 14:22 - 000000132 _____ () C:\Users\Rog\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2018-01-28 21:44 - 2018-07-27 04:44 - 000000132 _____ () C:\Users\Rog\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-02-10 23:35 - 2018-11-12 18:02 - 000000182 _____ () C:\Users\Rog\AppData\Roaming\sp_data.sys
2018-03-13 23:23 - 2018-11-07 00:52 - 000007601 _____ () C:\Users\Rog\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-16 23:49

==================== End of FRST.txt ============================

Link to post
Share on other sites

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by Rog (12-11-2018 18:04:05)
Running from C:\Users\Rog\Desktop\Fix
Windows 10 Home Single Language Version 1803 17134.345 (X64) (2018-05-16 23:56:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-43982905-3560842919-2321973015-500 - Administrator - Disabled)
ASPNET (S-1-5-21-43982905-3560842919-2321973015-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-43982905-3560842919-2321973015-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-43982905-3560842919-2321973015-1000 - Administrator - Disabled)
Guest (S-1-5-21-43982905-3560842919-2321973015-501 - Limited - Disabled)
Rog (S-1-5-21-43982905-3560842919-2321973015-1001 - Administrator - Enabled) => C:\Users\Rog
WDAGUtilityAccount (S-1-5-21-43982905-3560842919-2321973015-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Kaspersky Total Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Total Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Age.of.Empires.II.HD.The.Rise.of.the.Rajas.DLC-ALI213 version 1.0 (HKLM-x32\...\{7FBE1E6A-6F95-4A66-B3A3-0CB216A99247}}_is1) (Version: 1.0 - Ali213.net)
Assassin's Creed Unity (HKLM-x32\...\Assassin's Creed Unity_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.10 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.16.0002 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.7 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.1.21 - ICEpower a/s)
BioniX Wallpaper Changer v10 (HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\BioniX Wallpaper Changer v10) (Version:  - )
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.10.1406 - BlueStack Systems, Inc.)
DeepSound 2.0 (HKLM-x32\...\{805FED7C-06CB-4E90-BE39-490044BD80BB}) (Version: 2.0.0 - Jpinsoft)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
Discord (HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 416.34 - NVIDIA Corporation) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Evernote v. 6.16.4 (HKLM-x32\...\{69BDFB62-DE11-11E8-B2A0-005056951CAD}) (Version: 6.16.4.8094 - Evernote Corp.)
Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version:  - Ubisoft)
FIFA18 version 1.0 (HKLM\...\FIFA18_is1) (Version: 1.0 - STEAMPUNKS) <==== ATTENTION
focus booster version 2.2.0 (HKLM-x32\...\{4A8CD634-78D6-4A35-9D1E-98CCBD11910B}_is1) (Version: 2.2.0 - focus booster)
GameFirst IV (HKLM-x32\...\{795A0031-3DD5-43F1-BCBA-AEBA756D0FBB}) (Version: 1.5.23 - ASUS) Hidden
GameFirst IV (HKLM-x32\...\GameFirst IV 1.5.23) (Version: 1.5.23 - ASUS)
Gaming Mouse Driver (HKLM-x32\...\{59A7422A-53F6-4DD4-84FC-13308FF47F00}) (Version:  - )
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.0.6.1001 - Genesys Logic)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.53.5169 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Grammarly for Microsoft® Office Suite (HKLM\...\{E96FF58D-A873-49EC-9701-9030B05F1D14}) (Version: 6.7.145 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\{ad448ebe-90c8-4f39-918b-fa83671e2b55}) (Version: 6.7.145 - Grammarly)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel Processor Diagnostic Tool 64bit (HKLM\...\{00527426-AC8E-48E7-AE63-EC19D3BE6D9A}) (Version: 4.1.0.31 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{A984B01A-6823-4C0F-8E83-BE08B3256209}) (Version: 18.1.1612.3253 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{0961a92c-ad83-40dd-a0fc-29ba41e5349d}) (Version: 20.50.3 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.00.0000 - SEGA)
Microsoft .NET Core SDK - 2.1.4 (x64) (HKLM-x32\...\{9e732e8f-9e57-467d-a425-6f2387bdabd0}) (Version: 2.1.4 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.8.106.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Project Standard 2016 (HKLM\...\Office16.PRJSTD) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{65C71B09-C33D-4F60-93EA-DF3AD1D40600}) (Version: 10.0.1981 - Microsoft Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.11 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Driver 416.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 416.34 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.15.0.186 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.15.0.186 - NVIDIA Corporation)
NVIDIA Graphics Driver 416.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 416.34 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.0.1 - OBS Project)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.1.0 - Popcorn Time) <==== ATTENTION
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)
Python 3.6.1 Core Interpreter (32-bit) (HKLM-x32\...\{E63E60CA-437B-4894-8395-81F2F66483B0}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Development Libraries (32-bit) (HKLM-x32\...\{3029D656-0C32-4AC9-84FB-A15056F356CC}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Documentation (32-bit) (HKLM-x32\...\{D1198C40-C6F5-4FFB-B98C-79BF1FE706C1}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Executables (32-bit) (HKLM-x32\...\{A7036382-80F1-4FC1-B244-D31AA50337F4}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 pip Bootstrap (32-bit) (HKLM-x32\...\{899F7F28-F6D3-4E5B-8FBE-F7929036172A}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Standard Library (32-bit) (HKLM-x32\...\{3BCCB89B-CD98-4F78-8436-78847FABFD68}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Tcl/Tk Support (32-bit) (HKLM-x32\...\{F6ED0771-FE83-4A1C-BE65-A06CB65B46D5}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Test Suite (32-bit) (HKLM-x32\...\{F44EF183-905E-48BB-998E-53FC99B36FE3}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Utility Scripts (32-bit) (HKLM-x32\...\{2AA7DAB3-6778-42A7-9F33-22615234540E}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.4 (Anaconda3 5.1.0 64-bit) (HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\Python 3.6.4 (Anaconda3 5.1.0 64-bit)) (Version: 5.1.0 - Anaconda, Inc.)
Python Launcher (HKLM-x32\...\{323AC113-C6CE-4F99-842F-4936332D055A}) (Version: 3.6.5923.0 - Python Software Foundation)
qBittorrent 4.1.1 (HKLM-x32\...\qBittorrent) (Version: 4.1.1 - The qBittorrent project)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.9.422.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7831 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Remote Desktop Connection Manager (HKLM-x32\...\{0240359E-6A4C-4884-9E94-B397A02D893C}) (Version: 2.7.14060 - Microsoft Corporation)
ROG Gaming Center (HKLM-x32\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 1.0.12 - ASUS)
Sid Meiers Civilization VI (HKLM-x32\...\Sid Meiers Civilization VI_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader 2 (HKLM-x32\...\Stronghold Crusader 21.1) (Version: 1.1 - Foxy Games)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.90922 - TeamViewer)
Telegram Desktop version 1.2.1 (HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.1 - Telegram Messenger LLP)
Tencent QQ (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.75.2548.0 - Tencent Technology (Shenzhen) Company Limited)
Thunderbolt(TM) Software (HKLM-x32\...\{FBD934F4-FC23-4044-8392-3551DC8D972F}) (Version: 16.1.47.275 - Intel Corporation)
