Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan.Siggen7.42893

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan.Siggen7.42893

Unread postby chrisgtl » March 27th, 2018, 3:25 pm

Eeek. Just did something proper ultimate stuupid.

Think I got Trojan.Siggen7.42893 > https://vms.drweb.ru/virus/?i=16622968

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by HTPC (administrator) on HTPC-PC (27-03-2018 20:16:04)
Running from C:\Users\HTPC\Downloads
Loaded Profiles: HTPC (Available Profiles: HTPC)
Platform: Windows 10 Enterprise Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\DriverStore\FileRepository\c0322990.inf_amd64_06c9aec2ef966091\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
() C:\Windows\KMS-R@1n.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piotr Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-27] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3254310197-3652444803-2336958065-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2018-02-15] (The NWJS Community)
HKU\S-1-5-21-3254310197-3652444803-2336958065-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [36864 2017-09-29] (Microsoft Corporation)
Startup: C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2018-01-31]
ShortcutTarget: SABnzbd.lnk -> C:\Program Files\SABnzbd\SABnzbd.exe (The SABnzbd-team)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{23ae6c58-2fac-4de0-b991-aeaf6ae3ebe9}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{c9d34ee7-8c3c-4ec3-ab33-e62998fd052a}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-31] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-31] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-31] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-31] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\HTPC\AppData\Local\Google\Chrome\User Data\Default [2018-03-27]
CHR Extension: (Slides) - C:\Users\HTPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-31]
CHR Extension: (HD for YouTube™) - C:\Users\HTPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2018-02-25]
CHR Extension: (Docs) - C:\Users\HTPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-31]
CHR Extension: (Google Drive) - C:\Users\HTPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-31]
CHR Extension: (YouTube) - C:\Users\HTPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-31]
CHR Extension: (uBlock Origin) - C:\Users\HTPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-03-21]
CHR Extension: (Sheets) - C:\Users\HTPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-31]
CHR Extension: (Chrome Remote Desktop) - C:\Users\HTPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\HTPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HTPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-31]
CHR Extension: (Gmail) - C:\Users\HTPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-31]
CHR Extension: (Chrome Media Router) - C:\Users\HTPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0322990.inf_amd64_06c9aec2ef966091\atiesrxx.exe [481768 2018-01-18] (AMD)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-03] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-27] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-27] (AVAST Software)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe [71000 2018-03-06] (Google Inc.)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2018-03-27] () [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2018-01-05] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-31] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-31] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALSysIO; C:\Users\HTPC\AppData\Local\Temp\ALSysIO64.sys [46384 2018-03-27] (Arthur Liberman) <==== ATTENTION
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0322990.inf_amd64_06c9aec2ef966091\atikmdag.sys [41703912 2018-01-18] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0322990.inf_amd64_06c9aec2ef966091\atikmpag.sys [546280 2018-01-18] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-03] ()
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196648 2018-03-27] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-27] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-27] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-27] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-27] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [215320 2018-03-27] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-03-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146656 2018-03-27] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-03-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-03-27] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-03-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-03-27] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-03-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-03-27] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111112 2017-11-21] (Advanced Micro Devices)
S3 cpuz146; C:\Windows\temp\cpuz146\cpuz146_x64.sys [52824 2018-03-27] (CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1024848 2018-02-01] (Realtek )
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-29] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-01-31] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288848 2018-01-31] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-31] (Microsoft Corporation)
U2 OSppSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-27 20:16 - 2018-03-27 20:16 - 000013068 _____ C:\Users\HTPC\Downloads\FRST.txt
2018-03-27 20:16 - 2018-03-27 20:16 - 000000000 ____D C:\FRST
2018-03-27 20:15 - 2018-03-27 20:15 - 002403328 _____ (Farbar) C:\Users\HTPC\Downloads\FRST64.exe
2018-03-27 20:15 - 2018-03-27 20:15 - 001764352 _____ (Farbar) C:\Users\HTPC\Downloads\FRST.exe
2018-03-27 20:09 - 2018-03-27 20:09 - 000043495 _____ C:\Users\HTPC\Desktop\dds.txt
2018-03-27 20:09 - 2018-03-27 20:09 - 000010713 _____ C:\Users\HTPC\Desktop\attach.txt
2018-03-27 20:08 - 2018-03-27 20:08 - 000688992 ____R (Swearware) C:\Users\HTPC\Downloads\dds.com
2018-03-27 20:02 - 2018-03-27 20:02 - 000000000 ____D C:\Users\HTPC\Downloads\backups
2018-03-27 19:51 - 2018-03-27 19:51 - 000388608 _____ (Trend Micro Inc.) C:\Users\HTPC\Downloads\HijackThis.exe
2018-03-27 19:17 - 2018-03-27 19:17 - 000000000 ___HD C:\$AV_ASW
2018-03-27 19:13 - 2018-03-27 19:13 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-03-27 19:13 - 2018-03-27 19:13 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-03-27 19:13 - 2018-03-27 19:13 - 000380768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-03-27 19:13 - 2018-03-27 19:13 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-03-27 19:13 - 2018-03-27 19:13 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-03-27 19:13 - 2018-03-27 19:13 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-03-27 19:13 - 2018-03-27 19:13 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-03-27 19:13 - 2018-03-27 19:13 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-03-27 19:13 - 2018-03-27 19:13 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-03-27 19:13 - 2018-03-27 19:13 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-03-27 19:13 - 2018-03-27 19:13 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-03-27 19:13 - 2018-03-27 19:13 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-03-27 19:13 - 2018-03-27 19:13 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-03-27 19:13 - 2018-03-27 19:13 - 000061304 _____ () C:\Windows\system32\Drivers\lpsport.sys
2018-03-27 19:13 - 2018-03-27 19:13 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-03-27 19:13 - 2018-03-27 19:13 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-03-27 19:13 - 2018-03-27 19:13 - 000003990 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-03-27 19:13 - 2018-03-27 19:13 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-03-27 19:13 - 2018-03-27 19:13 - 000001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-03-27 19:13 - 2018-03-27 19:13 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-03-27 19:13 - 2018-03-27 19:13 - 000000000 ____D C:\Users\HTPC\AppData\Roaming\AVAST Software
2018-03-27 19:13 - 2018-03-27 19:13 - 000000000 ____D C:\Users\HTPC\AppData\Local\CEF
2018-03-27 19:13 - 2018-03-27 19:13 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-03-27 19:12 - 2018-03-27 19:13 - 000000000 ____D C:\ProgramData\AVAST Software
2018-03-27 19:12 - 2018-03-27 19:12 - 006334880 _____ (AVAST Software) C:\Users\HTPC\Downloads\avast_free_antivirus_setup_online.exe
2018-03-27 19:12 - 2018-03-27 19:12 - 000000000 ____D C:\Program Files\AVAST Software
2018-03-27 19:09 - 2018-03-27 19:09 - 000000000 ____D C:\Users\HTPC\AppData\Local\ElevatedDiagnostics
2018-03-27 18:47 - 2018-03-27 18:47 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-27 18:47 - 2018-03-27 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-27 18:47 - 2018-03-27 18:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-27 18:47 - 2018-03-27 18:47 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-27 18:47 - 2018-01-18 09:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-27 18:41 - 2018-03-27 18:41 - 002526736 _____ (Trend Micro Inc.) C:\Users\HTPC\Downloads\HousecallLauncher64 (1).exe
2018-03-27 18:34 - 2018-03-27 18:34 - 000003096 _____ C:\Users\Public\Desktop\R@1n.txt
2018-03-27 18:27 - 2018-03-27 18:27 - 000001908 _____ C:\Windows\diagwrn.xml
2018-03-27 18:27 - 2018-03-27 18:27 - 000001908 _____ C:\Windows\diagerr.xml
2018-03-27 18:21 - 2018-02-19 13:19 - 2651703296 _____ C:\Users\HTPC\Desktop\MS Windows 10 Enterprise 1709 RS3 Build 16299.248 NL-x64.iso
2018-03-27 18:17 - 2018-03-27 18:17 - 000967800 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\HTPC\Downloads\rufus-2.18.exe
2018-03-27 18:14 - 2018-03-27 18:14 - 000000000 ____D C:\Windows\Trend Micro
2018-03-27 18:14 - 2018-03-27 18:14 - 000000000 ____D C:\ProgramData\Trend Micro
2018-03-27 18:09 - 2018-03-27 18:09 - 002527376 _____ (Trend Micro Inc.) C:\Users\HTPC\Downloads\HousecallLauncher64.exe
2018-03-27 18:09 - 2015-05-29 08:43 - 000307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2018-03-27 17:57 - 2018-03-27 17:57 - 001348912 _____ C:\Users\HTPC\Downloads\MS_Windows_10_Enterprise_1709_RS3_Build_16299.248_NL-x64.nzb
2018-03-27 17:57 - 2018-03-27 17:57 - 000025869 _____ C:\Users\HTPC\Downloads\Windows_10_Permanent_Activator_Ultimate_2.5.nzb
2018-03-27 17:48 - 2018-03-27 17:48 - 000026112 _____ C:\Windows\KMS-R@1n.exe
2018-03-27 17:48 - 2018-03-27 17:48 - 000004096 _____ C:\Windows\KMS-R@1nHook.dll
2018-03-27 17:47 - 2018-03-27 17:47 - 000004082 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BD5B97A5-4C5B-4CFF-8AF3-3F42DA1AAAB0}
2018-03-27 10:48 - 2018-03-27 10:48 - 000010392 _____ C:\Users\HTPC\Downloads\conf.bin
2018-03-25 15:45 - 2018-03-25 15:45 - 001008893 _____ C:\Users\HTPC\Downloads\Jigsaw.2017.1080p.BluRay.x264-GECKOS (2).nzb
2018-03-25 15:44 - 2018-03-25 15:44 - 001008848 _____ C:\Users\HTPC\Downloads\Jigsaw.2017.1080p.BluRay.x264-GECKOS (1).nzb
2018-03-25 00:01 - 2018-03-25 00:01 - 013107370 _____ C:\Users\HTPC\Downloads\MPC-BE.1.5.2.3445.x64-installer.zip
2018-03-24 20:28 - 2018-03-24 20:28 - 003039059 _____ C:\Users\HTPC\Downloads\Aquamarine.2006.1080p.BluRay.x264-BARC0DE.nzb
2018-03-24 20:27 - 2018-03-24 20:27 - 000588047 _____ C:\Users\HTPC\Downloads\The.Greatest.Showman.2017.1080p.AMZN.WEB-DL.DDP5.1.H.264-NTG.nzb
2018-03-24 20:26 - 2018-03-24 20:26 - 001225368 _____ C:\Users\HTPC\Downloads\Victoria...Abdul.2017.1080p.BluRay.X264.DTS-WiKi.nzb
2018-03-24 20:16 - 2018-03-24 20:16 - 001008848 _____ C:\Users\HTPC\Downloads\Jigsaw.2017.1080p.BluRay.x264-GECKOS.nzb
2018-03-24 20:14 - 2018-03-24 20:14 - 002171517 _____ C:\Users\HTPC\Downloads\Despicable.Me.3.2017.1080p.BluRay.DTS.x264.nzb
2018-03-24 20:12 - 2018-03-27 18:15 - 000000000 ____D C:\NZB
2018-03-24 12:31 - 2018-03-24 12:31 - 003465634 _____ C:\Users\HTPC\Downloads\Battle.of.the.Sexes.2017.1080p.BluRay.DTS.x264-FuzerHD.nzb
2018-03-24 12:19 - 2018-03-24 12:19 - 003217008 _____ C:\Users\HTPC\Downloads\A.Bad.Moms.Christmas.2017.1080p.BluRay.DTS.x264-FuzerHD.nzb
2018-03-24 02:01 - 2018-03-24 02:01 - 001700040 _____ (PassMark Software ) C:\Users\HTPC\Downloads\diskcheckup.exe
2018-03-24 01:56 - 2018-03-24 01:56 - 029641312 _____ (Samsung Electronics ) C:\Users\HTPC\Downloads\Samsung_Magician_Installer.exe
2018-03-22 21:37 - 2018-03-22 21:37 - 001220384 _____ ( ) C:\Users\HTPC\Downloads\hwmonitor_1.34.exe
2018-03-22 21:31 - 2018-03-22 21:31 - 000514172 _____ C:\Users\HTPC\Downloads\openhardwaremonitor-v0.8.0-beta.zip
2018-03-22 21:31 - 2018-03-22 21:31 - 000000000 ____D C:\Users\HTPC\Downloads\openhardwaremonitor-v0.8.0-beta
2018-03-22 20:46 - 2018-03-22 21:32 - 000000000 ____D C:\Users\HTPC\AppData\Roaming\HandBrake
2018-03-22 20:46 - 2018-03-22 20:46 - 010468271 _____ C:\Users\HTPC\Downloads\HandBrake-1.0.7-x86_64-Win_GUI.exe
2018-03-22 20:46 - 2018-03-22 20:46 - 000000000 ____D C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2018-03-22 20:46 - 2018-03-22 20:46 - 000000000 ____D C:\Users\HTPC\AppData\Roaming\HandBrake Team
2018-03-22 20:46 - 2018-03-22 20:46 - 000000000 ____D C:\Program Files\HandBrake
2018-03-22 20:43 - 2018-03-22 20:44 - 000000000 ____D C:\Users\HTPC\Downloads\TreeSizeFree-Portable
2018-03-22 20:43 - 2018-03-22 20:43 - 007497754 _____ C:\Users\HTPC\Downloads\TreeSizeFree-Portable.zip
2018-03-22 20:36 - 2018-03-22 20:36 - 000000000 ____D C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2018-03-22 20:36 - 2018-03-22 20:36 - 000000000 ____D C:\Users\HTPC\.MakeMKV
2018-03-22 20:36 - 2018-03-22 20:36 - 000000000 ____D C:\Program Files (x86)\MakeMKV
2018-03-22 18:58 - 2018-03-22 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2018-03-22 18:58 - 2018-03-22 21:37 - 000000000 ____D C:\Program Files\CPUID
2018-03-21 22:08 - 2018-03-21 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2018-03-21 22:08 - 2018-03-21 22:08 - 000000000 ____D C:\Program Files\Core Temp
2018-03-15 07:23 - 2018-03-02 04:36 - 017085440 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2018-03-15 07:23 - 2018-03-02 04:02 - 000037888 _____ C:\Windows\system32\SpectrumSyncClient.dll
2018-03-15 07:23 - 2018-03-02 04:01 - 000640000 _____ (Microsoft Corporation) C:\Windows\system32\HeadTrackerStorage.dll
2018-03-15 07:23 - 2018-03-02 04:00 - 000329728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Feedback.Analog.dll