TotalRecovery Pro (HKLM-x32\...\TotalRecovery) (Version: 10.0.11.2 - FarStone Inc.)
Unity Web Player (HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version:  - Microsoft)
UserTesting (HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\UserTestingPlugin) (Version:  - UserTesting.com)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Watch Dogs 2 Deluxe Edition MULTi17 - ElAmigos version 1.07.141 (HKLM-x32\...\{05CB0340-02BD-49DC-9E7E-E697DF0CD341}_is1) (Version: 1.07.141 - Ubisoft)
WD Backup (HKLM-x32\...\{46162462-824f-4ea9-a312-38841e3dab7d}) (Version: 1.6.6060.18987 - Western Digital Technologies, Inc.)
WD Backup (HKLM-x32\...\{9669966E-5595-4820-A879-DD48B3DF05BF}) (Version: 1.6.6060.18987 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{06628A2D-167D-4F5E-8C98-60CFA0B161D1}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{7c73600b-2542-4641-a960-74bed274be03}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{A2D70EE4-2462-4F04-9955-5761E3F3F47A}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{f1fc402c-35fd-40c0-97e4-5bee07891caf}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.6.547 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (AsusPTPDrv) HIDClass  (04/28/2016 11.0.0.10) (HKLM\...\2E5C3DB999A508D7469B1F0294BCAF149A6B7ABB) (Version: 04/28/2016 11.0.0.10 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.1 - ASUS)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5247 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-43982905-3560842919-2321973015-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Rog\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.145\0AEA4AEA14\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-43982905-3560842919-2321973015-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-11-06] (AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-11-06] (AO Kaspersky Lab)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-11-06] (AO Kaspersky Lab)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-10-10] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-11-06] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0463CF2C-E853-41FD-9FB3-7061725A6A98} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-10-10] (NVIDIA Corporation)
Task: {1D8DD7BB-ADD5-4E2A-9D56-11A797D0874C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {255C0E42-2E5E-4C1E-BAD0-CE5F3C52B1D3} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2016-08-15] (Microsoft Corporation)
Task: {28FDA29A-399F-44E6-AAB3-2066DF159E69} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-16] (Google Inc.)
Task: {29A05581-6F5F-4956-A53A-E9F1508A59A9} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {2A693688-08FC-44EF-B798-751B993CA718} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {2CEC2E0C-969F-41BE-887D-E00D79B09971} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation)
Task: {2DB09543-7723-427B-9B2C-D54B47FFE7FB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2016-08-15] (Microsoft)
Task: {323510D3-2933-45F4-9741-06859C05988A} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {3B0AF96F-0ECB-408E-A51E-37BCE96ED72E} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-ounglylay@gmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Task: {48F1921A-0962-455B-82E1-A7EB7F531916} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-06] (Adobe Systems Incorporated)
Task: {49D0D190-080B-48C7-907F-75B76CFA5BCB} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe [2016-06-07] (ASUSTek Computer Inc.)
Task: {4A4A7B6D-AE81-4397-B7C3-36D889C83872} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2016-08-15] (Microsoft Corporation)
Task: {4BBBEA20-A8F8-4A40-AC4F-3A1D77969100} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {4E10D4EB-8108-45B1-83BA-7D47FC0B0587} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation)
Task: {55458F11-F4A5-469D-969C-7D30DBCC7C21} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation)
Task: {55C7F900-2F08-46E0-A06E-687348AE1FD4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-10-10] (NVIDIA Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {699E32F8-6207-433E-81AF-4A4684CA5CDF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_pepper.exe [2018-11-06] (Adobe Systems Incorporated)
Task: {6BD76819-87DE-466D-A30E-DB35FB04F25A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {70CA65F2-4F5D-46F8-AE4A-E500037FD8E8} - System32\Tasks\S-1-5-21-43982905-3560842919-2321973015-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {7501CC6B-2F56-4552-85FE-09336C9D04CB} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel(R) Corporation)
Task: {7C24F5B8-99BB-44DE-AE06-B2792F896380} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2016-05-24] (ASUS)
Task: {7E50FD6C-AEAC-4122-B347-A61F20327B03} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2016-08-15] (Microsoft Corporation)
Task: {86338962-626A-469F-81B4-8F7B7BAC5850} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-10-10] (NVIDIA Corporation)
Task: {878AD91B-E3EB-472B-8F2C-80AC681A3D55} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {895D1674-D51B-4FAB-8B4E-910A89F5CE57} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-19] (ASUSTek Computer Inc.)
Task: {8971C315-E5BA-4B02-AA66-C4BC98C35740} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {92EA1E6F-F5B2-4999-BEF5-978822A36BC5} - System32\Tasks\Qucight Monitor => C:\Program Files (x86)\Remerspwaqing\xnanoph.exe [2017-03-10] (Glarysoft Ltd)
Task: {93F3D625-97AA-4A92-B3C2-CE343C2024F8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-10-10] (NVIDIA Corporation)
Task: {998AD3EA-4D73-4F34-9ED3-409465654AE0} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {9AA82A1A-A9AC-4288-A5BF-798DC6E8E1D1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2016-08-15] (Microsoft Corporation)
Task: {9E61207A-4352-4DEF-9D0F-08A0F7E5E665} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe [2016-03-31] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {9E7A0A9A-0470-4CAE-A1C6-DC759824F4C4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {B3A0B7E2-EE16-423E-8DF4-13DA1378ADFA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {B806A134-0AA7-4DAC-BEE0-CFF2FF438A23} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2016-05-27] (Realtek Semiconductor)
Task: {C6853BE4-E27F-46A4-BFB1-1A9C6738ADF7} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {D5A31547-E45C-4B71-996D-CE0D62E1AA41} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-10-10] (NVIDIA Corporation)
Task: {DF55E94D-D04C-4BCC-B245-9CB05B1B296D} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe [2016-03-31] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {E0E9DBE2-C6EF-474E-B232-92080DACE17B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-10-10] (NVIDIA Corporation)
Task: {E148EF08-E84D-4613-BDD9-959C8CD87158} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-10-10] (NVIDIA Corporation)
Task: {E65474FB-A636-4E3C-9A11-9F58C2218BE5} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation)
Task: {E93076FA-4B39-49BD-BFC2-B6DD3DFAC338} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-05-27] (Realtek Semiconductor)
Task: {EC2156F7-9044-457F-A5B6-8012BF1C69E5} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2016-02-23] (ASUSTek Computer Inc.)
Task: {F57BF7A8-84D0-4EBA-8BAA-D5EB807F753A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {FAEFF44C-13F1-4165-A372-C9FE750355A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-16] (Google Inc.)
Task: {FE15A99D-B2C6-4BF6-A47A-F868CECED000} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Rog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Rog\Anaconda3\Scripts\activate.bat C:\Users\Rog\Anaconda3