2018-03-15 07:23 - 2018-03-02 04:00 - 000248320 _____ (Microsoft Corporation) C:\Windows\system32\svf.dll
2018-03-15 07:23 - 2018-03-02 04:00 - 000230912 _____ (Microsoft Corporation) C:\Windows\system32\HoloShellRuntime.dll
2018-03-15 07:23 - 2018-03-02 03:59 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2018-03-15 07:23 - 2018-03-01 21:28 - 000181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HoloShellRuntime.dll
2018-03-15 07:23 - 2018-03-01 08:50 - 000270744 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-15 07:23 - 2018-03-01 08:49 - 000389536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-15 07:23 - 2018-03-01 08:48 - 000664472 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-15 07:23 - 2018-03-01 08:47 - 000749464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-15 07:23 - 2018-03-01 08:47 - 000035224 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2018-03-15 07:23 - 2018-03-01 08:46 - 002003352 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-15 07:23 - 2018-03-01 08:46 - 001568664 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-15 07:23 - 2018-03-01 08:46 - 000609176 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-15 07:23 - 2018-03-01 08:46 - 000138144 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-15 07:23 - 2018-03-01 08:45 - 000070040 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2018-03-15 07:23 - 2018-03-01 08:40 - 002514936 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-03-15 07:23 - 2018-03-01 08:40 - 000461720 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2018-03-15 07:23 - 2018-03-01 08:40 - 000273304 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-15 07:23 - 2018-03-01 08:37 - 007831760 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-03-15 07:23 - 2018-03-01 08:31 - 008602520 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-03-15 07:23 - 2018-03-01 08:30 - 000540064 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-03-15 07:23 - 2018-03-01 08:30 - 000264040 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2018-03-15 07:23 - 2018-03-01 08:29 - 000733592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-03-15 07:23 - 2018-03-01 08:27 - 001173576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-03-15 07:23 - 2018-03-01 08:26 - 000170912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-03-15 07:23 - 2018-03-01 08:25 - 000377752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-03-15 07:23 - 2018-03-01 08:23 - 000749976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2018-03-15 07:23 - 2018-03-01 08:19 - 000710768 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2018-03-15 07:23 - 2018-03-01 08:17 - 002710736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-03-15 07:23 - 2018-03-01 08:17 - 000519152 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2018-03-15 07:23 - 2018-03-01 08:17 - 000408984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-03-15 07:23 - 2018-03-01 08:15 - 002574232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-03-15 07:23 - 2018-03-01 08:14 - 007675784 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-03-15 07:23 - 2018-03-01 08:14 - 007384576 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-03-15 07:23 - 2018-03-01 08:14 - 005105664 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2018-03-15 07:23 - 2018-03-01 08:14 - 001694224 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2018-03-15 07:23 - 2018-03-01 08:14 - 000356952 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-03-15 07:23 - 2018-03-01 08:14 - 000147872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2018-03-15 07:23 - 2018-03-01 08:14 - 000128928 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
2018-03-15 07:23 - 2018-03-01 08:12 - 000677272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-03-15 07:23 - 2018-03-01 08:12 - 000250264 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2018-03-15 07:23 - 2018-03-01 08:12 - 000189344 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthAgent.dll
2018-03-15 07:23 - 2018-03-01 08:11 - 000093600 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2018-03-15 07:23 - 2018-03-01 08:10 - 001779936 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2018-03-15 07:23 - 2018-03-01 08:10 - 000075168 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthProxyStub.dll
2018-03-15 07:23 - 2018-03-01 08:10 - 000022936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-03-15 07:23 - 2018-03-01 08:09 - 001054272 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2018-03-15 07:23 - 2018-03-01 07:51 - 000777904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-03-15 07:23 - 2018-03-01 07:48 - 001930736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-03-15 07:23 - 2018-03-01 07:39 - 000213400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2018-03-15 07:23 - 2018-03-01 07:30 - 005615968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-03-15 07:23 - 2018-03-01 07:29 - 006092152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-03-15 07:23 - 2018-03-01 07:29 - 000574960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2018-03-15 07:23 - 2018-03-01 07:28 - 006480616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-15 07:23 - 2018-03-01 07:28 - 002193168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-03-15 07:23 - 2018-03-01 07:28 - 000115096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinelsa.dll
2018-03-15 07:23 - 2018-03-01 07:27 - 000284112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-03-15 07:23 - 2018-03-01 07:27 - 000221592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2018-03-15 07:23 - 2018-03-01 07:26 - 001524776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2018-03-15 07:23 - 2018-03-01 07:26 - 001057816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2018-03-15 07:23 - 2018-03-01 07:23 - 005105664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll
2018-03-15 07:23 - 2018-03-01 07:21 - 001558856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2018-03-15 07:23 - 2018-03-01 07:09 - 025251840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-03-15 07:23 - 2018-03-01 07:03 - 002902528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-03-15 07:23 - 2018-03-01 07:03 - 000471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2018-03-15 07:23 - 2018-03-01 07:03 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-03-15 07:23 - 2018-03-01 07:03 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2018-03-15 07:23 - 2018-03-01 07:03 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2018-03-15 07:23 - 2018-03-01 07:01 - 019354624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-03-15 07:23 - 2018-03-01 07:01 - 006575616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-03-15 07:23 - 2018-03-01 07:01 - 000155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-03-15 07:23 - 2018-03-01 07:01 - 000019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-03-15 07:23 - 2018-03-01 07:00 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-03-15 07:23 - 2018-03-01 06:59 - 000220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-15 07:23 - 2018-03-01 06:58 - 004839424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-03-15 07:23 - 2018-03-01 06:58 - 000459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-03-15 07:23 - 2018-03-01 06:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Payments.dll
2018-03-15 07:23 - 2018-03-01 06:58 - 000368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-03-15 07:23 - 2018-03-01 06:57 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-03-15 07:23 - 2018-03-01 06:56 - 018922496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-03-15 07:23 - 2018-03-01 06:56 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-03-15 07:23 - 2018-03-01 06:55 - 000346112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-03-15 07:23 - 2018-03-01 06:54 - 003664384 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-03-15 07:23 - 2018-03-01 06:54 - 003181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-03-15 07:23 - 2018-03-01 06:54 - 001296896 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2018-03-15 07:23 - 2018-03-01 06:54 - 000665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-03-15 07:23 - 2018-03-01 06:54 - 000496128 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-03-15 07:23 - 2018-03-01 06:54 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-03-15 07:23 - 2018-03-01 06:53 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2018-03-15 07:23 - 2018-03-01 06:53 - 000536576 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2018-03-15 07:23 - 2018-03-01 06:53 - 000399872 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2018-03-15 07:23 - 2018-03-01 06:53 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2018-03-15 07:23 - 2018-03-01 06:53 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\IndexedDbLegacy.dll
2018-03-15 07:23 - 2018-03-01 06:53 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2018-03-15 07:23 - 2018-03-01 06:53 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\updatecsp.dll
2018-03-15 07:23 - 2018-03-01 06:53 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll
2018-03-15 07:23 - 2018-03-01 06:53 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\AcSpecfc.dll
2018-03-15 07:23 - 2018-03-01 06:53 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\UsoClient.exe
2018-03-15 07:23 - 2018-03-01 06:52 - 011923968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-03-15 07:23 - 2018-03-01 06:52 - 006030336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-03-15 07:23 - 2018-03-01 06:51 - 002329088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2018-03-15 07:23 - 2018-03-01 06:51 - 000201728 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-03-15 07:23 - 2018-03-01 06:51 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2018-03-15 07:23 - 2018-03-01 06:51 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-03-15 07:23 - 2018-03-01 06:50 - 003677184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-03-15 07:23 - 2018-03-01 06:50 - 002869760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-03-15 07:23 - 2018-03-01 06:50 - 000526336 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2018-03-15 07:23 - 2018-03-01 06:50 - 000118272 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-03-15 07:23 - 2018-03-01 06:50 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcnfs.sys
2018-03-15 07:23 - 2018-03-01 06:49 - 000675328 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-03-15 07:23 - 2018-03-01 06:49 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2018-03-15 07:23 - 2018-03-01 06:49 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountWAMExtension.dll
2018-03-15 07:23 - 2018-03-01 06:49 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-03-15 07:23 - 2018-03-01 06:48 - 000543232 _____ (Microsoft Corporation) C:\Windows\system32\HolographicExtensions.dll
2018-03-15 07:23 - 2018-03-01 06:48 - 000431616 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll
2018-03-15 07:23 - 2018-03-01 06:47 - 023674368 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-03-15 07:23 - 2018-03-01 06:47 - 000579584 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Payments.dll
2018-03-15 07:23 - 2018-03-01 06:47 - 000484352 _____ (Microsoft Corporation) C:\Windows\system32\cdpusersvc.dll
2018-03-15 07:23 - 2018-03-01 06:46 - 004051968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-03-15 07:23 - 2018-03-01 06:46 - 000770048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2018-03-15 07:23 - 2018-03-01 06:46 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2018-03-15 07:23 - 2018-03-01 06:45 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-03-15 07:23 - 2018-03-01 06:45 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-03-15 07:23 - 2018-03-01 06:45 - 000386560 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-03-15 07:23 - 2018-03-01 06:44 - 008030720 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-03-15 07:23 - 2018-03-01 06:44 - 005195776 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2018-03-15 07:23 - 2018-03-01 06:43 - 012830208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-03-15 07:23 - 2018-03-01 06:42 - 003505664 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-03-15 07:23 - 2018-03-01 06:42 - 002084352 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-03-15 07:23 - 2018-03-01 06:41 - 008103936 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-03-15 07:23 - 2018-03-01 06:41 - 004745728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-03-15 07:23 - 2018-03-01 06:41 - 003334144 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-03-15 07:23 - 2018-03-01 06:41 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-03-15 07:23 - 2018-03-01 06:41 - 000812032 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-03-15 07:23 - 2018-03-01 06:40 - 005833216 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2018-03-15 07:23 - 2018-03-01 06:39 - 002222592 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2018-03-15 07:23 - 2018-03-01 06:39 - 002035712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2018-03-15 07:23 - 2018-03-01 06:39 - 000899584 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2018-03-15 07:23 - 2018-03-01 06:39 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\DbgModel.dll