==================== Loaded Modules (Whitelisted) ==============

2018-08-02 05:00 - 2018-10-10 20:04 - 001314856 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-11-11 23:39 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-11 23:39 - 2018-10-18 08:44 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-11 23:34 - 2018-04-11 23:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-04-12 03:04 - 2016-04-12 03:04 - 008901800 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-11 23:34 - 2018-04-11 23:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 23:34 - 2018-04-11 23:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-10-14 20:09 - 2018-09-20 03:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-23 13:45 - 2018-10-23 13:48 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-08-02 05:01 - 2018-10-10 20:03 - 101252136 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-08-02 05:01 - 2018-10-10 20:03 - 004619816 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libglesv2.dll
2018-08-02 05:01 - 2018-10-10 20:03 - 000108584 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libegl.dll
2018-10-26 19:35 - 2018-10-23 21:24 - 002669400 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\swiftshader\libglesv2.dll
2018-10-26 19:35 - 2018-10-23 21:24 - 000151384 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\swiftshader\libegl.dll
2018-09-26 09:23 - 2018-09-26 09:25 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-09-26 09:23 - 2018-09-26 09:25 - 069128192 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-03 19:08 - 2017-10-03 19:09 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-04-26 16:58 - 2018-04-26 16:59 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-08-30 03:16 - 2018-08-30 03:19 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-09-26 09:23 - 2018-09-26 09:25 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-08-30 03:16 - 2018-08-30 03:19 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-21 16:00 - 2018-08-21 16:17 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-08-21 16:00 - 2018-08-21 16:17 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-04-03 15:14 - 2018-04-03 15:15 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-09-26 09:23 - 2018-09-26 09:25 - 014171648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-08-30 03:16 - 2018-08-30 03:19 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-09-26 09:23 - 2018-09-26 09:25 - 002866176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-30 03:16 - 2018-08-30 03:19 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-28 16:52 - 2018-07-28 16:54 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-07 02:07 - 2018-11-07 13:08 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-07 02:07 - 2018-11-07 13:08 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-07 02:07 - 2018-11-07 13:08 - 001754112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-07-11 10:43 - 2018-06-15 17:30 - 001308672 _____ () C:\WINDOWS\system32\FaceProcessor.dll
2018-07-11 10:43 - 2018-06-15 17:55 - 000542888 _____ () C:\WINDOWS\system32\FaceProcessorCore.dll
2018-04-11 23:34 - 2018-04-11 23:34 - 001348664 _____ () C:\WINDOWS\system32\FaceTrackerInternal.dll
2016-05-24 19:44 - 2016-05-24 19:44 - 000027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2016-05-24 19:44 - 2016-05-24 19:44 - 000125440 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-05-24 19:44 - 2016-05-24 19:44 - 000029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2018-08-02 05:00 - 2018-10-10 20:04 - 001032744 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-43982905-3560842919-2321973015-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rog\Pictures\Saved Pictures\assasin.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: AsHidService => 2
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: Asus WebStorage Windows Service => 2
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: DevActSvc => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: esifsvc => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: FBAgent => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HnGSteamService => 3
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) Security Assist => 3
MSCONFIG\Services: isaHelperSvc => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: Kingsoft_WPS_UpdateService => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: ROGGamingCenterService => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: ThunderboltService => 3
MSCONFIG\Services: Tran_Process_Proc => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: XTU3SERVICE => 2
MSCONFIG\Services: ZeroConfigService => 2
HKLM\...\StartupApproved\StartupFolder: => "Adobe Acrobat Speed Launcher.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "UMonit"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Gaming Mouse Driver"
HKLM\...\StartupApproved\Run32: => "WDAppManager"
HKLM\...\StartupApproved\Run32: => "WD Drive Unlocker"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{82E079CE-6B67-4A5F-BFE3-6AC5B84665AF}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{460CE06C-B68F-4B70-985A-E3318241CEE6}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{73A836F3-5EB6-4671-A3F7-5B73BC0A18DB}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{2CF560E8-ADD0-4A3A-8D73-9717EE5EB810}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{AF189C81-FBA3-4247-8EF1-BC204BFD9B02}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{C353F634-1037-4C70-BC09-7201E18E0824}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{28CE0733-4920-4458-B50A-0374E12008D2}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [UDP Query User{5D1BF07E-71C2-4A06-87DB-A1B854A1B6AC}D:\fifa18\fifa18.exe] => (Block) D:\fifa18\fifa18.exe
FirewallRules: [TCP Query User{2B7657DB-391D-4B24-AF3B-7D417FDC58DC}D:\fifa18\fifa18.exe] => (Block) D:\fifa18\fifa18.exe
FirewallRules: [UDP Query User{77E59FC4-A111-4382-8343-49410C387822}D:\game\far cry primal\bin\fcprimal.exe] => (Block) D:\game\far cry primal\bin\fcprimal.exe
FirewallRules: [TCP Query User{BB73B114-9615-42D3-9416-012B47D3D702}D:\game\far cry primal\bin\fcprimal.exe] => (Block) D:\game\far cry primal\bin\fcprimal.exe
FirewallRules: [{17DED9D7-BCAE-44D4-8443-F72EFE1A8D91}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{93430C85-2D8F-4A61-B014-1701AF7CBACE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3C8D33CB-DA91-46D7-B50D-13167A74D41C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D18775FE-15C7-45E1-93A6-18EDEC3AA9DC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7F519A55-DA0E-46AC-9C02-38D0C0665679}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{A3FB1184-E870-4BA8-A49C-55AAA643AE5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{A860618A-04F3-4066-86AC-C2A4177FD3C8}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{7FA6D765-2ACF-475B-A870-847E2EC88257}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{FCBF10BC-7F8E-4BCE-A32C-C323E9643C3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{CAB1C54D-5D5D-418A-916C-690C85965CA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5D1FEE32-8D09-4A55-B6DC-95643ACF1FA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1C9434CE-B955-4BB9-B3E3-AF907E899341}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{EA8E50EC-8EEC-4D70-A39C-0753A910DECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{64F5BCDE-2CBA-4609-A2FF-EAED819CE19D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{3F259AAF-11FF-4501-8BB5-9264BE711678}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{7D7D45FA-C3C6-4417-BD8C-2FD72D2405D6}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{DEF91908-897B-4BCA-B6C1-60BF23F0F4B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{AC525382-82E6-4D58-BE87-D224FB24F08F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{D034C507-6383-4247-9477-99A427CD1F68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{914B6E0C-BADC-4735-B3F0-CF1D64A77388}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{F2A0EC0F-8D0A-4B07-AEEE-983EDB496339}F:\1318=pro evolution soccer 2018 v1.04+data pack 3.0=29.50g\pes2018.exe] => (Block) F:\1318=pro evolution soccer 2018 v1.04+data pack 3.0=29.50g\pes2018.exe
FirewallRules: [UDP Query User{DEC0257E-1207-4988-8456-20F81019C029}F:\1318=pro evolution soccer 2018 v1.04+data pack 3.0=29.50g\pes2018.exe] => (Block) F:\1318=pro evolution soccer 2018 v1.04+data pack 3.0=29.50g\pes2018.exe
FirewallRules: [TCP Query User{8FB0DC3F-AEFD-4C7F-9B64-840192BC9081}D:\1318=pro evolution soccer 2018 v1.04+data pack 3.0=29.50g\pes2018.exe] => (Block) D:\1318=pro evolution soccer 2018 v1.04+data pack 3.0=29.50g\pes2018.exe
FirewallRules: [UDP Query User{57701E96-D88A-47B5-ACCD-BA37EB42713F}D:\1318=pro evolution soccer 2018 v1.04+data pack 3.0=29.50g\pes2018.exe] => (Block) D:\1318=pro evolution soccer 2018 v1.04+data pack 3.0=29.50g\pes2018.exe
FirewallRules: [{F3D79188-5E50-48A5-9FAD-0EF395779284}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{51EF36B2-F98B-4C77-9D9D-F06E2F84FA52}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [TCP Query User{1D7E0541-D2E9-4E94-BE6D-D7E41791F834}C:\users\rog\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\rog\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{C6E0130D-26F0-482E-A5FA-749573C2A6E5}C:\users\rog\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\rog\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{32EA718B-D8C5-4C51-B0EF-F588B771AD04}C:\users\rog\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\rog\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{B94ECB96-2B5C-408B-BA2C-E145F7022642}C:\users\rog\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\rog\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{8620A2A2-799A-452A-A151-E2C0DA4B7017}D:\1318=pro evolution soccer 2018 v1.04+data pack 3.0=29.50g\pes2018.exe] => (Block) D:\1318=pro evolution soccer 2018 v1.04+data pack 3.0=29.50g\pes2018.exe
FirewallRules: [UDP Query User{F95530FE-F8C1-41F6-A83B-5FBC165BC8B9}D:\1318=pro evolution soccer 2018 v1.04+data pack 3.0=29.50g\pes2018.exe] => (Block) D:\1318=pro evolution soccer 2018 v1.04+data pack 3.0=29.50g\pes2018.exe
FirewallRules: [{F249AC0C-5C28-404C-B1DE-CB5E0004B233}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F251D798-91AB-4EF6-88CF-5CCE37281B7C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C6DCA8C7-8456-4CC4-B3DE-8947CCA9D9B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe
FirewallRules: [{AD00B9DD-65D2-4570-BAEB-6DAC1FD49D12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe
FirewallRules: [{3F166ECA-F5B3-4BAD-BFD0-1C942B73C71F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{07D3522E-1ED1-4084-8BF0-5592AAB57300}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{8C67538D-19DD-4C0B-8595-71D30870A11D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D9182488-B27A-4D72-8D03-BA6CD948C33E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

==================== Restore Points =========================

12-11-2018 17:13:15 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2018 03:59:39 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Error: (11/12/2018 03:59:39 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (11/12/2018 03:59:38 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Error: (11/12/2018 03:56:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: DESKTOP-TQPRN0M)
Description: Installing the performance counter strings for service .NET CLR Data () failed. The first DWORD in the Data section contains the error code.

Error: (11/12/2018 03:56:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: DESKTOP-TQPRN0M)
Description: Installing the performance counter strings for service .NET CLR Networking () failed. The first DWORD in the Data section contains the error code.

Error: (11/12/2018 03:56:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: DESKTOP-TQPRN0M)
Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.