2018-03-15 07:23 - 2018-03-01 06:38 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2018-03-15 07:23 - 2018-03-01 06:38 - 000726016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-03-15 07:23 - 2018-03-01 06:36 - 004050432 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-03-15 07:23 - 2018-03-01 06:36 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2018-03-15 07:23 - 2018-03-01 06:35 - 000568320 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-03-15 07:23 - 2018-03-01 06:35 - 000128000 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-03-15 07:23 - 2018-03-01 06:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2018-03-15 07:23 - 2018-02-22 03:23 - 001092016 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-03-15 07:23 - 2018-02-22 03:23 - 000924648 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-03-15 07:23 - 2018-02-22 03:13 - 000279456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2018-03-15 07:23 - 2018-02-22 03:13 - 000077216 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-03-15 07:23 - 2018-02-22 03:11 - 000109984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2018-03-15 07:23 - 2018-02-22 03:10 - 000285080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2018-03-15 07:23 - 2018-02-22 03:08 - 001206688 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-03-15 07:23 - 2018-02-22 03:08 - 001055648 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-03-15 07:23 - 2018-02-22 03:08 - 000571288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2018-03-15 07:23 - 2018-02-22 03:07 - 001415296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-03-15 07:23 - 2018-02-22 03:07 - 001209248 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-03-15 07:23 - 2018-02-22 03:07 - 000194456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2018-03-15 07:23 - 2018-02-22 03:03 - 000712600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-03-15 07:23 - 2018-02-22 03:03 - 000082848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-03-15 07:23 - 2018-02-22 03:02 - 000149400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys
2018-03-15 07:23 - 2018-02-22 03:00 - 000187296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2018-03-15 07:23 - 2018-02-22 02:59 - 021351624 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-03-15 07:23 - 2018-02-22 02:54 - 000437144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2018-03-15 07:23 - 2018-02-22 02:52 - 000103328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2018-03-15 07:23 - 2018-02-22 02:51 - 000555424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2018-03-15 07:23 - 2018-02-22 02:51 - 000097176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdstor.sys
2018-03-15 07:23 - 2018-02-22 02:51 - 000045472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storufs.sys
2018-03-15 07:23 - 2018-02-22 02:50 - 000362904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-03-15 07:23 - 2018-02-22 02:50 - 000229272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2018-03-15 07:23 - 2018-02-22 01:41 - 020286120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-03-15 07:23 - 2018-02-22 01:31 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmUcsi.sys
2018-03-15 07:23 - 2018-02-22 01:30 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys
2018-03-15 07:23 - 2018-02-22 01:30 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-03-15 07:23 - 2018-02-22 01:30 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RfxVmt.sys
2018-03-15 07:23 - 2018-02-22 01:27 - 001282048 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2018-03-15 07:23 - 2018-02-22 01:26 - 000441344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2018-03-15 07:23 - 2018-02-22 01:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\cldapi.dll
2018-03-15 07:23 - 2018-02-22 01:16 - 001286144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2018-03-15 07:23 - 2018-02-22 01:12 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2018-03-11 11:05 - 2018-03-11 11:11 - 000000000 ____D C:\Users\HTPC\AppData\Roaming\MPC-BE
2018-03-11 11:05 - 2018-03-11 11:05 - 000000000 ____D C:\ProgramData\MPC-BE
2018-03-11 11:05 - 2018-03-11 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-BE x64
2018-03-11 11:05 - 2018-03-11 11:05 - 000000000 ____D C:\Program Files\MPC-BE x64
2018-03-04 21:01 - 2018-03-04 21:04 - 000000000 ____D C:\ProgramData\Freemake
2018-03-04 21:01 - 2018-03-04 21:04 - 000000000 ____D C:\Program Files (x86)\Freemake
2018-03-04 21:01 - 2018-03-04 21:01 - 000000000 ____D C:\Users\HTPC\Documents\Freemake
2018-03-04 21:01 - 2018-03-04 21:01 - 000000000 ____D C:\Users\HTPC\AppData\Local\FreemakeAudioConverter
2018-03-04 20:45 - 2018-03-04 20:45 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-03-04 20:32 - 2018-03-04 20:32 - 000000000 ____D C:\Users\HTPC\AppData\LocalLow\Temp
2018-02-25 22:00 - 2018-03-06 19:20 - 000000000 ____D C:\Users\HTPC\AppData\LocalLow\uTorrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-27 20:08 - 2018-01-31 16:04 - 000000000 ____D C:\Users\HTPC\AppData\Roaming\foobar2000
2018-03-27 20:08 - 2018-01-31 15:33 - 001822382 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-27 20:04 - 2018-01-31 15:37 - 000000000 ____D C:\Users\HTPC\AppData\Local\ClassicShell
2018-03-27 20:03 - 2018-01-31 15:33 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-03-27 20:03 - 2018-01-31 15:26 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-27 20:03 - 2017-09-29 09:45 - 000524288 _____ C:\Windows\system32\config\BBI
2018-03-27 19:51 - 2018-01-31 15:29 - 000000000 ____D C:\Users\HTPC\AppData\Local\VirtualStore
2018-03-27 19:50 - 2018-01-31 15:26 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-03-27 19:32 - 2018-01-31 18:21 - 000007617 _____ C:\Users\HTPC\AppData\Local\Resmon.ResmonCfg
2018-03-27 19:09 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\NDF
2018-03-27 18:33 - 2018-01-31 15:27 - 000000000 ____D C:\Windows\System32\Tasks\R@1n-KMS
2018-03-27 18:28 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-27 18:26 - 2018-02-03 01:39 - 000001334 __RSH C:\ProgramData\ntuser.pol
2018-03-27 18:17 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-03-27 17:40 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\AppReadiness
2018-03-27 17:33 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\System
2018-03-24 01:57 - 2017-09-29 14:44 - 000000000 ____D C:\Windows\INF
2018-03-22 23:58 - 2018-01-31 15:48 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-22 20:36 - 2018-01-31 15:29 - 000000000 ____D C:\Users\HTPC
2018-03-16 23:11 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\rescache
2018-03-15 22:04 - 2018-01-31 15:29 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-15 22:04 - 2018-01-31 15:29 - 000000000 ___RD C:\Users\HTPC\3D Objects
2018-03-15 22:04 - 2018-01-31 15:26 - 000222000 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-15 22:04 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\TextInput
2018-03-15 22:04 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-15 22:04 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\ShellExperiences
2018-03-15 22:04 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-03-15 07:25 - 2018-01-31 15:37 - 000000000 ____D C:\Windows\system32\MRT
2018-03-15 07:25 - 2017-09-29 14:37 - 000000000 ____D C:\Windows\CbsTemp
2018-03-15 07:24 - 2018-01-31 15:37 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-15 07:24 - 2018-01-31 15:37 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-15 07:24 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-03-15 07:23 - 2017-09-29 14:41 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-03-15 07:23 - 2017-09-29 14:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2018-03-06 19:20 - 2018-02-15 20:07 - 000000000 ____D C:\Users\HTPC\AppData\Roaming\uTorrent
2018-03-02 22:09 - 2017-09-29 14:49 - 000834552 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-02 22:09 - 2017-09-29 14:49 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2018-01-31 18:21 - 2018-03-27 19:32 - 000007617 _____ () C:\Users\HTPC\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-21 21:50

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by HTPC (27-03-2018 20:16:20)
Running from C:\Users\HTPC\Downloads
Windows 10 Enterprise Version 1709 16299.309 (X64) (2018-01-31 14:27:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3254310197-3652444803-2336958065-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3254310197-3652444803-2336958065-503 - Limited - Disabled)
Guest (S-1-5-21-3254310197-3652444803-2336958065-501 - Limited - Enabled)
HTPC (S-1-5-21-3254310197-3652444803-2336958065-1001 - Administrator - Enabled) => C:\Users\HTPC
WDAGUtilityAccount (S-1-5-21-3254310197-3652444803-2336958065-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3254310197-3652444803-2336958065-1001\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.1.1 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{FBB43A99-0B72-461A-A6D2-2F1B54D36B69}) (Version: 66.0.3359.12 - Google Inc.)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Core Temp 1.11 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.11 - ALCPU)
CPUID CPU-Z 1.84 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.84 - CPUID, Inc.)
CPUID HWMonitor 1.34 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.34 - )
foobar2000 v1.3.17 (HKLM-x32\...\foobar2000) (Version: 1.3.17 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
MakeMKV v1.12.0 (HKLM-x32\...\MakeMKV) (Version: v1.12.0 - GuinpinSoft inc)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
MPC-BE x64 1.5.2.3445 (HKLM\...\{FE09AF6D-78B2-4093-B012-FCDAF78693CE}_is1) (Version: 1.5.2.3445 - MPC-BE Team)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.24.1208.2017 - Realtek)
SABnzbd 2.3.2 (HKLM-x32\...\SABnzbd) (Version: 2.3.2 - The SABnzbd Team)
SmartPSS 2.02.0 (HKLM-x32\...\SmartPSS) (Version: 2.02.0 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3254310197-3652444803-2336958065-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\HTPC\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3254310197-3652444803-2336958065-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\HTPC\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3254310197-3652444803-2336958065-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\HTPC\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-27] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-27] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-27] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-01-12] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-27] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D60BFF2-A946-40E0-B4C9-07140F90379C} - System32\Tasks\R@1n-KMS\Windows(R), Enterprise edition => wmic [Argument = path SoftwareLicensingProduct where (ID="73111121-5638-40f6-bc11-f1d7b0d64300") call Activate]
Task: {18C28F91-A5A3-4D8D-A232-023BA1672304} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-27] (AVAST Software)
Task: {3A9C840E-E43A-4F56-8C5D-EB0E82A700CC} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2018-02-15] ()
Task: {52CC2AA4-F259-46C8-8BCD-9AAABB59D1C5} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-01-12] (Advanced Micro Devices, Inc.)
Task: {B0B34948-33B4-4678-8584-BD9E3376C133} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-01-12] (Advanced Micro Devices, Inc.)
Task: {B2188E23-E12F-413D-9E62-00463D0CAF59} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-31] (Google Inc.)
Task: {BDB6922D-E1DB-47AB-83C2-2535F3D07A83} - System32\Tasks\Avast Software\Overseer => C:\Program Files\AVAST Software\Avast\setup\overseer.exe [2018-03-27] (AVAST Software)
Task: {E4FEE4C9-AEED-45E6-8D67-81D8A7881A00} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-31] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-01-31 15:34 - 2013-07-03 21:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2018-03-27 17:48 - 2018-03-27 17:48 - 000026112 _____ () C:\Windows\KMS-R@1n.exe
2018-03-15 07:23 - 2018-02-22 01:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-15 07:23 - 2018-02-22 01:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-06-05 06:13 - 2017-06-05 06:13 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-03-22 23:58 - 2018-03-20 07:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-22 23:58 - 2018-03-20 07:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-01-31 15:34 - 2018-03-27 20:03 - 000032040 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2018-01-31 15:34 - 2013-07-03 21:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2018-03-27 19:13 - 2018-03-27 19:13 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-03-27 19:13 - 2018-03-27 19:13 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-27 19:13 - 2018-03-27 19:13 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-03-27 19:13 - 2018-03-27 19:13 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-01-26 11:02 - 2017-01-26 11:02 - 000071680 _____ () C:\Program Files (x86)\foobar2000\zlib1.dll
2017-11-24 08:56 - 2017-11-24 08:56 - 000156160 _____ () C:\Program Files (x86)\foobar2000\shared.dll
2018-01-31 16:08 - 2018-01-31 16:08 - 000156672 _____ () C:\Users\HTPC\AppData\Roaming\foobar2000\user-components\foo_out_wasapi\foo_out_wasapi.dll
2017-11-24 08:58 - 2017-11-24 08:58 - 001089536 _____ () C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
2017-11-24 09:23 - 2017-11-24 09:23 - 001446912 _____ () C:\Program Files (x86)\foobar2000\components\foo_input_std.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3254310197-3652444803-2336958065-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SecurityHealth"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B05AA3D8-837E-42E8-A935-E039ED14E102}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{CA37F86C-4B36-456A-AE81-BECF3CA63249}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{103B5CAC-21A0-44F8-B0D5-9CE6F4F975B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{39D5C628-72A7-4D06-BF99-828E490DD608}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{CBBAD3FE-0287-4A28-88B6-BB11B69D3781}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1382F12F-3536-4FA8-B58F-4713DF79A8BD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{80CF5726-C165-4201-91E2-AC0CCD64D6D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A4691110-8B73-452B-8839-A78433E48662}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A79FF978-E679-42A7-BECD-626FE7609FCB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{B9E9F09E-32A9-4C2A-8141-F623EAE7D0E9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.73.345.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{300CC276-FA3F-456F-B959-AC9A81FFFEED}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe
FirewallRules: [{4FA0AAA2-4370-4146-905D-4FCC872F4486}] => (Allow) C:\Users\HTPC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D5DCF120-D5CE-4749-AD9B-86A034C0A194}] => (Allow) C:\Users\HTPC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6663DB22-72D7-4840-A7D8-519F7E57D467}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B6D47B5D-D38C-4DCA-8748-FDAE716BE6EB}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
FirewallRules: [{36AAADE1-26DF-49B7-B755-DACA1BBB80E3}] => (Allow) C:\Program Files\Windows 10 Permanent Activator Ultimate 2.5\Windows 10 Permanent Activator Ultimate 2.5.exe
FirewallRules: [{F9371E9A-3C84-4560-9B07-A99DAA430844}] => (Allow) C:\Windows\system32\rundll32.exe