Error: (11/12/2018 03:56:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: DESKTOP-TQPRN0M)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Error: (11/12/2018 03:56:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: DESKTOP-TQPRN0M)
Description: Installing the performance counter strings for service .NET Data Provider for SqlServer () failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (11/12/2018 06:03:24 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/12/2018 05:38:33 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/12/2018 05:37:56 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/12/2018 05:08:32 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume ? were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/12/2018 04:35:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/12/2018 04:31:15 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/12/2018 04:27:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/12/2018 04:11:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-10-23 15:55:42.179
Description: 
Windows Defender Antivirus has detected a suspicious behavior.
Name: Informational:Behavior/ModifiedKernel
ID: 3157783271
Severity: Low
Category: Suspicious Behavior
Path Found: process:_0
Detection Origin: Unknown
Detection Type: Suspicious
Detection Source: Real-Time Protection
Status: Executing
Process Name: Unknown
Signature ID: 717259538435
Signature Version: AV: 1.279.301.0, AS: 1.279.301.0
Engine Version: 1.1.15400.4
Fidelity Label:  Low
Target File Name:  

Date: 2018-10-23 14:45:29.021
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6470262F-93D7-46C5-961A-BF4E4C09D3B9}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-10-22 22:49:25.110
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5F380F2E-AB81-4310-8281-049B973E8F71}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-10-15 20:56:56.467
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2DEA6458-ADF3-4437-8064-81013AC326E8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-10-15 20:43:28.768
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {33880ADA-9157-4B96-8F97-AC1100B495D5}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-06 11:54:47.164
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.279.1272.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15400.4
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode 

Date: 2018-11-06 11:44:45.276
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-11-06 02:36:23.305
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.279.1266.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15400.4
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode 

Date: 2018-11-06 02:26:21.744
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-11-05 02:32:26.189
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.279.1183.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15400.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===================================

Date: 2018-11-12 15:59:41.529
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-12 15:59:41.515
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-12 15:51:37.541
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-12 15:51:37.448
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-11 23:53:07.566
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-11 23:53:07.566
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-11 23:28:51.870
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-11 23:28:51.868
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 25%
Total physical RAM: 16319.79 MB
Available physical RAM: 12183.73 MB
Total Virtual: 19254.79 MB
Available Virtual: 13888.22 MB

==================== Drives ================================

Drive ? (OS) (Fixed) (Total:255.31 GB) (Free:58.1 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:1862.82 GB) (Free:221.72 GB) NTFS
Drive e: () (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS

\\?\Volume{a76fd503-0d52-4a00-bb7b-632ae95f6935}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.23 GB) FAT32
\\?\Volume{8250f7fe-6c2d-4dac-a41a-6e74f1c85b14}\ (EFI) (Fixed) (Total:0.19 GB) (Free:0.19 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 256.2 GB) (Disk ID: B36AF7A6)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

On cpu matter, if I launch task manager, I will catch a glimpse of task manager itself dropping from around 30% to around 1%. When i did the perfmon /report, it constantly show that cpu was largely consumer by taskhostw.exe. I have attached 3 pictures.

1: The perfmon /report in fullscreen

2: Task manager when launch in first second

3: Task manager show dropped cpu consumption instantly after that

taskhostw.PNG

taskmanager.PNG

taskmanager2.PNG

Link to post
Share on other sites

This frustrating for sure, the cpu issue continues and taskhostw.exe is listed as the cause. There is a miner trojan infection with that very name, problem is there is also a legitimate Windows executable with the same name, also as expected the legitimate one runs from the system32 folder...

The only working entry on your system is running from the system32 folder, we`ve had it checked at VirusTotal and it comes back as clean. There is a back up file, same size and both are digitally signed.

Open Windows Defender Security Center
  • Select Virus & threat protection, then Virus & threat protection settings
  • Scroll down to and select Manage Controlled Folder Access
  • In the new window Toggle that option to off

Next,

user posted imageScan with Autoruns

Please download Sysinternals Autoruns from the following link: https://live.sysinternals.com/autoruns.exe save it to your desktop.

Note: If using Windows Vista, Windows 7, Windows 8/8.1 or Windows 10 then you also need to do the following:
 
  • Right-click on Autoruns.exe and select Properties
  • Click on the Compatibility tab
  • Under Privilege Level check the box next to Run this program as an administrator
  • Click on Apply then click OK
     
  • Double-click Autoruns.exe to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and verify that the following are checked, if they are unchecked, check them:

    Hide empty locations
    Hide Windows entries

     
  • Click on the Options button at the top of the program and select Scan Options... then in the Autoruns Scan Options dialog enable/check the following two options:

    Verify code signatures
    Check VirusTotal.com

     
  • Once that's done click the Rescan button at the bottom of the Autoruns Scan Options dialog and this will start the scan again, this time let it finish.
  • When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the file to your desktop and close Autoruns.
  • Right click on the file on your desktop that you just saved and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the ZIP folder you just created to your next reply

Thanks,

Kevin

 

Link to post
Share on other sites

Thanks for that log, can you navigate to c:\windows\system32\drivers\gfdriver.sys right click direct on gfdriver.sys and select "rename" Change that name by adding .vir

The file should now be renamed and show as c:\windows\system32\drivers\gfdriver.sys.vir

Reboot your system, any change or improvement...?

Link to post
Share on other sites

It usually stay around 99%. It seems like it consume my the left cpu, so if I use 5% cpu on chrome, it would consume 95%, if i am idle, it would be 99. something. In addition, I found this using process explorer. There is 2 taskhostw.exe and one is from Microsoft as far as I understand. What do you think?

2taskhostw.PNG

Link to post
Share on other sites

Quote

There is 2 taskhostw.exe and one is from Microsoft as far as I understand

As far as i`m aware there should only be one entry for Taskhostw.exe, that should be in the System32 folder. Its function should never use the resources that are happening on your system.

You mention two entries, are you able to identify the navigational address of the second one. Do you have a USB flashdrive available, also do you know how to access the recovery environment.

There is a miner Trojan infection doing the rounds that gives the vey high CPU readings that you are experiencing, it does mimic Taskhostw.exe but does not run from System32 folder. If there is a second, but hidden Taskhostw.exe file on your system then we need to find it. We`ve done a search with FRST via Normal mode, we only found the legitimate entry in System32 folder.

Maybe if we do a search via recovery environment we may uncover what is happening....

Thanks,

Kevin

Link to post
Share on other sites

Hello zolokov,

There should not be any loss of data when we use the recovery environment to make a scan and a search. I would still recommend that any important data you have should be backed up.

Download and save FRST to your Flash drive, make sure to get the correct version, if you are unsure d/l and save both, only the correct one will run. Do not plug Flash Drive into sick PC until booted to Recovery Environment.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Next,

Boot PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference...

https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

Next,

From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10

user posted image


From that window select "Troubleshoot"


user posted image


From the next window select "Advance Options"


user posted image


From that Window select "Command Prompt"

Ensure to plug the flash drive into a USB port... You should now be in Recovery Environment with the Command Prompt Window open......

Continue with the following:
 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" or "My PC" and find your flash drive letter and close the notepad.
  • In the command window type E:\frst64 or E:\frst depending on your version. Press Enter Note: Replace letter E with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Next,

Run FRST one more time:

Type the following in the edit box after "Search:".

Taskhostw.exe

Click Search Files button and post the log (Search.txt) it makes to your reply.

Thanks,

Kevin...
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.11.2018
Ran by Rog (administrator) on DESKTOP-TQPRN0M (14-11-2018 22:47:06)
Running from F:\
Loaded Profiles: Rog (Available Profiles: Rog)
Platform: Windows 10 Home Single Language Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit64.exe [53832 2015-07-15] ()
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [63272 2015-12-24] ()
HKLM-x32\...\Run: [Gaming Mouse Driver] => C:\Program Files (x86)\Gaming Mouse\Monitor.EXE [491520 2015-01-22] ()
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-08-04] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1767816 2016-08-05] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1953688 2016-08-05] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems Inc.)
HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3207968 2018-09-08] (Valve Corporation)
Startup: C:\Users\Rog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-11-15]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Rog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-10-19]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
Startup: C:\Users\Rog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-06-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{35d6185e-ef25-4ecc-bdb7-3e765424e5dd}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{cd67af25-ade7-4f28-ba48-275d6751c8b1}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{f344cc46-d43c-4bcd-8a20-52164cf76315}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131646836558108605&GUID=BAC0ED47-BDE3-47FC-8D5C-D246C4C0D3D4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-43982905-3560842919-2321973015-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-43982905-3560842919-2321973015-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-43982905-3560842919-2321973015-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-43982905-3560842919-2321973015-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-13] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2018-11-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-13] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-43982905-3560842919-2321973015-1001 -> hxxp://www.google.com

FireFox:
========
FF DefaultProfile: wcssj3h6.default
FF ProfilePath: C:\Users\Rog\AppData\Roaming\Mozilla\Firefox\Profiles\wcssj3h6.default [2018-11-12]
FF NewTab: Mozilla\Firefox\Profiles\wcssj3h6.default -> about:newtab
FF SearchPlugin: C:\Users\Rog\AppData\Roaming\Mozilla\Firefox\Profiles\wcssj3h6.default\searchplugins\google-avast.xml [2017-03-13]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKU\S-1-5-21-43982905-3560842919-2321973015-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-10-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-10-10] (NVIDIA Corporation)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [No File]
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-10-06] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-43982905-3560842919-2321973015-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rog\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2018-11-14] <==== ATTENTION
CHR Extension: (Slides) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-12]
CHR Extension: (Docs) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-12]
CHR Extension: (Google Drive) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-12]
CHR Extension: (YouTube) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-11-12]
CHR Extension: (Sheets) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-12]
CHR Extension: (Google Docs Offline) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-12]
CHR Extension: (Gmail) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-12]
CHR Extension: (Chrome Media Router) - C:\Users\Rog\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-12]
CHR Profile: C:\Users\Rog\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-12]
CHR Profile: C:\Users\Rog\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-12]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [126648 2016-06-16] (ASUSTek Computer Inc.)
S4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe [75264 2015-12-24] (ASUS Cloud Corporation) [File not signed]
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7212480 2018-08-09] ()
S4 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] ()
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2018-06-22] (EasyAntiCheat Ltd)
S4 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-11-09] (Intel Corporation)
S4 FBAgent; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe [73032 2014-08-13] ()
S4 HnGSteamService; C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [735528 2018-05-30] (Reto-Moto ApS)
S4 ibtsiva; C:\WINDOWS\System32\ibtsiva.exe [550568 2018-05-02] (Intel Corporation)
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
S4 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-05-26] (Intel Corporation)
S4 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdatesvr.exe [133480 2016-03-31] (Zhuhai Kingsoft Office Software Co.,Ltd)
S4 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265824 2018-04-16] ()
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation)
S4 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [49704 2016-06-07] (ASUSTeK COMPUTER INC.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
S4 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1897184 2016-05-17] (Intel Corporation)
S4 Tran_Process_Proc; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe [71024 2014-03-25] ()
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-24] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-24] (Microsoft Corporation)
S4 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848288 2018-04-16] (Intel® Corporation)
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S2 ShMonitor; "C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe" [X]
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-26] (Apple Inc.)
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [95224 2016-05-20] (ASUS Corporation)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-02-23] (Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-11-09] (Intel Corporation)
S3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-11-09] (Intel Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-03-11] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-03-11] (Disc Soft Ltd)
S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-11-07] (EnigmaSoft Limited)
S3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-11-09] (Intel Corporation)
S3 farmntio; C:\Windows\system32\drivers\farmntio.sys [25144 2014-03-25] () [File not signed]
R3 GMLXDFltr01; C:\WINDOWS\system32\drivers\GMLXDFltr01.sys [10752 2014-07-24] (LXD Development, Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-11-06] ()
S3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [198168 2018-04-19] (Intel Corporation)
S2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
S3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [48080 2018-02-12] (The OpenVPN Project)
S2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-11-11] (Malwarebytes)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-11] (Intel Corporation)
S3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8743448 2018-04-26] (Intel Corporation)
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_eb18ef0e5d636f6f\nvlddmkm.sys [20337064 2018-10-12] (NVIDIA Corporation)
R0 nvpciflt; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_eb18ef0e5d636f6f\nvpciflt.sys [48496 2018-10-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-05-17] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-11] (Microsoft Corporation)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2018-01-15] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-24] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-24] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-24] (Microsoft Corporation)
S1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-21] (Zemana Ltd.)
S1 gfdriver; system32\drivers\gfdriver.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-14 20:20 - 2018-11-14 20:20 - 000384145 _____ C:\Users\Rog\Downloads\Gotham-Font.zip
2018-11-14 15:14 - 2018-11-14 15:14 - 001931969 _____ C:\Users\Rog\Downloads\ProcessExplorer.zip
2018-11-14 15:01 - 2018-11-14 15:01 - 002965803 _____ C:\Users\Rog\Downloads\Session 3- Financial Accounting vs Management Accounting.pptx
2018-11-14 14:09 - 2018-11-14 14:09 - 001223816 _____ C:\Users\Rog\Downloads\Session 2- Corporate Strategy.pptx
2018-11-13 21:03 - 2018-11-13 21:03 - 000528542 _____ C:\Users\Rog\Downloads\DESKTOP-TQPRN0M.zip
2018-11-13 21:03 - 2018-11-13 21:03 - 000528542 _____ C:\Users\Rog\Desktop\DESKTOP-TQPRN0M.zip
2018-11-13 21:01 - 2018-11-13 21:02 - 014312984 _____ C:\Users\Rog\Desktop\DESKTOP-TQPRN0M.arn
2018-11-13 20:58 - 2018-11-13 20:59 - 000731200 _____ (Sysinternals - www.sysinternals.com) C:\Users\Rog\Downloads\autoruns.exe
2018-11-12 22:05 - 2018-11-12 22:05 - 003149455 _____ C:\Users\Rog\Downloads\DouglasWArnerJanosBarberi (1).pdf
2018-11-12 22:04 - 2018-11-12 22:04 - 000575524 _____ C:\Users\Rog\Downloads\Mackenzie-2015-London_Business_School_Review.pdf
2018-11-12 22:01 - 2018-11-12 22:01 - 000743833 _____ C:\Users\Rog\Downloads\1-s2.0-S0007681317301246-main.pdf
2018-11-12 21:56 - 2018-11-12 21:56 - 003149455 _____ C:\Users\Rog\Downloads\DouglasWArnerJanosBarberi.pdf
2018-11-12 16:09 - 2018-11-12 16:09 - 000000000 ____D C:\ProgramData\Sophos
2018-11-12 16:08 - 2018-11-12 16:08 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2018-11-12 16:08 - 2018-11-12 16:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-11-12 16:08 - 2018-11-12 16:08 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-11-12 16:04 - 2018-11-12 16:06 - 210619224 _____ (Sophos Limited) C:\Users\Rog\Downloads\Sophos Virus Removal Tool.exe
2018-11-12 16:01 - 2018-11-12 16:01 - 000000000 ____D C:\Users\Rog\AppData\Roaming\Google
2018-11-12 15:54 - 2018-11-12 15:54 - 000001018 _____ C:\Users\Rog\Downloads\fixlist.txt
2018-11-12 15:53 - 2018-11-12 18:17 - 000000000 ____D C:\Users\Rog\Desktop\Fix
2018-11-12 00:00 - 2018-11-12 00:00 - 000063145 _____ C:\Users\Rog\Desktop\Addition.txt
2018-11-11 23:57 - 2018-11-14 22:47 - 000000000 ____D C:\FRST
2018-11-11 23:53 - 2018-11-11 23:53 - 000001819 _____ C:\Users\Rog\Desktop\AdwCleaner[C03].txt
2018-11-11 23:50 - 2018-11-11 23:50 - 007592144 _____ (Malwarebytes) C:\Users\Rog\Downloads\adwcleaner_7.2.4.0.exe
2018-11-11 23:49 - 2018-11-11 23:49 - 000001229 _____ C:\Users\Rog\Desktop\Malwarebytesscan.txt
2018-11-11 23:39 - 2018-11-11 23:39 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-11-11 23:39 - 2018-11-11 23:39 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-11 23:39 - 2018-11-11 23:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-11 23:39 - 2018-11-11 23:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-11 23:39 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-11 23:37 - 2018-11-11 23:39 - 079602504 _____ (Malwarebytes ) C:\Users\Rog\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7793 (1).exe
2018-11-11 23:33 - 2018-11-11 23:35 - 079602504 _____ (Malwarebytes ) C:\Users\Rog\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7793.exe
2018-11-11 20:16 - 2018-11-11 20:16 - 000032784 _____ C:\Users\Rog\Downloads\Upgrade.2018.720p.BluRay.x264-DRONES English.zip
2018-11-11 20:16 - 2018-08-17 03:11 - 000088632 ____N C:\Users\Rog\Desktop\Upgrade.2018.720p.BluRay.x264-DRONES.srt
2018-11-10 22:50 - 2018-11-10 22:50 - 000092922 _____ C:\Users\Rog\Documents\expense-receipt.pdf
2018-11-09 16:14 - 2018-11-09 16:14 - 000058257 _____ C:\Users\Rog\Desktop\mbst-clean-results.txt
2018-11-09 16:14 - 2018-11-09 16:14 - 000000000 ____D C:\Users\Rog\AppData\Local\mbamtray
2018-11-09 16:14 - 2018-11-09 16:14 - 000000000 ____D C:\Users\Rog\AppData\Local\mbam
2018-11-09 16:13 - 2018-11-09 16:14 - 079503552 _____ (Malwarebytes ) C:\WINDOWS\SysWOW64\mb-setup.exe
2018-11-09 16:11 - 2018-11-09 16:11 - 002415616 _____ (Farbar) C:\Users\Rog\Downloads\FRSTEnglish.exe
2018-11-09 16:10 - 2018-11-09 16:10 - 003567392 _____ C:\Users\Rog\Downloads\mb-support-1.3.0.549.exe
2018-11-09 15:37 - 2018-11-09 15:37 - 006221992 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Rog\Downloads\GPU-Z_ASUS_ROG_2.14.0.exe
2018-11-09 15:36 - 2018-11-09 15:50 - 000000000 ____D C:\Program Files\PeerBlock
2018-11-09 15:35 - 2018-11-09 15:35 - 002374320 _____ (PeerBlock, LLC ) C:\Users\Rog\Downloads\PeerBlock-Setup_v1.2_r693.exe
2018-11-08 21:49 - 2018-11-08 21:50 - 007880748 _____ C:\Users\Rog\Downloads\SSRN-id880566.pdf
2018-11-08 20:46 - 2018-11-08 20:46 - 001523677 _____ C:\Users\Rog\Downloads\SSRN-id1961708.pdf
2018-11-07 19:18 - 2018-11-07 19:18 - 000232610 _____ C:\Users\Rog\Downloads\Could_Lehman_Brothers_Collapse_Be_Anticipated_An_.pdf
2018-11-07 16:52 - 2018-11-09 16:12 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-11-07 16:51 - 2018-11-07 16:51 - 006625600 _____ (Zemana Ltd. ) C:\Users\Rog\Downloads\Zemana.AntiMalware.Setup (1).exe
2018-11-07 16:50 - 2018-11-07 16:50 - 011576808 _____ (SurfRight B.V.) C:\Users\Rog\Downloads\hitmanpro_x64 (2).exe
2018-11-07 16:35 - 2018-11-07 16:36 - 079073704 _____ (Malwarebytes ) C:\Users\Rog\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7717.exe
2018-11-07 16:09 - 2018-11-07 16:47 - 000061624 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2018-11-07 16:09 - 2018-11-07 16:47 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2018-11-07 16:09 - 2018-11-07 16:09 - 000001057 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2018-11-07 16:09 - 2018-11-07 16:09 - 000000000 ____D C:\sh5ldr
2018-11-07 16:09 - 2018-11-07 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2018-11-07 16:02 - 2018-11-07 16:02 - 001235408 _____ (GridinSoft LLC) C:\Users\Rog\Downloads\setup-gsam-cnet.exe
2018-11-07 15:48 - 2018-11-07 15:48 - 000000000 ____D C:\ProgramData\GridinSoft
2018-11-07 15:47 - 2018-11-07 15:47 - 000873360 _____ (GridinSoft LLC) C:\Users\Rog\Downloads\setup-antimalware-9.exe
2018-11-06 23:25 - 2018-11-06 23:25 - 000012881 _____ C:\Users\Rog\Downloads\Growth Rates.xlsx
2018-11-06 16:50 - 2018-11-06 16:50 - 000002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2018-11-06 16:50 - 2018-11-06 16:50 - 000001141 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-11-06 16:50 - 2018-11-06 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2018-11-06 16:50 - 2018-11-06 16:50 - 000000000 ____D C:\Program Files (x86)\Evernote
2018-11-06 16:09 - 2018-11-06 16:09 - 002269184 _____ C:\Users\Rog\Downloads\Session 2 Slides.ppt
2018-11-06 16:03 - 2018-11-12 22:18 - 000000000 ____D C:\Program Files\Common Files\AV
2018-11-06 16:03 - 2018-11-06 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-11-06 16:02 - 2018-11-14 11:07 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-11-06 16:02 - 2018-11-12 22:19 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-11-06 16:01 - 2018-11-06 16:01 - 002573024 _____ (Kaspersky Lab) C:\Users\Rog\Downloads\startup_14832.exe
2018-11-06 15:52 - 2018-11-06 15:52 - 000309319 _____ C:\Users\Rog\Downloads\InternationalReview_2010.pdf
2018-11-06 12:13 - 2018-11-06 12:13 - 007592144 _____ (Malwarebytes) C:\Users\Rog\Downloads\AdwCleaner.exe
2018-11-06 12:01 - 2018-11-06 12:02 - 080022264 _____ (Malwarebytes ) C:\Users\Rog\Downloads\mb3-setup-1878.1878-3.6.1.2711.exe
2018-11-06 11:59 - 2018-11-06 12:00 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Rog\Downloads\iExplore.exe
2018-11-06 11:54 - 2018-11-06 11:54 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-11-06 11:53 - 2018-11-06 11:53 - 011576808 _____ (SurfRight B.V.) C:\Users\Rog\Downloads\hitmanpro_x64 (1).exe
2018-11-06 11:50 - 2018-11-11 23:39 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-06 11:49 - 2018-11-06 11:50 - 078955096 _____ (Malwarebytes ) C:\Users\Rog\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7699 (1).exe
2018-11-06 03:59 - 2018-11-06 15:37 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-11-06 03:58 - 2018-11-06 03:58 - 003017632 _____ C:\Users\Rog\Downloads\SecurityTaskManager_Setup.exe
2018-11-06 03:46 - 2018-11-06 03:47 - 078955096 _____ (Malwarebytes ) C:\Users\Rog\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7699.exe
2018-11-06 03:46 - 2018-11-06 03:46 - 000000000 ____D C:\WINDOWS\Panther
2018-11-06 02:26 - 2018-11-14 22:45 - 002907546 _____ C:\WINDOWS\ntbtlog.txt
2018-11-06 02:26 - 2018-11-14 13:56 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-11-06 01:44 - 2018-10-10 22:38 - 000133432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-11-06 01:41 - 2018-10-12 15:38 - 000978312 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2018-11-06 01:41 - 2018-10-12 15:38 - 000978312 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-11-06 01:41 - 2018-10-12 15:38 - 000845184 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2018-11-06 01:41 - 2018-10-12 15:38 - 000845184 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-11-06 01:41 - 2018-10-12 15:38 - 000268168 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2018-11-06 01:41 - 2018-10-12 15:38 - 000268168 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-11-06 01:41 - 2018-10-12 15:38 - 000243616 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2018-11-06 01:41 - 2018-10-12 15:38 - 000243616 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-11-06 01:41 - 2018-10-12 15:37 - 002017888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441634.dll
2018-11-06 01:41 - 2018-10-12 15:37 - 001997736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-11-06 01:41 - 2018-10-12 15:37 - 001508112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-11-06 01:41 - 2018-10-12 15:37 - 001468464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441634.dll
2018-11-06 01:41 - 2018-10-12 15:37 - 001455560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-11-06 01:41 - 2018-10-12 15:37 - 001122672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-11-06 01:41 - 2018-10-12 15:37 - 000631664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-11-06 01:41 - 2018-10-12 15:37 - 000522184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-11-06 01:41 - 2018-10-12 15:36 - 040254128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-11-06 01:41 - 2018-10-12 15:36 - 035151944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-11-06 01:41 - 2018-10-12 15:36 - 004937960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-11-06 01:41 - 2018-10-12 15:36 - 004310600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-11-06 01:41 - 2018-10-12 15:36 - 000750256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-11-06 01:41 - 2018-10-12 15:36 - 000608488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 035298072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 029973400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 015907200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 013202856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 001471392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 001462184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 001167376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 001151960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 001145512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 000914552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 000822552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 000794416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-11-06 01:41 - 2018-10-12 12:36 - 000637456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-11-06 01:41 - 2018-10-12 12:35 - 019705728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-11-06 01:41 - 2018-10-12 12:35 - 016984816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-11-06 01:41 - 2018-10-11 23:16 - 001685104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2018-11-06 01:41 - 2018-10-11 23:16 - 000227856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2018-11-06 01:41 - 2018-10-11 23:16 - 000047576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-11-06 01:26 - 2018-11-06 01:27 - 029571356 _____ (NVIDIA Corporation) C:\Users\Rog\Downloads\Unconfirmed 486273.crdownload
2018-11-05 01:59 - 2018-11-05 01:59 - 000001377 _____ C:\Users\Public\Desktop\IntelProcessor Diagnostic Tool 64bit.lnk
2018-11-05 01:59 - 2018-11-05 01:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2018-11-05 01:59 - 2018-11-05 01:59 - 000000000 ____D C:\Program Files\Intel Corporation
2018-11-05 01:57 - 2018-11-05 01:58 - 104405911 _____ (Intel Corporation) C:\Users\Rog\Downloads\IPDT_Installer_4.1.0.31_64bit.exe
2018-11-05 01:43 - 2018-11-05 01:43 - 001734994 _____ (7Byte Computers ) C:\Users\Rog\Downloads\hotcpu.exe
2018-11-05 00:16 - 2018-11-05 00:16 - 001578160 _____ C:\Users\Rog\Downloads\res2005ir-annual-report-and-accounts-2005.pdf
2018-11-05 00:02 - 2018-11-05 00:02 - 019755520 _____ C:\Users\Rog\Downloads\FSRFA Session 13 - Summary  review (2).ppt
2018-11-04 17:17 - 2018-11-04 17:19 - 107455726 _____ C:\Users\Rog\Downloads\PES 2018 more FPS (Demo File).rar
2018-10-30 19:40 - 2018-10-30 19:40 - 006147584 _____ C:\Users\Rog\Downloads\Session 8 Slides (1).ppt
2018-10-30 12:28 - 2018-10-30 12:28 - 019739648 _____ C:\Users\Rog\Downloads\FSRFA Session 13 - Summary  review (1).ppt
2018-10-30 12:25 - 2018-10-30 12:25 - 019755520 _____ C:\Users\Rog\Downloads\FSRFA Session 13 - Summary  review.ppt
2018-10-30 12:09 - 2018-10-30 12:09 - 006147584 _____ C:\Users\Rog\Downloads\Session 8 Slides.ppt
2018-10-29 19:02 - 2018-10-29 19:02 - 003220480 _____ C:\Users\Rog\Downloads\FSRFA Session 1 - Overview and Intro to Risk Final.ppt
2018-10-29 15:41 - 2018-10-29 15:41 - 000155704 _____ C:\Users\Rog\Downloads\bsm_cw.pdf
2018-10-29 09:08 - 2018-10-29 09:08 - 000029273 _____ C:\Users\Rog\Downloads\sicario-day-of-the-soldado-2018-720p-bluray-x264-yts-ag-english-133712.zip
2018-10-28 22:21 - 2018-10-28 22:21 - 000277094 _____ C:\Users\Rog\Desktop\brp 1.pdf
2018-10-28 22:20 - 2018-10-28 22:21 - 000254814 _____ C:\Users\Rog\Documents\brp.pdf
2018-10-27 18:15 - 2018-10-27 18:15 - 000030441 _____ C:\Users\Rog\Downloads\elysium-english-yify-6342.zip
2018-10-27 18:15 - 2014-02-08 09:07 - 000078837 _____ C:\Users\Rog\Desktop\elysium-yify-english.srt
2018-10-26 21:25 - 2018-10-26 21:25 - 000035089 _____ C:\Users\Rog\Downloads\StartUp.S01E10.720p.WEBrip-Downloado.site-.srt
2018-10-26 19:35 - 2018-10-26 19:35 - 000014996 _____ C:\Users\Rog\Downloads\StartUp-01x09-Hostile-Takeover.WEB-DL.x264.English.rar
2018-10-26 19:35 - 2018-10-26 19:35 - 000014240 _____ C:\Users\Rog\Downloads\StartUp-01x08-Pro-Rata.WEB-DL.x264.English.rar
2018-10-26 19:35 - 2018-10-26 19:35 - 000012715 _____ C:\Users\Rog\Downloads\StartUp-01x10-Recapitalization.WEB-DL.x264.English.rar
2018-10-26 01:09 - 2018-10-26 01:09 - 000018447 _____ C:\Users\Rog\Downloads\StartUp-01x07-Valuation.WEB-DL-AAC2.0-H.264.English.rar
2018-10-25 22:58 - 2018-10-25 22:58 - 000017400 _____ C:\Users\Rog\Downloads\StartUp-01x06-Bootstrapped.WEB-DL-AAC2.0-H.264.English.rar
2018-10-25 22:58 - 2018-10-25 22:58 - 000012545 _____ C:\Users\Rog\Downloads\StartUp-01x05-Buyout.WEB-DL.English.rar
2018-10-25 22:57 - 2018-10-25 22:57 - 000014262 _____ C:\Users\Rog\Downloads\StartUp-01x04-Angel-Investor.WEB-DL-1.rar
2018-10-24 21:48 - 2018-10-24 21:48 - 000019417 _____ C:\Users\Rog\Downloads\StartUp-01x03-Proof-of-Concept.WEB-DL.AAC2_.0.H.264.English.C.edit_.rar
2018-10-24 21:06 - 2018-10-24 21:06 - 000015412 _____ C:\Users\Rog\Downloads\StartUp-01x02-Ground-Floor.WEB_.DL_.AAC2_.0.H.264.English.C.edit_-1.rar
2018-10-24 20:14 - 2018-10-24 20:14 - 000020695 _____ C:\Users\Rog\Downloads\StartUp-01x01-Seed-Money.WEB_.DL_.HEVC_.English.C..rar
2018-10-23 12:30 - 2018-11-12 21:59 - 000000000 ____D C:\Users\Rog\Desktop\MSc Fintech
2018-10-22 19:32 - 2018-10-22 19:32 - 000064660 _____ C:\Users\Rog\Downloads\inside-job-english-yify-8771.zip
2018-10-21 20:07 - 2018-10-21 20:07 - 004026368 _____ C:\Users\Rog\Downloads\FSRFA Session 11 - Credit Assessment Behavioural Conduct and AI FINAL.ppt
2018-10-21 19:34 - 2018-10-21 19:34 - 000149829 _____ C:\Users\Rog\Downloads\w5t3 - do people like nudges_ - sunstein.pdf
2018-10-21 19:28 - 2018-10-21 19:28 - 000620234 _____ C:\Users\Rog\Downloads\w5t3 - a critical assessment of libertarian paternalism - rebonato.pdf
2018-10-21 19:28 - 2018-10-21 19:28 - 000572482 _____ C:\Users\Rog\Downloads\w5t3 - can nudges be transparent and yet effective_ - bruns et al.pdf
2018-10-21 19:23 - 2018-10-21 19:23 - 000559977 _____ C:\Users\Rog\Downloads\w5t2 - the power of suggestion - madrian shea.pdf
2018-10-21 19:20 - 2018-10-21 19:20 - 000132330 _____ C:\Users\Rog\Downloads\w5t2 - save more tomorrow - benartzi thaler.pdf
2018-10-21 19:16 - 2018-10-21 19:16 - 000800994 _____ C:\Users\Rog\Downloads\w5t2 - choices in repeated gambles and retirement savings - benartzi thaler.pdf
2018-10-21 19:13 - 2018-10-21 19:13 - 000214625 _____ C:\Users\Rog\Downloads\w5t2 - choice architecture - thaler sunstein balz.pdf
2018-10-21 19:01 - 2018-10-21 19:01 - 000208745 _____ C:\Users\Rog\Downloads\w5t1 - libertarian paternalism - thaler sunstein.pdf
2018-10-20 21:11 - 2018-10-20 21:11 - 000027194 _____ C:\Users\Rog\Downloads\The Wire_1x01_en.zip
2018-10-19 11:13 - 2018-10-19 11:13 - 000032469 _____ C:\Users\Rog\Downloads\braveheart-english-yify-11222.zip
2018-10-19 11:09 - 2018-10-19 11:09 - 000015920 _____ C:\Users\Rog\Downloads\braveheart-1995-720p-brrip-x264-1-1gb-yify-english-92015.zip
2018-10-17 23:24 - 2018-10-17 23:24 - 000018820 _____ C:\Users\Rog\Downloads\mad-max-fury-road-english-yify-59249.zip
2018-10-16 23:27 - 2018-10-16 23:27 - 000524431 _____ C:\Users\Rog\Downloads\Untitled_10162018_212536.pdf
2018-10-16 23:25 - 2018-10-16 23:26 - 001950525 _____ C:\Users\Rog\Downloads\Untitled_10162018_212406.pdf
2018-10-15 22:35 - 2018-10-15 22:35 - 000029831 _____ C:\Users\Rog\Downloads\slumdog-millionaire-english-yify-6789.zip
2018-10-15 22:35 - 2014-02-14 07:52 - 000077636 _____ C:\Users\Rog\Downloads\Slumdog.Millionaire.2008.1080p.BluRay.x264.YIFY.srt
2018-10-15 19:45 - 2018-10-15 19:45 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-10-15 19:45 - 2018-10-15 19:45 - 000000000 ____D C:\Program Files (x86)\Cisco

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-14 22:44 - 2018-05-16 23:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-14 22:44 - 2018-04-11 23:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-14 22:44 - 2018-04-11 21:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-11-14 22:44 - 2017-04-07 08:32 - 000070757 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-11-14 22:44 - 2017-02-10 23:35 - 000000182 _____ C:\Users\Rog\AppData\Roaming\sp_data.sys
2018-11-14 22:43 - 2018-05-16 23:49 - 000825440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-14 22:43 - 2018-04-11 23:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-14 22:43 - 2018-04-11 23:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 22:43 - 2018-04-11 23:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-14 22:43 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 22:43 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-14 22:43 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 22:43 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-14 22:37 - 2018-05-16 23:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-14 22:00 - 2018-04-11 23:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-14 21:13 - 2018-05-16 23:56 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-11-14 21:13 - 2018-02-05 16:03 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-14 17:44 - 2017-10-18 22:27 - 000000000 ____D C:\Users\Rog\AppData\Local\Packages
2018-11-14 15:34 - 2018-04-11 23:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-14 15:34 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-14 15:00 - 2018-04-11 23:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-14 14:34 - 2017-02-12 20:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-14 14:16 - 2017-02-12 20:27 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-14 14:05 - 2018-05-16 23:51 - 000426712 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-14 14:04 - 2018-05-16 23:56 - 000004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7D0DDB6E-7D0A-44F3-B317-11896FF06FE1}
2018-11-14 14:02 - 2017-07-18 01:20 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-14 12:00 - 2018-05-16 23:56 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-11-14 12:00 - 2018-05-16 23:56 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-11-14 11:07 - 2017-03-09 12:12 - 000000000 ____D C:\Users\Rog\Documents\Assassin's Creed Unity
2018-11-14 08:09 - 2018-05-16 23:56 - 000004596 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-11-14 08:09 - 2018-05-16 23:56 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-14 08:09 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-14 08:09 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-13 12:05 - 2017-07-16 16:52 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-12 22:23 - 2018-04-11 21:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-12 22:18 - 2018-04-11 23:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-12 22:18 - 2015-10-30 06:28 - 000000000 ____D C:\Users\Default.migrated
2018-11-12 15:57 - 2017-07-13 07:43 - 000000000 ____D C:\Users\Rog\AppData\LocalLow\Temp
2018-11-12 15:56 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-11-12 15:56 - 2015-10-30 07:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-11-12 15:54 - 2017-02-12 19:08 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-11 23:26 - 2018-05-16 23:51 - 000000000 ____D C:\Users\Rog
2018-11-11 20:14 - 2017-08-10 19:13 - 000000000 ____D C:\Users\Rog\Downloads\PopcornTime
2018-11-10 23:38 - 2017-02-14 10:41 - 000000000 ____D C:\Users\Rog\AppData\Roaming\vlc
2018-11-09 15:19 - 2017-03-21 19:55 - 001101840 _____ C:\WINDOWS\ZAM.krnl.trace
2018-11-09 15:08 - 2018-05-18 18:20 - 000000000 ____D C:\Users\Rog\AppData\Local\D3DSCache
2018-11-09 13:46 - 2017-02-11 00:11 - 000000000 ____D C:\Users\Rog\AppData\Local\CrashDumps
2018-11-09 11:42 - 2017-02-10 23:38 - 000000000 ____D C:\Users\Rog\AppData\Local\NVIDIA
2018-11-08 22:54 - 2017-04-04 16:41 - 000000000 ____D C:\Users\Rog\AppData\Local\Package Cache
2018-11-07 16:08 - 2018-05-09 14:36 - 000000000 ____D C:\Program Files\Epic Games
2018-11-07 16:08 - 2018-05-09 14:34 - 000000000 ____D C:\ProgramData\Epic
2018-11-07 15:44 - 2017-10-23 11:04 - 000000000 ___HD C:\Users\Rog\MicrosoftEdgeBackups
2018-11-07 13:14 - 2018-06-04 22:33 - 000000000 ____D C:\ProgramData\Freemake
2018-11-07 13:14 - 2018-06-04 22:33 - 000000000 ____D C:\Program Files (x86)\Freemake
2018-11-07 00:52 - 2018-03-13 23:23 - 000007601 _____ C:\Users\Rog\AppData\Local\resmon.resmoncfg
2018-11-06 22:55 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-06 12:13 - 2017-03-19 18:59 - 000000000 ____D C:\AdwCleaner
2018-11-06 11:45 - 2017-02-11 00:15 - 000000000 ____D C:\Users\Rog\AppData\Local\ElevatedDiagnostics
2018-11-06 04:01 - 2018-05-16 23:56 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2018-11-06 04:01 - 2016-03-31 03:48 - 000000000 ____D C:\Program Files (x86)\ASUS
2018-11-06 02:13 - 2018-04-11 23:38 - 000000000 ____D C:\PerfLogs
2018-11-06 01:44 - 2017-07-18 01:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-11-06 01:44 - 2017-07-18 01:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-11-06 01:43 - 2017-07-18 01:20 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-11-06 01:27 - 2018-08-02 05:01 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:27 - 2018-08-02 05:01 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-08-02 05:00 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-08-02 05:00 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-08-02 05:00 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-05-16 23:56 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-05-16 23:56 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-05-16 23:56 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-05-16 23:56 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-05-16 23:56 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-06 01:26 - 2018-05-16 23:56 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-05 17:34 - 2018-04-11 23:41 - 000835168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-05 17:34 - 2018-04-11 23:41 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-05 13:23 - 2017-02-10 23:39 - 000000000 ____D C:\Users\Rog\AppData\Local\NVIDIA Corporation
2018-11-05 02:14 - 2017-10-19 01:01 - 000000000 ____D C:\Users\Rog\AppData\Roaming\Rainmeter
2018-10-24 21:27 - 2018-02-28 13:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-10-23 13:48 - 2018-06-22 03:52 - 000000000 ____D C:\ProgramData\Packages
2018-10-20 21:11 - 2018-05-16 23:56 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-43982905-3560842919-2321973015-1001
2018-10-20 21:11 - 2018-05-16 23:51 - 000002359 _____ C:\Users\Rog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-20 21:11 - 2017-02-10 23:58 - 000000000 __RDL C:\Users\Rog\OneDrive
2018-10-16 23:30 - 2018-03-28 19:58 - 000000000 ____D C:\Users\Rog\Desktop\iceland
2018-10-16 22:58 - 2017-02-12 19:34 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-10-15 19:45 - 2017-07-18 01:20 - 000000000 ____D C:\Program Files (x86)\Intel
2018-10-15 19:45 - 2016-10-25 06:01 - 000000000 ____D C:\ProgramData\Intel
2018-10-15 19:45 - 2016-10-25 06:01 - 000000000 ____D C:\Program Files\Intel
2018-10-15 19:45 - 2016-03-31 03:49 - 000000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2018-02-18 14:22 - 2018-02-18 14:22 - 000000132 _____ () C:\Users\Rog\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2018-01-28 21:44 - 2018-07-27 04:44 - 000000132 _____ () C:\Users\Rog\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-02-10 23:35 - 2018-11-14 22:44 - 000000182 _____ () C:\Users\Rog\AppData\Roaming\sp_data.sys
2018-03-13 23:23 - 2018-11-07 00:52 - 000007601 _____ () C:\Users\Rog\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-16 23:49

==================== End of FRST.txt ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.