==================== Restore Points =========================

04-03-2018 20:10:36 Scheduled Checkpoint
13-03-2018 11:49:19 Scheduled Checkpoint
21-03-2018 21:51:38 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2018 07:13:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/27/2018 06:28:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.16299.15, time stamp: 0x7640753d
Faulting module name: msvcrt.dll, version: 7.0.16299.125, time stamp: 0x20688290
Exception code: 0xc0000005
Fault offset: 0x000000000005c8f3
Faulting process id: 0x1f08
Faulting application start time: 0x01d3c5eef7894367
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\System32\msvcrt.dll
Report Id: 829a438c-5581-448d-83cb-5e1f2999b143
Faulting package full name: windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (03/27/2018 06:05:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ic-0.76637bf464501c.exe, version: 17.3.3443.0, time stamp: 0x5ab7f75c
Faulting module name: ic-0.76637bf464501c.exe, version: 17.3.3443.0, time stamp: 0x5ab7f75c
Exception code: 0xc0000005
Fault offset: 0x000030fb
Faulting process id: 0x1058
Faulting application start time: 0x01d3c5edbd7aced6
Faulting application path: C:\Users\HTPC\AppData\Local\Temp\911984\ic-0.76637bf464501c.exe
Faulting module path: C:\Users\HTPC\AppData\Local\Temp\911984\ic-0.76637bf464501c.exe
Report Id: cbbcd196-f6b0-4bd2-a999-03cd7b0d6286
Faulting package full name:
Faulting package-relative application ID:

Error: (03/27/2018 06:05:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ic-0.76637bf464501c.exe, version: 17.3.3443.0, time stamp: 0x5ab7f75c
Faulting module name: ic-0.76637bf464501c.exe, version: 17.3.3443.0, time stamp: 0x5ab7f75c
Exception code: 0xc00001a5
Fault offset: 0x00003440
Faulting process id: 0x1058
Faulting application start time: 0x01d3c5edbd7aced6
Faulting application path: C:\Users\HTPC\AppData\Local\Temp\911984\ic-0.76637bf464501c.exe
Faulting module path: C:\Users\HTPC\AppData\Local\Temp\911984\ic-0.76637bf464501c.exe
Report Id: 3164b989-011d-438e-8662-33790e94a503
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (03/27/2018 08:04:57 PM) (Source: DCOM) (EventID: 10016) (User: HTPC-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HTPC-PC\HTPC SID (S-1-5-21-3254310197-3652444803-2336958065-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2018 08:03:32 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Routing and Remote Access service terminated with the following service-specific error:
The requested name is valid, but no data of the requested type was found.

Error: (03/27/2018 08:03:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2018 08:03:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2018 08:03:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2018 08:03:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2018 08:03:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2018 08:03:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-02-03 00:39:02.379
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: Medium
Category: Tool
Path: file:_C:\Users\HTPC\Desktop\Ra1nAct1vat0r_v10RC8_16072017\Activator.exe;file:_C:\Windows\KMS-R@1nHook.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\System32\SppExtComObj.Exe
Signature Version: AV: 1.261.693.0, AS: 1.261.693.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-02-03 00:38:02.341
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: Medium
Category: Tool
Path: file:_C:\Users\HTPC\Desktop\Ra1nAct1vat0r_v10RC8_16072017\Activator.exe;file:_C:\Windows\KMS-R@1nHook.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\System32\SppExtComObj.Exe
Signature Version: AV: 1.261.693.0, AS: 1.261.693.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-02-03 00:37:02.407
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: Medium
Category: Tool
Path: file:_C:\Users\HTPC\Desktop\Ra1nAct1vat0r_v10RC8_16072017\Activator.exe;file:_C:\Windows\KMS-R@1nHook.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\System32\SppExtComObj.Exe
Signature Version: AV: 1.261.693.0, AS: 1.261.693.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-02-03 00:36:02.343
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: Medium
Category: Tool
Path: file:_C:\Users\HTPC\Desktop\Ra1nAct1vat0r_v10RC8_16072017\Activator.exe;file:_C:\Windows\KMS-R@1nHook.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\System32\SppExtComObj.Exe
Signature Version: AV: 1.261.693.0, AS: 1.261.693.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-02-03 00:34:02.548
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: Medium
Category: Tool
Path: file:_C:\Users\HTPC\Desktop\Ra1nAct1vat0r_v10RC8_16072017\Activator.exe;file:_C:\Windows\KMS-R@1nHook.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\System32\SppExtComObj.Exe
Signature Version: AV: 1.261.693.0, AS: 1.261.693.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 15%
Total physical RAM: 16325.1 MB
Available physical RAM: 13801.3 MB
Total Virtual: 18757.1 MB
Available Virtual: 15406.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.19 GB) (Free:71.28 GB) NTFS
Drive e: (DVD) (Removable) (Total:57.84 GB) (Free:51.13 GB) NTFS

\\?\Volume{b35c107d-fb0d-44f5-bd4e-78b0fe435fd2}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.14 GB) NTFS
\\?\Volume{b6f93c0f-55df-456e-b030-8a06c6dc4615}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: E1BA5E32)

Partition: GPT.

========================================================
Disk: 1 (Size: 57.8 GB) (Disk ID: 001E99AD)
Partition 1: (Active) - (Size=57.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Something made my PC run in high perfomance mode which I don't use. Noticed this with my CPU not ramping down on idle. Was unable to disable NIC and my gateway IP was changed from my normal 192.168.0.1

I've removed sooo many files to get to this point. How am I looking now?

Thanks a million for looking.
chrisgtl
Active Member
 
Posts: 2
Joined: March 27th, 2018, 3:18 pm
Advertisement
Register to Remove

Re: Trojan.Siggen7.42893

Unread postby mAL_rEm018 » March 28th, 2018, 7:07 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello chrisgtl,

Welcome to Malware Removal! My name is mAL_rEm018, but feel free to call me mAL. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing your logs and will return as soon as possible, with additional instructions. In the meantime I would like you to read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Trojan.Siggen7.42893

Unread postby mAL_rEm018 » March 28th, 2018, 7:16 am

Hello chrisgtl,

Please answer the following question..
  • Is this computer used for any type of business purposes?

Please run the following scans..

  • Open a search, and enter Command into the search field.
  • Click on Command Prompt or cmd.exe (whichever is found)
  • This will open a Command Window ...
    • Enter slmgr -dlv at the command prompt and hit Enter
    • After a few seconds a Windows Script Host Window will open.
    • Hit Ctrl + C to copy the contents of that window.
  • Open a search, and enter Notepad into the search field.
  • Click on Notepad or notepad.exe (whichever is found)
  • This will open an empty Notepad file ...
    • Hit Ctrl + V to paste the contents of Windows Script Host into the empty Notepad file.
    • Save to your Desktop.
    • Now post me the contents of the Notepad file that you've just created please.

Next..


TSG-SysInfo

  • Please download TSG-SysInfo to your Desktop.
  • Right-click on SysInfo.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • A window entitled TSG SysInfo will open. Please copy/paste the highlighted text in your next reply.


Next..


CKScanner
  • Please download following tool to your Desktop: Link
  • Right-Click on CKScanner.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • Select Search For Files
  • When the scan in finished, click on Save List To File.
  • Open CKFiles.txt on your desktop and post the contents in your next reply.
    Only run CKScanner.exe once.



-----------------------------------------
In your next reply, I would like to see..
  • Did you have any trouble following my instructions?
  • Answer to my question
  • Windows Script Host results
  • TSG-SysInfo results
  • CKFiles.txt
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Trojan.Siggen7.42893

Unread postby chrisgtl » March 28th, 2018, 9:52 am

mAL_rEm018 wrote:Hello chrisgtl,

Please answer the following question..
  • Is this computer used for any type of business purposes?

At the moment no. In the future yes, that is the plan.

Please run the following scans..

  • Open a search, and enter Command into the search field.
  • Click on Command Prompt or cmd.exe (whichever is found)
  • This will open a Command Window ...
    • Enter slmgr -dlv at the command prompt and hit Enter
    • After a few seconds a Windows Script Host Window will open.
    • Hit Ctrl + C to copy the contents of that window.
  • Open a search, and enter Notepad into the search field.
  • Click on Notepad or notepad.exe (whichever is found)
  • This will open an empty Notepad file ...
    • Hit Ctrl + V to paste the contents of Windows Script Host into the empty Notepad file.
    • Save to your Desktop.
    • Now post me the contents of the Notepad file that you've just created please.

Next..

---------------------------
Windows Script Host
---------------------------
Software licensing service version: 10.0.16299.248



Name: Windows(R), Professional edition

Description: Windows(R) Operating System, VOLUME_KMSCLIENT channel

Activation ID: 2de67392-b7a7-462a-b1ca-108dd189f588

Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

Extended PID: 03612-03311-000-000001-03-1033-16299.0000-0872018

Product Key Channel: Volume:GVLK

Installation ID: 273967123115268055156930802039612561131434374771212270127708481

Partial Product Key: T83GX

License Status: Licensed

Volume activation expiration: 259196 minute(s) (180 day(s))

Remaining Windows rearm count: 1001

Remaining SKU rearm count: 1001

Trusted time: 28/03/2018 13:48:11

Configured Activation Type: All



Most recent activation information:

Key Management Service client information

Client Machine ID (CMID): 6612dada-0e2c-47fa-af4c-a4d4da83cb06

Registered KMS machine name: 192.168.1.255:1688

KMS machine IP address: 192.168.1.255

KMS machine extended PID: 05426-00206-271-072381-03-1033-9200.0000-1642015

Activation interval: 120 minutes

Renewal interval: 10080 minutes

KMS host caching is disabled




---------------------------
OK
---------------------------



TSG-SysInfo

  • Please download TSG-SysInfo to your Desktop.
  • Right-click on SysInfo.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • A window entitled TSG SysInfo will open. Please copy/paste the highlighted text in your next reply.

Next..

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Pro, 64 bit
Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 8
RAM: 16325 Mb
Graphics Card: AMD Radeon (TM) R9 380 Series, -1 Mb
Hard Drives: C: 111 GB (88 GB Free);
Motherboard: ASUSTeK COMPUTER INC., Z97-P
Antivirus: Windows Defender, Disabled

CKScanner
  • Please download following tool to your Desktop: Link
  • Right-Click on CKScanner.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • Select Search For Files
  • When the scan in finished, click on Save List To File.
  • Open CKFiles.txt on your desktop and post the contents in your next reply.
    Only run CKScanner.exe once.

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.LDAAL0
----- EOF -----

-----------------------------------------
In your next reply, I would like to see..
  • Did you have any trouble following my instructions?
  • Answer to my question
  • Windows Script Host results
  • TSG-SysInfo results
  • CKFiles.txt
chrisgtl
Active Member
 
Posts: 2
Joined: March 27th, 2018, 3:18 pm

Re: Trojan.Siggen7.42893

Unread postby mAL_rEm018 » March 28th, 2018, 2:44 pm

Illegal Operating System

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software including Operating System
  • Cracked software
  • Illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW FRST logs
  • FRST.txt.
  • Addition.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 119 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware