Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes Anti-Malware reports Trojan.Agent.E in RegSvcs.exe


  • This topic is locked This topic is locked
14 replies to this topic

#1 alexaendergfx

alexaendergfx

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 23 June 2017 - 12:31 PM

Malwarebytes Anti-Malware continuously reports Trojan.Agent.E in C:\Users\Brett\RegSvcs.exe even after removal and reboot.  I do not see that file in that location (hidden files set to visible).

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
Ran by Brett (administrator) on DESKTOP-100M70C (23-06-2017 10:04:05)
Running from C:\Users\Brett\Downloads
Loaded Profiles: Brett (Available Profiles: Brett & DefaultAppPool)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AsSysLevelUpSrc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AlertService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AsToastHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_SysMode.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
() C:\Program Files (x86)\ASUS\AEGIS II\Lighting\CheckCD_RomLighting.exe
() C:\Program Files (x86)\ASUS\AEGIS II\Boost Launcher\BLMonitor.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-06-25] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [339464 2016-10-04] (Autodesk, Inc.)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2017-03-16] ()
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2016-06-30] (Autodesk, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [918008 2017-06-13] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-347911032-2655203987-3674071951-1001\...\Run: [Google Update] => C:\Users\Brett\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-347911032-2655203987-3674071951-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799368 2017-04-12] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-347911032-2655203987-3674071951-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-347911032-2655203987-3674071951-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-21] (SUPERAntiSpyware)
HKU\S-1-5-21-347911032-2655203987-3674071951-1001\...\Run: [Gaijin.Net Agent] => C:\Users\Brett\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [1798664 2017-01-12] ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v3 Genie.lnk [2017-06-06]
ShortcutTarget: NETGEAR WNDA3100v3 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE (NETGEAR)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2015-11-21]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0718bb95-6443-47c5-aaae-6cdb1e26e48b}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0c4d8555-892d-4e7b-ada2-349fc62a1ceb}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{92a8c4bc-573f-43e1-bb48-9eac474a130f}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{a12124b4-10f6-4fd0-8543-de8c3145e3dd}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{c25bb13e-bd42-495d-b4ba-c91499ad380e}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{ea2ad697-1940-4167-84d1-d3463306d806}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ed40c940-d13c-4223-9c39-796178371990}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-2d618ef8
HKU\S-1-5-21-347911032-2655203987-3674071951-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ASUS15.msn.com/?pc=ASTE
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-15] (Oracle Corporation)
BHO-x32: No Name -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-15] (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File

FireFox:
========
FF ProfilePath: C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aa4gksdg.default-1457198091509 [2017-06-23]
FF NewTab: Mozilla\Firefox\Profiles\aa4gksdg.default-1457198091509 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\aa4gksdg.default-1457198091509 -> Search Provided by Bing
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\aa4gksdg.default-1457198091509 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\aa4gksdg.default-1457198091509 -> Search Provided by Bing
FF Homepage: Mozilla\Firefox\Profiles\aa4gksdg.default-1457198091509 -> hxxps://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-2d618ef8
FF Keyword.URL: Mozilla\Firefox\Profiles\aa4gksdg.default-1457198091509 -> user_pref("keyword.URL", true);
FF Extension: (ScrapBook) - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aa4gksdg.default-1457198091509\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2016-09-21]
FF SearchPlugin: C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\aa4gksdg.default-1457198091509\searchplugins\search provided by bing.xml [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-06-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-06-07] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-347911032-2655203987-3674071951-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-347911032-2655203987-3674071951-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-347911032-2655203987-3674071951-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Brett\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-03-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default [2017-06-23]
CHR Extension: (Google Slides) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-05]
CHR Extension: (Google Docs) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-05]
CHR Extension: (Google Drive) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-05]
CHR Extension: (YouTube) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-05]
CHR Extension: (Adblock for Youtube™) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-14]
CHR Extension: (Google Search) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-05]
CHR Extension: (Google Sheets) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-05]
CHR Extension: (AdBlock) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-05]
CHR Extension: (Chrome Media Router) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-21] (SUPERAntiSpyware.com)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-06-30] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-06-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1524216 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-01-14] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [374352 2017-05-22] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1445384 2016-10-21] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [229648 2016-10-18] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2015-02-05] (Microsoft Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
S3 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-14] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-07] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-06-07] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\Kryptotel\VpnOneClick\ovpn\bin\openvpnserv.exe [29184 2016-10-03] (The OpenVPN Project) [File not signed]
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2016-09-21] (Power Admin LLC)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2016-10-03] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197768 2017-04-12] (Sandboxie Holdings, LLC)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-10-02] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [167504 2017-06-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [164824 2017-06-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-02-15] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-06-13] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4i.inf_amd64_8bbf749b5af2ec35\nvlddmkm.sys [14461344 2017-06-08] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-06-07] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [898296 2016-01-13] (Realtek                                            )
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [607488 2016-02-25] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [206984 2017-04-12] (Sandboxie Holdings, LLC)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-11-21] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-11-21] (Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [138896 2016-11-21] (Oracle Corporation)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [198248 2016-02-18] (IDRIX)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey64.sys [106760 2015-11-21] (WIBU-SYSTEMS AG)
R3 WNDA3100v3; C:\WINDOWS\system32\DRIVERS\WNDA3100v3.sys [2222736 2014-12-08] (MediaTek Inc.)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-12-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-12-17] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-23 10:04 - 2017-06-23 10:04 - 00028950 _____ C:\Users\Brett\Downloads\FRST.txt
2017-06-23 10:03 - 2017-03-18 14:00 - 00045216 ___SH (Microsoft Corporation) C:\Users\Brett\RegSvcs.exe
2017-06-23 09:56 - 2017-06-23 09:56 - 00001083 _____ C:\Users\Brett\Desktop\MalwareBytes.txt
2017-06-23 09:43 - 2017-06-23 10:04 - 00000000 ____D C:\FRST
2017-06-23 09:43 - 2017-06-23 09:44 - 00107208 _____ C:\Users\Brett\Desktop\Addition.txt
2017-06-23 09:43 - 2017-06-23 09:44 - 00101285 _____ C:\Users\Brett\Desktop\FRST.txt
2017-06-23 09:42 - 2017-06-23 09:42 - 02439680 _____ (Farbar) C:\Users\Brett\Downloads\FRST64.exe
2017-06-22 18:34 - 2017-06-22 18:36 - 00000000 ____D C:\Users\Brett\Documents\KeyShot 6
2017-06-22 18:34 - 2017-06-22 18:34 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KeyShot 6 64
2017-06-22 18:34 - 2017-06-22 18:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Luxion
2017-06-22 18:28 - 2017-06-22 18:28 - 00023103 _____ C:\Users\Brett\Downloads\Luxion KeyShot v6.3.23 Win x64.torrent
2017-06-22 18:28 - 2017-06-22 18:28 - 00013352 _____ C:\Users\Brett\Downloads\Substance Painter 2017.1.0 (Win).torrent
2017-06-22 14:38 - 2017-06-22 14:38 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignab4a5a15abf06b28
2017-06-22 13:08 - 2017-06-22 13:08 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndcf4812d99c05f5e
2017-06-22 13:08 - 2017-06-22 13:08 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign4d03f281171ece7f
2017-06-21 10:42 - 2017-06-21 10:42 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign24e53497ed0ce996
2017-06-21 10:36 - 2017-06-21 10:36 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc9e2d9d1056edede
2017-06-21 10:36 - 2017-06-21 10:36 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign936e32946a14602f
2017-06-21 09:59 - 2017-06-21 09:59 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignbf6d4f608b533602
2017-06-21 09:59 - 2017-06-21 09:59 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign6f183fabea85ac89
2017-06-20 18:36 - 2017-06-20 18:36 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign92426a47edba729f
2017-06-20 18:28 - 2017-06-20 18:28 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign862b0a1d73c0821c
2017-06-20 18:28 - 2017-06-20 18:28 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3200e8725e8f4bdb
2017-06-20 16:02 - 2017-06-20 16:02 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign801db2b64f9c1ce2
2017-06-20 15:59 - 2017-06-20 15:59 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign215e297bf66074a0
2017-06-20 15:58 - 2017-06-20 15:58 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign927d40db14ef52d5
2017-06-20 13:46 - 2017-06-20 13:46 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignca2515a8a16fa674
2017-06-20 13:46 - 2017-06-20 13:46 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign4428b6b7d5ea122a
2017-06-19 16:13 - 2017-06-19 16:13 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign40b1c32c6afb5af3
2017-06-19 16:09 - 2017-06-19 16:09 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignb89a3f390428b995
2017-06-19 16:09 - 2017-06-19 16:09 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7bd5316d033eb27e
2017-06-19 15:06 - 2017-06-19 15:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign8e5646f3a11de470
2017-06-19 15:06 - 2017-06-19 15:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign4d230e76e47779b6
2017-06-19 14:04 - 2017-06-19 14:04 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign83a56a9328e77aea
2017-06-19 14:01 - 2017-06-19 14:01 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigna7c6be2e34b57af6
2017-06-19 14:01 - 2017-06-19 14:01 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign0d220d075b9f3747
2017-06-19 11:09 - 2017-06-19 11:09 - 00843318 _____ C:\Users\Brett\Downloads\crimson.zip
2017-06-19 09:39 - 2017-06-19 09:40 - 00000000 ____D C:\Users\Brett\Downloads\Muddy_Dirt_Ground
2017-06-18 04:53 - 2017-06-18 04:53 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign888bc1e5c8861d97
2017-06-18 04:53 - 2017-06-18 04:53 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign63c2875f7feec0b3
2017-06-18 04:53 - 2017-06-18 04:53 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign157014989c81b1d3
2017-06-18 03:02 - 2017-06-18 03:04 - 06225132 _____ C:\Users\Brett\Downloads\videoplayback.m4a
2017-06-16 09:46 - 2017-06-16 09:46 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-06-15 03:34 - 2017-06-15 03:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndad92ab1df4a5ba6
2017-06-15 03:34 - 2017-06-15 03:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc40741e162aa04ba
2017-06-15 03:24 - 2017-06-15 03:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign386a2bb45f96b94e
2017-06-15 03:24 - 2017-06-15 03:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3643be02975455ee
2017-06-15 03:24 - 2017-06-15 03:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign11703c6a93098bdb
2017-06-14 12:56 - 2017-06-14 12:56 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MtoA 1.4.2.3 Maya 2017
2017-06-14 11:42 - 2017-06-14 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2017-06-14 11:42 - 2017-06-14 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2017-06-14 11:42 - 2017-06-14 11:42 - 00000000 ____D C:\Program Files\TAP-Windows
2017-06-14 11:41 - 2017-06-14 11:41 - 00001273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VpnOneClick.lnk
2017-06-14 11:41 - 2017-06-14 11:41 - 00000000 ____D C:\Program Files (x86)\Kryptotel
2017-06-14 11:40 - 2017-06-14 11:40 - 05386071 _____ (Kryptotel ) C:\Users\Brett\Downloads\VpnOneClick.exe
2017-06-14 09:37 - 2017-06-14 15:24 - 00000000 ____D C:\Users\Brett\AppData\Roaming\mIRC
2017-06-14 09:37 - 2017-06-14 09:37 - 02756168 _____ (mIRC Co. Ltd.) C:\Users\Brett\Downloads\mirc749.exe
2017-06-14 09:37 - 2017-06-14 09:37 - 00000000 ____D C:\Program Files (x86)\mIRC
2017-06-14 07:21 - 2017-06-14 07:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigna22cda915b2102a0
2017-06-14 07:21 - 2017-06-14 07:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign530261840f327f81
2017-06-14 05:40 - 2017-06-14 05:40 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign38f7d6f20795246a
2017-06-14 05:37 - 2017-06-14 05:37 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignfaea07f5c5208659
2017-06-14 05:19 - 2017-06-14 05:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne2926a77d7c826e0
2017-06-14 05:19 - 2017-06-14 05:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignb778521368a1d1a5
2017-06-13 17:51 - 2017-06-03 03:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-13 17:51 - 2017-06-03 03:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-13 17:51 - 2017-06-03 03:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 17:51 - 2017-06-03 03:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-13 17:51 - 2017-06-03 03:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-13 17:51 - 2017-06-03 03:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 17:51 - 2017-06-03 03:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 17:51 - 2017-06-03 03:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-13 17:51 - 2017-06-03 03:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-13 17:51 - 2017-06-03 03:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-13 17:51 - 2017-06-03 03:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 17:51 - 2017-06-03 03:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-13 17:51 - 2017-06-03 03:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-13 17:51 - 2017-06-03 03:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-13 17:51 - 2017-06-03 03:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-13 17:51 - 2017-06-03 03:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-13 17:51 - 2017-06-03 02:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-13 17:51 - 2017-06-03 02:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-13 17:51 - 2017-06-03 02:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-13 17:51 - 2017-06-03 02:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-13 17:51 - 2017-06-03 02:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 17:51 - 2017-06-03 02:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-13 17:51 - 2017-06-03 02:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-13 17:51 - 2017-06-03 02:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-13 17:51 - 2017-06-03 02:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-13 17:51 - 2017-06-03 02:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-13 17:51 - 2017-06-03 02:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-13 17:51 - 2017-06-03 02:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-13 17:51 - 2017-06-03 02:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-13 17:51 - 2017-06-03 02:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-13 17:51 - 2017-06-03 02:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-13 17:51 - 2017-06-03 02:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-13 17:51 - 2017-06-03 02:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-13 17:51 - 2017-06-03 02:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-13 17:51 - 2017-06-03 02:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-13 17:51 - 2017-06-03 02:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-13 17:51 - 2017-06-03 02:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-13 17:51 - 2017-06-03 02:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-13 17:51 - 2017-06-03 02:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 17:51 - 2017-06-03 02:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-13 17:51 - 2017-06-03 02:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-13 17:51 - 2017-06-03 02:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-13 17:51 - 2017-06-03 02:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-13 17:51 - 2017-06-03 02:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-13 17:51 - 2017-06-03 02:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-13 17:51 - 2017-06-03 02:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-13 17:51 - 2017-06-03 02:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-13 17:51 - 2017-06-03 02:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-13 17:51 - 2017-06-03 02:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-13 17:51 - 2017-06-03 02:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-13 17:51 - 2017-06-03 02:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-13 17:51 - 2017-06-03 02:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-13 17:51 - 2017-06-03 02:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-13 17:51 - 2017-06-03 02:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 17:51 - 2017-06-03 02:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-13 17:51 - 2017-06-03 02:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-13 17:51 - 2017-06-03 02:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-13 17:51 - 2017-06-03 02:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-13 17:51 - 2017-06-03 02:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-13 17:51 - 2017-06-03 02:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-13 17:51 - 2017-06-03 02:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 17:51 - 2017-06-03 02:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-13 17:51 - 2017-06-03 02:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-13 17:51 - 2017-06-03 02:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-13 17:51 - 2017-06-03 02:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 17:51 - 2017-06-03 02:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-13 17:51 - 2017-06-03 02:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-13 17:51 - 2017-06-03 02:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-13 17:51 - 2017-06-03 02:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-13 17:51 - 2017-06-03 02:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-13 17:51 - 2017-06-03 02:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-13 17:51 - 2017-06-03 02:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-13 17:51 - 2017-06-03 02:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-13 17:51 - 2017-06-03 02:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 17:51 - 2017-06-03 02:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 17:51 - 2017-06-03 02:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-13 17:51 - 2017-06-03 01:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 17:51 - 2017-06-03 01:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-13 17:51 - 2017-06-03 01:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-13 17:51 - 2017-06-03 01:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 17:51 - 2017-06-03 01:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-13 17:51 - 2017-06-03 01:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-13 17:51 - 2017-06-03 01:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 17:51 - 2017-06-03 01:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 17:51 - 2017-06-03 01:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-13 17:51 - 2017-06-03 01:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 17:51 - 2017-06-03 01:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-13 17:51 - 2017-06-03 01:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-13 17:51 - 2017-06-03 01:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 17:51 - 2017-06-03 01:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-13 17:51 - 2017-06-03 01:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 17:51 - 2017-06-03 01:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-13 17:51 - 2017-06-03 01:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-13 17:51 - 2017-06-03 01:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-13 17:51 - 2017-06-03 01:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 17:51 - 2017-06-03 01:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-13 17:51 - 2017-06-03 01:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-13 17:51 - 2017-06-03 01:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-13 17:51 - 2017-06-03 01:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-13 17:51 - 2017-06-03 01:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-13 17:51 - 2017-06-03 01:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-13 17:51 - 2017-06-03 01:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-13 17:51 - 2017-06-03 01:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-13 17:51 - 2017-06-03 01:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-13 17:51 - 2017-06-03 01:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-13 17:51 - 2017-06-03 01:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-13 14:54 - 2017-06-13 14:54 - 00060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2017-06-13 05:40 - 2017-06-13 05:40 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne40e031690a3529c
2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne974f9332fe77569
2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignda58aa1327bcb02f
2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc413a909b12079ff
2017-06-11 07:28 - 2017-06-11 07:28 - 00000000 ____D C:\Users\Brett\Documents\Frontier Developments
2017-06-11 07:28 - 2017-06-11 07:28 - 00000000 ____D C:\ProgramData\Planet Coaster
2017-06-11 07:26 - 2017-06-11 07:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Planet Coaster
2017-06-11 05:50 - 2017-06-11 05:50 - 00001233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-06-11 05:35 - 2017-06-11 05:35 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc400fafd603d9a91
2017-06-11 04:41 - 2017-06-11 04:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignb6f661e30d9a545b
2017-06-11 04:41 - 2017-06-11 04:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3ec87d9f8350ed5d
2017-06-10 17:50 - 2017-06-10 17:50 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignf7ec0ec2d9465b2c
2017-06-09 22:37 - 2017-06-09 22:37 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign6c96b487dd3e3bca
2017-06-09 22:34 - 2017-06-09 22:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign43c5435ef233e087
2017-06-09 22:34 - 2017-06-09 22:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign04a94ea9a17aa6ea
2017-06-09 22:10 - 2017-06-09 22:10 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign0a9ce4eb47128864
2017-06-09 22:09 - 2017-06-09 22:09 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign03dc6f1de88b5a17
2017-06-09 20:32 - 2017-06-09 20:32 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign0e94f95bc3839c32
2017-06-09 20:14 - 2017-06-09 20:14 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign8990b677ddb17003
2017-06-09 20:14 - 2017-06-09 20:14 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign26106d7788da80e0
2017-06-09 19:16 - 2017-06-09 19:16 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignde16537ceb540a4f
2017-06-09 19:15 - 2017-06-09 19:15 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign829e185130438c75
2017-06-09 19:15 - 2017-06-09 19:15 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign5c826da8b94db5a3
2017-06-09 18:09 - 2017-06-09 18:09 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignb3dfdca4759fe881
2017-06-09 17:32 - 2017-06-07 16:38 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-06-09 17:31 - 2017-06-09 17:31 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-06-09 17:31 - 2017-06-07 18:45 - 00512960 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-06-09 17:31 - 2017-06-07 18:45 - 00418752 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-06-09 17:31 - 2017-03-10 14:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-06-09 17:31 - 2017-03-10 14:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-06-09 17:31 - 2017-03-10 14:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-06-09 17:31 - 2017-03-10 14:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-06-09 17:30 - 2017-06-07 18:45 - 40201664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 35281344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 28624320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 10551256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 09248144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 09014976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 08808488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 03796928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 03256440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 01988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438253.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 01606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438253.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 01278712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 01275944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 01056888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 00995736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 00994240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 00993360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 00964216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 00914880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 00775864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 00725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 00618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 00612088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 00584128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 00499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-06-09 17:30 - 2017-06-07 18:45 - 00045976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-06-09 17:17 - 2017-06-09 17:17 - 00004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-09 17:17 - 2017-05-03 13:21 - 00175736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-06-09 17:17 - 2017-05-03 13:21 - 00143480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-06-08 20:19 - 2017-06-08 20:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndc878acc9f1de0c1
2017-06-08 20:19 - 2017-06-08 20:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign2f042197435c2b22
2017-06-08 11:41 - 2017-06-08 11:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignd8d8a60b528709b5
2017-06-08 11:41 - 2017-06-08 11:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign6cd9f6afdcf42ae5
2017-06-08 09:08 - 2017-06-08 09:08 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignaf7b77dc991e05bd
2017-06-08 08:47 - 2017-06-08 08:47 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignd824907cf2e00859
2017-06-07 18:41 - 2017-06-07 18:42 - 145646088 _____ C:\Users\Brett\Downloads\modular-castle-playset-3d-printable-1.snapshot.3.zip
2017-06-07 18:07 - 2017-06-07 18:07 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign20246f1ca7c8c723
2017-06-07 18:06 - 2017-06-07 18:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3fb00e4e1b25bbd5
2017-06-07 05:05 - 2017-06-07 05:05 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3cdf1f0c6085cab2
2017-06-07 05:01 - 2017-06-07 05:01 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign53e6f83e6abd324a
2017-06-06 20:25 - 2017-06-06 20:25 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc10b071b766ef132
2017-06-06 20:20 - 2017-06-06 20:20 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignbdf60a8e439a5b1d
2017-06-06 20:20 - 2017-06-06 20:20 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign92d678715e421d13
2017-06-06 18:44 - 2017-05-20 02:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-06 18:44 - 2017-05-20 01:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-06 18:44 - 2017-05-20 01:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-06 18:44 - 2017-05-20 01:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-06 18:44 - 2017-05-20 01:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-06 18:44 - 2017-05-20 01:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-06 18:44 - 2017-05-20 01:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-06 18:44 - 2017-05-20 01:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-06 18:44 - 2017-05-20 01:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-06 18:44 - 2017-05-20 01:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-06 18:44 - 2017-05-20 01:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-06 18:44 - 2017-05-20 01:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-06 18:44 - 2017-05-20 01:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-06 18:44 - 2017-05-20 01:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-06 18:44 - 2017-05-20 01:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-06 18:44 - 2017-05-20 01:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-06 18:44 - 2017-05-20 01:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-06 18:44 - 2017-05-20 01:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-06 18:44 - 2017-05-20 01:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-06 18:44 - 2017-05-20 01:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-06 18:44 - 2017-05-20 01:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-06 18:44 - 2017-05-20 01:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-06 18:44 - 2017-05-20 01:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-06 18:44 - 2017-05-20 01:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-06 18:44 - 2017-05-20 01:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-06 18:44 - 2017-05-20 01:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-06 18:44 - 2017-05-20 01:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-06 18:44 - 2017-05-20 01:22 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-06 18:44 - 2017-05-20 01:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-06 18:44 - 2017-05-20 01:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-06 18:44 - 2017-05-20 01:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-06 18:44 - 2017-05-20 01:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-06 18:44 - 2017-05-20 01:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-06 18:44 - 2017-05-20 01:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-06 18:44 - 2017-05-20 01:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-06 18:44 - 2017-05-20 01:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-06 18:44 - 2017-05-20 01:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-06 18:44 - 2017-05-20 01:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-06 18:44 - 2017-05-20 01:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-06 18:44 - 2017-05-20 01:17 - 04544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-06-06 18:44 - 2017-05-20 01:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-06 18:44 - 2017-05-20 01:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-06 18:44 - 2017-05-20 01:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-06 18:44 - 2017-05-20 01:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-06 18:44 - 2017-05-20 01:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-06 18:44 - 2017-05-20 01:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-06 18:44 - 2017-05-20 01:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-06 18:44 - 2017-05-20 01:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-06 18:44 - 2017-05-20 01:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-06 18:44 - 2017-05-20 01:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-06 18:44 - 2017-05-20 01:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-06 18:44 - 2017-05-20 01:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-06 18:44 - 2017-05-20 01:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-06 18:44 - 2017-05-20 01:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-06 18:44 - 2017-05-20 01:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-06 18:44 - 2017-05-20 01:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-06 18:44 - 2017-05-20 01:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-06 18:44 - 2017-05-20 01:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-06 18:44 - 2017-05-20 01:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-06 18:44 - 2017-05-20 00:08 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-06 18:44 - 2017-05-20 00:08 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-06 18:44 - 2017-05-20 00:07 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-06 18:44 - 2017-05-20 00:03 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-06 18:44 - 2017-05-19 23:59 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-06 18:44 - 2017-05-19 23:58 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-06 18:44 - 2017-05-19 23:56 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-06 18:44 - 2017-05-19 23:56 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-06 18:44 - 2017-05-19 23:56 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-06 18:44 - 2017-05-19 23:55 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-06 18:44 - 2017-05-19 23:55 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-06 18:44 - 2017-05-19 23:55 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-06 18:44 - 2017-05-19 23:55 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-06 18:44 - 2017-05-19 23:55 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-06 18:44 - 2017-05-19 23:55 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-06 18:44 - 2017-05-19 23:54 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-06 18:44 - 2017-05-19 23:54 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-06 18:44 - 2017-05-19 23:54 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-06 18:44 - 2017-05-19 23:53 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-06 18:44 - 2017-05-19 23:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-06 18:44 - 2017-05-19 23:53 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-06 18:44 - 2017-05-19 23:53 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-06 18:44 - 2017-05-19 23:53 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-06 18:44 - 2017-05-19 23:52 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-06 18:44 - 2017-05-19 23:52 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-06 18:44 - 2017-05-19 23:51 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-06 18:44 - 2017-05-19 23:51 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-06 18:44 - 2017-05-19 23:51 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-06 18:44 - 2017-05-19 23:51 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-06 18:44 - 2017-05-19 23:51 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-06 18:44 - 2017-05-19 23:48 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-06 18:44 - 2017-05-19 23:10 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-06 18:44 - 2017-05-19 23:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-06 18:44 - 2017-05-19 23:10 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-06 18:44 - 2017-05-19 23:10 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-06 18:44 - 2017-05-19 23:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-06 18:44 - 2017-05-19 23:09 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-06 18:44 - 2017-05-19 23:09 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-06 18:44 - 2017-05-19 23:09 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-06 18:44 - 2017-05-19 23:08 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-06 18:44 - 2017-05-19 23:08 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-06 18:44 - 2017-05-19 23:08 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-06 18:44 - 2017-05-19 23:07 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-06 18:44 - 2017-05-19 23:07 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-06 18:44 - 2017-05-19 23:07 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-06 18:44 - 2017-05-19 23:06 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-06 18:44 - 2017-05-19 23:06 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-06 18:44 - 2017-05-19 23:06 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-06 18:44 - 2017-05-19 23:05 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-06 18:44 - 2017-05-19 23:05 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-06 18:44 - 2017-05-19 23:03 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-06 18:44 - 2017-05-19 23:03 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-06 18:44 - 2017-05-19 23:03 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-06 18:44 - 2017-05-19 23:03 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-06 18:44 - 2017-05-19 23:03 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-06 18:44 - 2017-05-19 23:03 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-06 18:44 - 2017-05-19 23:02 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-06 18:44 - 2017-05-19 23:02 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-06 18:44 - 2017-05-19 23:01 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-06 18:44 - 2017-05-19 23:01 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-06 18:44 - 2017-05-19 23:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-06 18:44 - 2017-05-19 23:01 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-06 18:44 - 2017-05-19 23:01 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-06 18:44 - 2017-05-19 23:01 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-06 18:44 - 2017-05-19 23:01 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-06 18:44 - 2017-05-19 23:01 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-06 18:44 - 2017-05-19 23:00 - 05776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-06-06 18:44 - 2017-05-19 23:00 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-06 18:44 - 2017-05-19 23:00 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-06 18:44 - 2017-05-19 23:00 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-06 18:44 - 2017-05-19 23:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-06 18:44 - 2017-05-19 23:00 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-06 18:44 - 2017-05-19 22:59 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-06 18:44 - 2017-05-19 22:59 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-06 18:44 - 2017-05-19 22:59 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-06 18:44 - 2017-05-19 22:59 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-06 18:44 - 2017-05-19 22:59 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-06 18:44 - 2017-05-19 22:59 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-06 18:44 - 2017-05-19 22:59 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-06 18:44 - 2017-05-19 22:58 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-06 18:44 - 2017-05-19 22:58 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-06 18:44 - 2017-05-19 22:58 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-06 18:44 - 2017-05-19 22:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-06 18:44 - 2017-05-19 22:58 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-06 18:44 - 2017-05-19 22:58 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-06 18:44 - 2017-05-19 22:57 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-06 18:44 - 2017-05-19 22:56 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-06 18:44 - 2017-05-19 22:56 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-06 18:44 - 2017-05-19 22:55 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-06 18:44 - 2017-05-19 22:55 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-06 18:44 - 2017-05-19 22:55 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-06 18:44 - 2017-05-19 22:55 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-06 18:44 - 2017-05-19 22:54 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-06 18:44 - 2017-05-19 22:54 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-06 18:44 - 2017-05-19 22:54 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-06 18:44 - 2017-05-19 22:54 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-06 18:44 - 2017-05-19 22:54 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-06 18:44 - 2017-05-19 22:52 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-06 18:44 - 2017-05-19 22:52 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-06 18:44 - 2017-05-19 22:52 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-06 18:44 - 2017-05-19 22:52 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-06 18:44 - 2017-05-19 22:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-06 18:44 - 2017-05-19 22:51 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-06 18:44 - 2017-05-19 22:50 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-06 18:44 - 2017-05-19 22:50 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-06 18:44 - 2017-05-19 22:48 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-06 18:44 - 2017-05-19 22:48 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-06 18:44 - 2017-05-19 22:47 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-06 18:44 - 2017-05-19 22:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-06 18:43 - 2017-06-06 18:43 - 00004512 _____ C:\WINDOWS\system32\Drivers\Ntgr3100PT.dat
2017-06-06 18:43 - 2017-06-06 18:43 - 00000000 ____D C:\ProgramData\NETGEAR
2017-06-06 18:43 - 2017-06-06 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v3 Genie
2017-06-06 18:43 - 2017-06-06 18:43 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2017-06-06 18:42 - 2017-06-06 18:42 - 88537550 _____ C:\Users\Brett\Downloads\WNDA3100v3_v1.0.0.10.zip
2017-06-06 18:42 - 2017-06-06 18:42 - 00000000 ____D C:\Users\Brett\Downloads\WNDA3100v3_v1.0.0.10
2017-06-06 16:29 - 2017-06-06 16:29 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndd64b282ebfcd3c3
2017-06-06 16:24 - 2017-06-06 16:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign63e96aa9349f71db
2017-06-06 16:23 - 2017-06-06 16:23 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignde326023a07f4c33
2017-06-06 15:26 - 2017-06-06 15:26 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign528f952df6b52251
2017-06-05 23:50 - 2017-06-05 23:50 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7fc144403c403328
2017-06-05 23:50 - 2017-06-05 23:50 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign084877954ed3289e
2017-06-04 09:22 - 2017-06-04 09:22 - 00063146 _____ C:\Users\Brett\Downloads\Pluralsight - Animation Tips in Maya.torrent
2017-06-04 05:07 - 2017-06-04 05:07 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign329831e447358d8c
2017-06-03 20:28 - 2017-06-03 20:28 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3cbdddbf32df93d2
2017-06-03 20:27 - 2017-06-03 20:27 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign56b8ffb8c72b2534
2017-06-03 04:10 - 2017-06-03 04:10 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigncdf64b4381606b0d
2017-06-03 04:03 - 2017-06-03 04:03 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign45f41200d4aa722e
2017-06-03 03:40 - 2017-06-03 03:56 - 00002527 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2017.lnk
2017-06-03 03:09 - 2017-06-03 03:09 - 00462330 _____ C:\Users\Brett\Downloads\Adobe Illustrator CC 2017 v21.1.0.326 (x86x64).torrent
2017-06-03 01:42 - 2017-06-03 01:42 - 00000000 _____ C:\smrc..lock
2017-06-03 01:00 - 2017-06-03 01:00 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign226fd1b4f14f1aa0
2017-06-02 20:34 - 2017-06-02 20:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc623b0cdef24455e
2017-06-02 18:35 - 2017-06-02 18:35 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigncd058777d4f8b99d
2017-06-02 18:32 - 2017-06-02 18:32 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne6c828d9beb4ace8
2017-06-02 16:44 - 2017-06-02 16:44 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign242767e0cea90dff
2017-06-02 16:21 - 2017-06-02 16:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign252e59610654c233
2017-06-02 14:07 - 2017-06-02 14:07 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign43b53697c1eac697
2017-06-02 14:06 - 2017-06-02 14:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7130d48f4c35cd19
2017-06-01 13:29 - 2017-06-01 13:29 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign26604c52c6284ae0
2017-05-31 12:26 - 2017-05-31 12:26 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne6063b168f40d22f
2017-05-31 12:21 - 2017-05-31 12:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne7d608467a4d57f8
2017-05-31 12:21 - 2017-05-31 12:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign6d992a9d94ba7602
2017-05-30 14:49 - 2017-05-30 14:49 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7309efc4c6211d4a
2017-05-30 14:17 - 2017-05-30 14:17 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignbfdc98083334ca50
2017-05-30 14:17 - 2017-05-30 14:17 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignabfb26746bd1f9d1
2017-05-29 15:56 - 2017-05-29 15:56 - 00000000 ____D C:\WINDOWS\Panther
2017-05-26 17:54 - 2017-05-26 17:54 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign00c570901fcf6d84
2017-05-26 13:38 - 2017-05-26 13:38 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7525923ce9982c8f
2017-05-26 13:38 - 2017-05-26 13:38 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign39f1b0e3f0785d3b
2017-05-26 13:38 - 2017-05-26 13:38 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3424cfc440ae80cc
2017-05-25 21:47 - 2017-05-25 21:47 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign63d40423554f0bf8
2017-05-25 21:47 - 2017-05-25 21:47 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign628785f9a708cf0f
2017-05-25 21:09 - 2017-05-25 21:09 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign96e3f152b55bb81f
2017-05-25 21:08 - 2017-05-25 21:08 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignad4da8143455e918
2017-05-25 21:06 - 2017-05-25 21:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigna9b2da80ed1a766b
2017-05-25 21:06 - 2017-05-25 21:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign06a32188804b7865
2017-05-25 21:05 - 2017-05-25 21:05 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne7060a8ee6ef8f8a
2017-05-25 21:05 - 2017-05-25 21:05 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign353c2cfcef33a7f2
2017-05-25 20:59 - 2017-05-25 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alien Skin Software
2017-05-25 20:52 - 2017-05-25 20:52 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign5016a911a2f4edc5
2017-05-25 20:12 - 2017-05-25 20:12 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3ecd50216e6c4b6c
2017-05-25 14:34 - 2017-05-25 14:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignb8c72c246cd51423
2017-05-25 11:21 - 2017-05-25 11:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign9cad32f2af473101
2017-05-25 11:19 - 2017-05-25 11:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7dd3b7d54ef06cd3
2017-05-25 11:19 - 2017-05-25 11:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign37c09c1a717f7f0c
2017-05-24 16:41 - 2017-05-24 16:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndd4f30e67f2c8cd1
2017-05-24 16:41 - 2017-05-24 16:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc9e1c304a113e590
2017-05-24 16:41 - 2017-05-24 16:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7136119ba06cd389
2017-05-24 14:24 - 2017-05-24 14:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndcf147c72da5bbba
2017-05-24 14:24 - 2017-05-24 14:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign6953ac482b056b2b
2017-05-24 13:21 - 2017-06-23 09:55 - 35800064 _____ C:\Users\Brett\AppData\Local\SageThumbs.db3
2017-05-24 13:21 - 2017-05-24 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SageThumbs
2017-05-24 13:21 - 2017-05-24 13:21 - 00000000 ____D C:\Program Files (x86)\SageThumbs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-01 02:17 - 2017-04-01 01:55 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Toon Boom Animation
2018-04-01 02:16 - 2016-10-04 12:50 - 00002172 _____ C:\WINDOWS\Sandboxie.ini
2017-06-23 10:04 - 2017-02-21 19:37 - 00073602 _____ C:\WINDOWS\ZAM.krnl.trace
2017-06-23 10:04 - 2017-02-21 19:37 - 00040463 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-06-23 10:03 - 2017-05-15 15:07 - 01201306 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-23 10:03 - 2017-05-15 15:07 - 00000000 ____D C:\Users\Brett
2017-06-23 10:03 - 2016-08-30 16:33 - 00000000 ____D C:\Users\Brett\AppData\Roaming\7AB0DF9E-6F79-400C-AD73-E9154AA43DED
2017-06-23 10:00 - 2017-05-15 15:07 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-23 09:57 - 2017-05-15 15:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-23 09:57 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-06-23 09:57 - 2017-03-18 04:40 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-06-23 09:44 - 2017-03-18 14:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-23 09:32 - 2015-12-22 17:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-23 09:31 - 2017-05-09 10:35 - 00000000 ____D C:\Users\Brett\AppData\LocalLow\Mozilla
2017-06-23 09:30 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Help
2017-06-23 09:18 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-23 09:18 - 2016-03-01 05:37 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-23 09:18 - 2015-12-26 01:43 - 00000000 ____D C:\Users\Brett\AppData\Local\CrashDumps
2017-06-23 09:14 - 2017-05-15 15:06 - 05202368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-23 09:00 - 2017-05-10 05:45 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-06-23 08:59 - 2016-03-31 21:22 - 00000000 ____D C:\Users\Brett\Documents\Substance Painter 2
2017-06-23 08:17 - 2016-09-30 10:00 - 00002526 _____ C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2017-06-23 07:30 - 2017-05-15 15:06 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-23 00:30 - 2017-03-18 14:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-23 00:30 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-22 19:00 - 2017-05-05 17:53 - 00000000 ____D C:\Users\Brett\AppData\LocalLow\uTorrent
2017-06-22 19:00 - 2015-11-14 23:03 - 00000000 ____D C:\Users\Brett\AppData\Roaming\uTorrent
2017-06-22 18:33 - 2015-08-06 02:21 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-21 17:54 - 2015-11-15 16:24 - 00000000 ____D C:\Users\Brett\Documents\Unreal Projects
2017-06-20 15:21 - 2016-03-02 17:23 - 00000000 ____D C:\Users\Brett\AppData\Roaming\vlc
2017-06-19 13:56 - 2015-11-15 00:17 - 00000000 ____D C:\Program Files\Epic Games
2017-06-19 13:53 - 2016-12-18 07:38 - 00000000 ____D C:\Users\Brett\Desktop\Junk
2017-06-17 00:02 - 2017-05-15 15:23 - 00004552 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-17 00:02 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-17 00:02 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 15:57 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-14 13:00 - 2015-11-19 17:50 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Autodesk
2017-06-14 12:56 - 2016-11-16 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Maya 2017
2017-06-14 12:26 - 2015-08-06 02:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-14 12:25 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\System
2017-06-14 12:24 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-14 12:24 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 11:48 - 2016-06-24 22:24 - 00011432 _____ C:\Users\Brett\Documents\save
2017-06-14 10:56 - 2016-12-17 13:12 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-06-13 21:02 - 2017-05-15 15:23 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-13 17:55 - 2015-11-14 20:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-13 17:52 - 2017-03-18 13:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-13 17:52 - 2015-11-14 20:02 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-13 14:54 - 2017-02-21 19:35 - 00167504 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-06-13 14:54 - 2017-02-21 19:35 - 00164824 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-06-13 14:54 - 2017-02-21 19:35 - 00038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-06-13 14:54 - 2017-02-21 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-11 05:50 - 2016-09-06 15:24 - 00000000 ___RD C:\Users\Brett\Creative Cloud Files
2017-06-11 05:50 - 2015-12-08 15:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-11 05:50 - 2015-11-14 18:58 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Adobe
2017-06-09 17:51 - 2015-11-14 18:58 - 00000000 ____D C:\Users\Brett\AppData\Local\Publishers
2017-06-09 17:51 - 2015-11-14 18:58 - 00000000 ____D C:\Users\Brett\AppData\Local\Packages
2017-06-09 17:34 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Globalization
2017-06-09 17:34 - 2015-09-21 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-06-09 17:33 - 2017-05-15 15:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-09 17:17 - 2017-05-15 15:23 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-09 17:17 - 2017-05-15 15:23 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-09 17:17 - 2017-05-15 15:23 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-09 17:17 - 2017-05-15 15:23 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-09 17:17 - 2017-05-15 15:23 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-09 17:17 - 2017-05-15 15:23 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-09 17:17 - 2017-05-15 15:23 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-09 17:17 - 2017-05-15 15:06 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-09 17:17 - 2017-05-15 15:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-07 18:45 - 2017-05-09 10:30 - 35390584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-06-07 18:45 - 2017-05-09 10:30 - 11056272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-06-07 18:45 - 2017-05-09 10:30 - 11028664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-06-07 18:45 - 2017-05-09 10:30 - 04115112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-06-07 18:45 - 2017-05-09 10:30 - 03625992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-06-07 18:45 - 2017-05-09 10:30 - 01615448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-06-07 18:45 - 2017-05-09 10:30 - 00688784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-06-07 18:45 - 2017-05-09 10:30 - 00218712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-06-07 18:45 - 2017-05-09 10:30 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-06-07 18:45 - 2017-05-09 10:30 - 00045163 _____ C:\WINDOWS\system32\nvinfo.pb
2017-06-07 18:45 - 2017-01-24 19:49 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-06-07 17:01 - 2017-05-15 15:07 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-06-07 16:55 - 2017-05-15 15:07 - 06467008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-06-07 16:55 - 2017-05-15 15:07 - 02479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-06-07 16:55 - 2017-05-15 15:07 - 01762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-06-07 16:55 - 2017-05-15 15:07 - 00549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-06-07 16:55 - 2017-05-15 15:07 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-06-07 16:55 - 2017-05-15 15:07 - 00082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-06-07 16:55 - 2017-05-15 15:07 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-06-07 05:42 - 2017-05-15 15:07 - 08075477 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-06-07 02:40 - 2016-01-14 16:03 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Audacity
2017-06-06 21:17 - 2015-11-14 19:00 - 00000000 ___RD C:\Users\Brett\OneDrive
2017-06-06 19:38 - 2016-10-11 20:37 - 00000000 ____D C:\ProgramData\Ralink
2017-06-06 18:54 - 2017-03-18 14:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-06 18:54 - 2017-03-18 14:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-06 18:54 - 2017-03-18 14:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-06 18:54 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-06 18:54 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-06 18:54 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-06 18:54 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-06 18:43 - 2015-08-06 02:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-06 18:23 - 2017-05-09 09:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-06 18:23 - 2016-01-31 23:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-04 03:37 - 2015-12-16 01:54 - 00000000 ____D C:\Users\Brett\Documents\Visual Studio 2015
2017-06-03 04:02 - 2016-10-25 09:28 - 00000033 _____ C:\Users\Brett\AppData\Roaming\AdobeWLCMCache.dat
2017-06-03 03:57 - 2015-11-25 01:56 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-03 03:56 - 2015-11-15 18:22 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-06-03 03:40 - 2015-11-25 01:56 - 00000000 ____D C:\Program Files\Adobe
2017-06-02 23:32 - 2017-03-18 14:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-02 23:32 - 2017-03-18 14:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-29 22:15 - 2015-12-09 02:08 - 00000000 ____D C:\ProgramData\clone.AD
2017-05-25 22:30 - 2017-05-09 13:05 - 00000000 ____D C:\Users\Brett\AppData\Local\Rockstar_Games
2017-05-25 22:14 - 2016-02-04 21:15 - 00000000 ____D C:\Users\Brett\AppData\Roaming\HandBrake
2017-05-25 21:04 - 2017-05-05 20:57 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Alien Skin
2017-05-25 21:00 - 2017-05-05 20:56 - 00000000 ____D C:\Users\Brett\AppData\Local\Alien Skin
2017-05-25 21:00 - 2017-05-05 20:54 - 00000000 ____D C:\ProgramData\Alien Skin
2017-05-25 20:59 - 2017-05-05 20:54 - 00000000 ____D C:\Program Files (x86)\Alien Skin
2017-05-25 20:58 - 2017-05-05 20:54 - 00000000 ____D C:\Program Files\Alien Skin
2017-05-25 20:57 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-24 18:12 - 2015-11-14 21:33 - 00679976 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-05-24 15:01 - 2016-10-25 12:12 - 00010240 _____ C:\Users\Brett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2016-10-25 09:28 - 2017-06-03 04:02 - 0000033 _____ () C:\Users\Brett\AppData\Roaming\AdobeWLCMCache.dat
2016-09-20 15:54 - 2017-02-08 02:04 - 0065617 _____ () C:\Users\Brett\AppData\Roaming\Camdata.ini
2016-09-20 15:54 - 2017-02-08 02:04 - 0000408 _____ () C:\Users\Brett\AppData\Roaming\CamLayout.ini
2016-09-20 15:54 - 2017-02-08 02:04 - 0000408 _____ () C:\Users\Brett\AppData\Roaming\CamShapes.ini
2016-09-20 15:54 - 2017-02-08 02:04 - 0004539 _____ () C:\Users\Brett\AppData\Roaming\CamStudio.cfg
2017-01-18 10:58 - 2017-01-18 11:04 - 0000000 _____ () C:\Users\Brett\AppData\Roaming\FileIn.cns
2017-01-18 10:58 - 2017-01-18 11:04 - 0000000 _____ () C:\Users\Brett\AppData\Roaming\FileOut.cns
2017-04-18 14:20 - 2017-04-18 14:20 - 0000099 _____ () C:\Users\Brett\AppData\Roaming\LauncherSettings_live.cfg
2016-08-16 17:05 - 2016-09-30 11:25 - 0000025 ____H () C:\Users\Brett\AppData\Roaming\uninst45.log
2016-09-20 15:51 - 2017-02-08 02:04 - 0000096 _____ () C:\Users\Brett\AppData\Roaming\version2.xml
2016-01-14 17:45 - 2016-01-17 17:41 - 0001456 _____ () C:\Users\Brett\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-25 12:12 - 2017-05-24 15:01 - 0010240 _____ () C:\Users\Brett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-08 19:19 - 2016-10-08 19:19 - 0000218 _____ () C:\Users\Brett\AppData\Local\recently-used.xbel
2016-10-12 02:38 - 2017-05-10 07:52 - 0007624 _____ () C:\Users\Brett\AppData\Local\Resmon.ResmonCfg
2017-05-24 13:21 - 2017-06-23 09:55 - 35800064 _____ () C:\Users\Brett\AppData\Local\SageThumbs.db3
2016-08-16 17:05 - 2016-09-30 11:25 - 0000025 ____H () C:\Users\Brett\AppData\Local\uninst36.log
2017-05-15 15:06 - 2017-05-15 15:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-20 16:09 - 2016-09-20 16:09 - 0004924 _____ () C:\ProgramData\lbogtyso.zat
2016-09-20 16:09 - 2016-09-20 16:09 - 0000016 _____ () C:\ProgramData\mntemp
2016-08-16 17:05 - 2016-09-30 11:25 - 0000025 ____H () C:\ProgramData\temp54.log

Files to move or delete:
====================
C:\Users\Brett\RegSvcs.exe


Some files in TEMP:
====================
2017-06-14 12:56 - 2017-06-14 12:56 - 2398688 _____ (Flexera Software LLC) C:\Users\Brett\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
2017-05-09 10:32 - 2017-05-01 13:14 - 0754680 _____ (NVIDIA Corporation) C:\Users\Brett\AppData\Local\Temp\nvSCPAPI.dll
2017-05-09 10:32 - 2017-05-01 13:14 - 0869200 _____ (NVIDIA Corporation) C:\Users\Brett\AppData\Local\Temp\nvSCPAPI64.dll
2017-06-09 17:30 - 2017-05-01 13:14 - 0367552 _____ (NVIDIA Corporation) C:\Users\Brett\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-16 03:58

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:01 PM

Posted 23 June 2017 - 08:11 PM

Welcome. :)

  • Highlight the entire content of the quote box below.

Start::  
HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <===== ATTENTION
HKU\S-1-5-21-347911032-2655203987-3674071951-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
BHO-x32: No Name -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> No File
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
CustomCLSID: HKU\S-1-5-21-347911032-2655203987-3674071951-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-ED6A014F5069}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
2017-06-22 14:38 - 2017-06-22 14:38 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignab4a5a15abf06b28
2017-06-22 13:08 - 2017-06-22 13:08 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndcf4812d99c05f5e
2017-06-22 13:08 - 2017-06-22 13:08 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign4d03f281171ece7f
2017-06-21 10:42 - 2017-06-21 10:42 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign24e53497ed0ce996
2017-06-21 10:36 - 2017-06-21 10:36 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc9e2d9d1056edede
2017-06-21 10:36 - 2017-06-21 10:36 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign936e32946a14602f
2017-06-21 09:59 - 2017-06-21 09:59 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignbf6d4f608b533602
2017-06-21 09:59 - 2017-06-21 09:59 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign6f183fabea85ac89
2017-06-20 18:36 - 2017-06-20 18:36 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign92426a47edba729f
2017-06-20 18:28 - 2017-06-20 18:28 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign862b0a1d73c0821c
2017-06-20 18:28 - 2017-06-20 18:28 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3200e8725e8f4bdb
2017-06-20 16:02 - 2017-06-20 16:02 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign801db2b64f9c1ce2
2017-06-20 15:59 - 2017-06-20 15:59 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign215e297bf66074a0
2017-06-20 15:58 - 2017-06-20 15:58 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign927d40db14ef52d5
2017-06-20 13:46 - 2017-06-20 13:46 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignca2515a8a16fa674
2017-06-20 13:46 - 2017-06-20 13:46 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign4428b6b7d5ea122a
2017-06-19 16:13 - 2017-06-19 16:13 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign40b1c32c6afb5af3
2017-06-19 16:09 - 2017-06-19 16:09 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignb89a3f390428b995
2017-06-19 16:09 - 2017-06-19 16:09 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7bd5316d033eb27e
2017-06-19 15:06 - 2017-06-19 15:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign8e5646f3a11de470
2017-06-19 15:06 - 2017-06-19 15:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign4d230e76e47779b6
2017-06-19 14:04 - 2017-06-19 14:04 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign83a56a9328e77aea
2017-06-19 14:01 - 2017-06-19 14:01 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigna7c6be2e34b57af6
2017-06-19 14:01 - 2017-06-19 14:01 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign0d220d075b9f3747
2017-06-18 04:53 - 2017-06-18 04:53 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign888bc1e5c8861d97
2017-06-18 04:53 - 2017-06-18 04:53 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign63c2875f7feec0b3
2017-06-18 04:53 - 2017-06-18 04:53 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign157014989c81b1d3
2017-06-15 03:34 - 2017-06-15 03:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndad92ab1df4a5ba6
2017-06-15 03:34 - 2017-06-15 03:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc40741e162aa04ba
2017-06-15 03:24 - 2017-06-15 03:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign386a2bb45f96b94e
2017-06-15 03:24 - 2017-06-15 03:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3643be02975455ee
2017-06-15 03:24 - 2017-06-15 03:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign11703c6a93098bdb
2017-06-14 07:21 - 2017-06-14 07:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigna22cda915b2102a0
2017-06-14 07:21 - 2017-06-14 07:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign530261840f327f81
2017-06-14 05:40 - 2017-06-14 05:40 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign38f7d6f20795246a
2017-06-14 05:37 - 2017-06-14 05:37 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignfaea07f5c5208659
2017-06-14 05:19 - 2017-06-14 05:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne2926a77d7c826e0
2017-06-14 05:19 - 2017-06-14 05:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignb778521368a1d1a5
2017-06-13 05:40 - 2017-06-13 05:40 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne40e031690a3529c
2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne974f9332fe77569
2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignda58aa1327bcb02f
2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc413a909b12079ff
2017-06-11 05:35 - 2017-06-11 05:35 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc400fafd603d9a91
2017-06-11 04:41 - 2017-06-11 04:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignb6f661e30d9a545b
2017-06-11 04:41 - 2017-06-11 04:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3ec87d9f8350ed5d
2017-06-10 17:50 - 2017-06-10 17:50 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignf7ec0ec2d9465b2c
2017-06-09 22:37 - 2017-06-09 22:37 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign6c96b487dd3e3bca
2017-06-09 22:34 - 2017-06-09 22:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign43c5435ef233e087
2017-06-09 22:34 - 2017-06-09 22:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign04a94ea9a17aa6ea
2017-06-09 22:10 - 2017-06-09 22:10 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign0a9ce4eb47128864
2017-06-09 22:09 - 2017-06-09 22:09 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign03dc6f1de88b5a17
2017-06-09 20:32 - 2017-06-09 20:32 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign0e94f95bc3839c32
2017-06-09 20:14 - 2017-06-09 20:14 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign8990b677ddb17003
2017-06-09 20:14 - 2017-06-09 20:14 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign26106d7788da80e0
2017-06-09 19:16 - 2017-06-09 19:16 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignde16537ceb540a4f
2017-06-09 19:15 - 2017-06-09 19:15 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign829e185130438c75
2017-06-09 19:15 - 2017-06-09 19:15 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign5c826da8b94db5a3
2017-06-09 18:09 - 2017-06-09 18:09 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignb3dfdca4759fe881
2017-06-08 20:19 - 2017-06-08 20:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndc878acc9f1de0c1
2017-06-08 20:19 - 2017-06-08 20:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign2f042197435c2b22
2017-06-08 11:41 - 2017-06-08 11:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignd8d8a60b528709b5
2017-06-08 11:41 - 2017-06-08 11:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign6cd9f6afdcf42ae5
2017-06-08 09:08 - 2017-06-08 09:08 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignaf7b77dc991e05bd
2017-06-08 08:47 - 2017-06-08 08:47 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignd824907cf2e00859
2017-06-07 18:07 - 2017-06-07 18:07 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign20246f1ca7c8c723
2017-06-07 18:06 - 2017-06-07 18:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3fb00e4e1b25bbd5
2017-06-07 05:05 - 2017-06-07 05:05 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3cdf1f0c6085cab2
2017-06-07 05:01 - 2017-06-07 05:01 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign53e6f83e6abd324a
2017-06-06 20:25 - 2017-06-06 20:25 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc10b071b766ef132
2017-06-06 20:20 - 2017-06-06 20:20 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignbdf60a8e439a5b1d
2017-06-06 20:20 - 2017-06-06 20:20 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign92d678715e421d13
2017-06-06 16:29 - 2017-06-06 16:29 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndd64b282ebfcd3c3
2017-06-06 16:24 - 2017-06-06 16:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign63e96aa9349f71db
2017-06-06 16:23 - 2017-06-06 16:23 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignde326023a07f4c33
2017-06-06 15:26 - 2017-06-06 15:26 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign528f952df6b52251
2017-06-05 23:50 - 2017-06-05 23:50 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7fc144403c403328
2017-06-05 23:50 - 2017-06-05 23:50 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign084877954ed3289e
2017-06-04 05:07 - 2017-06-04 05:07 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign329831e447358d8c
2017-06-03 20:28 - 2017-06-03 20:28 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3cbdddbf32df93d2
2017-06-03 20:27 - 2017-06-03 20:27 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign56b8ffb8c72b2534
2017-06-03 04:10 - 2017-06-03 04:10 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigncdf64b4381606b0d
2017-06-03 04:03 - 2017-06-03 04:03 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign45f41200d4aa722e
2017-06-03 01:00 - 2017-06-03 01:00 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign226fd1b4f14f1aa0
2017-06-02 20:34 - 2017-06-02 20:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc623b0cdef24455e
2017-06-02 18:35 - 2017-06-02 18:35 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigncd058777d4f8b99d
2017-06-02 18:32 - 2017-06-02 18:32 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne6c828d9beb4ace8
2017-06-02 16:44 - 2017-06-02 16:44 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign242767e0cea90dff
2017-06-02 16:21 - 2017-06-02 16:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign252e59610654c233
2017-06-02 14:07 - 2017-06-02 14:07 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign43b53697c1eac697
2017-06-02 14:06 - 2017-06-02 14:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7130d48f4c35cd19
2017-06-01 13:29 - 2017-06-01 13:29 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign26604c52c6284ae0
2017-05-31 12:26 - 2017-05-31 12:26 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne6063b168f40d22f
2017-05-31 12:21 - 2017-05-31 12:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne7d608467a4d57f8
2017-05-31 12:21 - 2017-05-31 12:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign6d992a9d94ba7602
2017-05-30 14:49 - 2017-05-30 14:49 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7309efc4c6211d4a
2017-05-30 14:17 - 2017-05-30 14:17 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignbfdc98083334ca50
2017-05-30 14:17 - 2017-05-30 14:17 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignabfb26746bd1f9d1
2017-05-26 17:54 - 2017-05-26 17:54 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign00c570901fcf6d84
2017-05-26 13:38 - 2017-05-26 13:38 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7525923ce9982c8f
2017-05-26 13:38 - 2017-05-26 13:38 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign39f1b0e3f0785d3b
2017-05-26 13:38 - 2017-05-26 13:38 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3424cfc440ae80cc
2017-05-25 21:47 - 2017-05-25 21:47 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign63d40423554f0bf8
2017-05-25 21:47 - 2017-05-25 21:47 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign628785f9a708cf0f
2017-05-25 21:09 - 2017-05-25 21:09 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign96e3f152b55bb81f
2017-05-25 21:08 - 2017-05-25 21:08 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignad4da8143455e918
2017-05-25 21:06 - 2017-05-25 21:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigna9b2da80ed1a766b
2017-05-25 21:06 - 2017-05-25 21:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign06a32188804b7865
2017-05-25 21:05 - 2017-05-25 21:05 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne7060a8ee6ef8f8a
2017-05-25 21:05 - 2017-05-25 21:05 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign353c2cfcef33a7f2
2017-05-25 20:52 - 2017-05-25 20:52 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign5016a911a2f4edc5
2017-05-25 20:12 - 2017-05-25 20:12 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3ecd50216e6c4b6c
2017-05-25 14:34 - 2017-05-25 14:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignb8c72c246cd51423
2017-05-25 11:21 - 2017-05-25 11:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign9cad32f2af473101
2017-05-25 11:19 - 2017-05-25 11:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7dd3b7d54ef06cd3
2017-05-25 11:19 - 2017-05-25 11:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign37c09c1a717f7f0c
2017-05-24 16:41 - 2017-05-24 16:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndd4f30e67f2c8cd1
2017-05-24 16:41 - 2017-05-24 16:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc9e1c304a113e590
2017-05-24 16:41 - 2017-05-24 16:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7136119ba06cd389
2017-05-24 14:24 - 2017-05-24 14:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndcf147c72da5bbba
2017-05-24 14:24 - 2017-05-24 14:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign6953ac482b056b2b
2017-06-14 12:56 - 2017-06-14 12:56 - 2398688 _____ (Flexera Software LLC) C:\Users\Brett\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
2017-05-09 10:32 - 2017-05-01 13:14 - 0754680 _____ (NVIDIA Corporation) C:\Users\Brett\AppData\Local\Temp\nvSCPAPI.dll
2017-05-09 10:32 - 2017-05-01 13:14 - 0869200 _____ (NVIDIA Corporation) C:\Users\Brett\AppData\Local\Temp\nvSCPAPI64.dll
2017-06-09 17:30 - 2017-05-01 13:14 - 0367552 _____ (NVIDIA Corporation) C:\Users\Brett\AppData\Local\Temp\nvStInst.exe
C:\Users\Brett\RegSvcs.exe
HOSTS:
CMD: for /d %f in (C:\Users\Brett\AppData\Local\Tempzxpsi*) do rd /s /q "%f"
CMD: Removeproxy
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST64 will read the text you just copied to the clipboard and process the code.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 alexaendergfx

alexaendergfx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 23 June 2017 - 10:14 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
Ran by Brett (23-06-2017 20:00:12) Run:1
Running from C:\Users\Brett\Desktop
Loaded Profiles: Brett (Available Profiles: Brett & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <===== ATTENTION
HKU\S-1-5-21-347911032-2655203987-3674071951-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
BHO-x32: No Name -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> No File
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
CustomCLSID: HKU\S-1-5-21-347911032-2655203987-3674071951-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-ED6A014F5069}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
2017-06-22 14:38 - 2017-06-22 14:38 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignab4a5a15abf06b28
2017-06-22 13:08 - 2017-06-22 13:08 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndcf4812d99c05f5e
2017-06-22 13:08 - 2017-06-22 13:08 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign4d03f281171ece7f
2017-06-21 10:42 - 2017-06-21 10:42 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign24e53497ed0ce996
2017-06-21 10:36 - 2017-06-21 10:36 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc9e2d9d1056edede
2017-06-21 10:36 - 2017-06-21 10:36 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign936e32946a14602f
2017-06-21 09:59 - 2017-06-21 09:59 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignbf6d4f608b533602
2017-06-21 09:59 - 2017-06-21 09:59 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign6f183fabea85ac89
2017-06-20 18:36 - 2017-06-20 18:36 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign92426a47edba729f
2017-06-20 18:28 - 2017-06-20 18:28 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign862b0a1d73c0821c
2017-06-20 18:28 - 2017-06-20 18:28 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3200e8725e8f4bdb
2017-06-20 16:02 - 2017-06-20 16:02 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign801db2b64f9c1ce2
2017-06-20 15:59 - 2017-06-20 15:59 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign215e297bf66074a0
2017-06-20 15:58 - 2017-06-20 15:58 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign927d40db14ef52d5
2017-06-20 13:46 - 2017-06-20 13:46 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignca2515a8a16fa674
2017-06-20 13:46 - 2017-06-20 13:46 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign4428b6b7d5ea122a
2017-06-19 16:13 - 2017-06-19 16:13 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign40b1c32c6afb5af3
2017-06-19 16:09 - 2017-06-19 16:09 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignb89a3f390428b995
2017-06-19 16:09 - 2017-06-19 16:09 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7bd5316d033eb27e
2017-06-19 15:06 - 2017-06-19 15:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign8e5646f3a11de470
2017-06-19 15:06 - 2017-06-19 15:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign4d230e76e47779b6
2017-06-19 14:04 - 2017-06-19 14:04 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign83a56a9328e77aea
2017-06-19 14:01 - 2017-06-19 14:01 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigna7c6be2e34b57af6
2017-06-19 14:01 - 2017-06-19 14:01 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign0d220d075b9f3747
2017-06-18 04:53 - 2017-06-18 04:53 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign888bc1e5c8861d97
2017-06-18 04:53 - 2017-06-18 04:53 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign63c2875f7feec0b3
2017-06-18 04:53 - 2017-06-18 04:53 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign157014989c81b1d3
2017-06-15 03:34 - 2017-06-15 03:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndad92ab1df4a5ba6
2017-06-15 03:34 - 2017-06-15 03:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc40741e162aa04ba
2017-06-15 03:24 - 2017-06-15 03:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign386a2bb45f96b94e
2017-06-15 03:24 - 2017-06-15 03:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3643be02975455ee
2017-06-15 03:24 - 2017-06-15 03:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign11703c6a93098bdb
2017-06-14 07:21 - 2017-06-14 07:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigna22cda915b2102a0
2017-06-14 07:21 - 2017-06-14 07:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign530261840f327f81
2017-06-14 05:40 - 2017-06-14 05:40 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign38f7d6f20795246a
2017-06-14 05:37 - 2017-06-14 05:37 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignfaea07f5c5208659
2017-06-14 05:19 - 2017-06-14 05:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne2926a77d7c826e0
2017-06-14 05:19 - 2017-06-14 05:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignb778521368a1d1a5
2017-06-13 05:40 - 2017-06-13 05:40 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne40e031690a3529c
2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne974f9332fe77569
2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignda58aa1327bcb02f
2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc413a909b12079ff
2017-06-11 05:35 - 2017-06-11 05:35 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc400fafd603d9a91
2017-06-11 04:41 - 2017-06-11 04:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignb6f661e30d9a545b
2017-06-11 04:41 - 2017-06-11 04:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3ec87d9f8350ed5d
2017-06-10 17:50 - 2017-06-10 17:50 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignf7ec0ec2d9465b2c
2017-06-09 22:37 - 2017-06-09 22:37 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign6c96b487dd3e3bca
2017-06-09 22:34 - 2017-06-09 22:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign43c5435ef233e087
2017-06-09 22:34 - 2017-06-09 22:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign04a94ea9a17aa6ea
2017-06-09 22:10 - 2017-06-09 22:10 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign0a9ce4eb47128864
2017-06-09 22:09 - 2017-06-09 22:09 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign03dc6f1de88b5a17
2017-06-09 20:32 - 2017-06-09 20:32 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign0e94f95bc3839c32
2017-06-09 20:14 - 2017-06-09 20:14 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign8990b677ddb17003
2017-06-09 20:14 - 2017-06-09 20:14 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign26106d7788da80e0
2017-06-09 19:16 - 2017-06-09 19:16 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignde16537ceb540a4f
2017-06-09 19:15 - 2017-06-09 19:15 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign829e185130438c75
2017-06-09 19:15 - 2017-06-09 19:15 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign5c826da8b94db5a3
2017-06-09 18:09 - 2017-06-09 18:09 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignb3dfdca4759fe881
2017-06-08 20:19 - 2017-06-08 20:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndc878acc9f1de0c1
2017-06-08 20:19 - 2017-06-08 20:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign2f042197435c2b22
2017-06-08 11:41 - 2017-06-08 11:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignd8d8a60b528709b5
2017-06-08 11:41 - 2017-06-08 11:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign6cd9f6afdcf42ae5
2017-06-08 09:08 - 2017-06-08 09:08 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignaf7b77dc991e05bd
2017-06-08 08:47 - 2017-06-08 08:47 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignd824907cf2e00859
2017-06-07 18:07 - 2017-06-07 18:07 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign20246f1ca7c8c723
2017-06-07 18:06 - 2017-06-07 18:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3fb00e4e1b25bbd5
2017-06-07 05:05 - 2017-06-07 05:05 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3cdf1f0c6085cab2
2017-06-07 05:01 - 2017-06-07 05:01 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign53e6f83e6abd324a
2017-06-06 20:25 - 2017-06-06 20:25 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc10b071b766ef132
2017-06-06 20:20 - 2017-06-06 20:20 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignbdf60a8e439a5b1d
2017-06-06 20:20 - 2017-06-06 20:20 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign92d678715e421d13
2017-06-06 16:29 - 2017-06-06 16:29 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndd64b282ebfcd3c3
2017-06-06 16:24 - 2017-06-06 16:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign63e96aa9349f71db
2017-06-06 16:23 - 2017-06-06 16:23 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignde326023a07f4c33
2017-06-06 15:26 - 2017-06-06 15:26 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign528f952df6b52251
2017-06-05 23:50 - 2017-06-05 23:50 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7fc144403c403328
2017-06-05 23:50 - 2017-06-05 23:50 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign084877954ed3289e
2017-06-04 05:07 - 2017-06-04 05:07 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign329831e447358d8c
2017-06-03 20:28 - 2017-06-03 20:28 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3cbdddbf32df93d2
2017-06-03 20:27 - 2017-06-03 20:27 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign56b8ffb8c72b2534
2017-06-03 04:10 - 2017-06-03 04:10 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigncdf64b4381606b0d
2017-06-03 04:03 - 2017-06-03 04:03 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign45f41200d4aa722e
2017-06-03 01:00 - 2017-06-03 01:00 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign226fd1b4f14f1aa0
2017-06-02 20:34 - 2017-06-02 20:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc623b0cdef24455e
2017-06-02 18:35 - 2017-06-02 18:35 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigncd058777d4f8b99d
2017-06-02 18:32 - 2017-06-02 18:32 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne6c828d9beb4ace8
2017-06-02 16:44 - 2017-06-02 16:44 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign242767e0cea90dff
2017-06-02 16:21 - 2017-06-02 16:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign252e59610654c233
2017-06-02 14:07 - 2017-06-02 14:07 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign43b53697c1eac697
2017-06-02 14:06 - 2017-06-02 14:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7130d48f4c35cd19
2017-06-01 13:29 - 2017-06-01 13:29 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign26604c52c6284ae0
2017-05-31 12:26 - 2017-05-31 12:26 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne6063b168f40d22f
2017-05-31 12:21 - 2017-05-31 12:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne7d608467a4d57f8
2017-05-31 12:21 - 2017-05-31 12:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign6d992a9d94ba7602
2017-05-30 14:49 - 2017-05-30 14:49 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7309efc4c6211d4a
2017-05-30 14:17 - 2017-05-30 14:17 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignbfdc98083334ca50
2017-05-30 14:17 - 2017-05-30 14:17 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignabfb26746bd1f9d1
2017-05-26 17:54 - 2017-05-26 17:54 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign00c570901fcf6d84
2017-05-26 13:38 - 2017-05-26 13:38 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7525923ce9982c8f
2017-05-26 13:38 - 2017-05-26 13:38 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign39f1b0e3f0785d3b
2017-05-26 13:38 - 2017-05-26 13:38 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3424cfc440ae80cc
2017-05-25 21:47 - 2017-05-25 21:47 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign63d40423554f0bf8
2017-05-25 21:47 - 2017-05-25 21:47 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign628785f9a708cf0f
2017-05-25 21:09 - 2017-05-25 21:09 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign96e3f152b55bb81f
2017-05-25 21:08 - 2017-05-25 21:08 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignad4da8143455e918
2017-05-25 21:06 - 2017-05-25 21:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigna9b2da80ed1a766b
2017-05-25 21:06 - 2017-05-25 21:06 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign06a32188804b7865
2017-05-25 21:05 - 2017-05-25 21:05 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigne7060a8ee6ef8f8a
2017-05-25 21:05 - 2017-05-25 21:05 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign353c2cfcef33a7f2
2017-05-25 20:52 - 2017-05-25 20:52 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign5016a911a2f4edc5
2017-05-25 20:12 - 2017-05-25 20:12 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign3ecd50216e6c4b6c
2017-05-25 14:34 - 2017-05-25 14:34 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignb8c72c246cd51423
2017-05-25 11:21 - 2017-05-25 11:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign9cad32f2af473101
2017-05-25 11:19 - 2017-05-25 11:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7dd3b7d54ef06cd3
2017-05-25 11:19 - 2017-05-25 11:19 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign37c09c1a717f7f0c
2017-05-24 16:41 - 2017-05-24 16:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndd4f30e67f2c8cd1
2017-05-24 16:41 - 2017-05-24 16:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsignc9e1c304a113e590
2017-05-24 16:41 - 2017-05-24 16:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign7136119ba06cd389
2017-05-24 14:24 - 2017-05-24 14:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsigndcf147c72da5bbba
2017-05-24 14:24 - 2017-05-24 14:24 - 00000000 ____D C:\Users\Brett\AppData\Local\Tempzxpsign6953ac482b056b2b
2017-06-14 12:56 - 2017-06-14 12:56 - 2398688 _____ (Flexera Software LLC) C:\Users\Brett\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
2017-05-09 10:32 - 2017-05-01 13:14 - 0754680 _____ (NVIDIA Corporation) C:\Users\Brett\AppData\Local\Temp\nvSCPAPI.dll
2017-05-09 10:32 - 2017-05-01 13:14 - 0869200 _____ (NVIDIA Corporation) C:\Users\Brett\AppData\Local\Temp\nvSCPAPI64.dll
2017-06-09 17:30 - 2017-05-01 13:14 - 0367552 _____ (NVIDIA Corporation) C:\Users\Brett\AppData\Local\Temp\nvStInst.exe
C:\Users\Brett\RegSvcs.exe
HOSTS:
CMD: for /d %f in (C:\Users\Brett\AppData\Local\Tempzxpsi*) do rd /s /q "%f"
CMD: Removeproxy
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
HKLM\Software\Classes\.scr\\Default => value restored successfully
HKU\S-1-5-21-347911032-2655203987-3674071951-1001\Software\Classes\regfile => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} => key not found. 
HKLM\Software\Classes\PROTOCOLS\Handler\WSISVCUchrome => key removed successfully
HKU\S-1-5-21-347911032-2655203987-3674071951-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-ED6A014F5069} => key removed successfully
C:\Users\Brett\AppData\Local\Tempzxpsignab4a5a15abf06b28 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigndcf4812d99c05f5e => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign4d03f281171ece7f => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign24e53497ed0ce996 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignc9e2d9d1056edede => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign936e32946a14602f => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignbf6d4f608b533602 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign6f183fabea85ac89 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign92426a47edba729f => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign862b0a1d73c0821c => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign3200e8725e8f4bdb => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign801db2b64f9c1ce2 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign215e297bf66074a0 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign927d40db14ef52d5 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignca2515a8a16fa674 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign4428b6b7d5ea122a => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign40b1c32c6afb5af3 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignb89a3f390428b995 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign7bd5316d033eb27e => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign8e5646f3a11de470 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign4d230e76e47779b6 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign83a56a9328e77aea => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigna7c6be2e34b57af6 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign0d220d075b9f3747 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign888bc1e5c8861d97 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign63c2875f7feec0b3 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign157014989c81b1d3 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigndad92ab1df4a5ba6 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignc40741e162aa04ba => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign386a2bb45f96b94e => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign3643be02975455ee => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign11703c6a93098bdb => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigna22cda915b2102a0 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign530261840f327f81 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign38f7d6f20795246a => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignfaea07f5c5208659 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigne2926a77d7c826e0 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignb778521368a1d1a5 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigne40e031690a3529c => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigne974f9332fe77569 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignda58aa1327bcb02f => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignc413a909b12079ff => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignc400fafd603d9a91 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignb6f661e30d9a545b => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign3ec87d9f8350ed5d => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignf7ec0ec2d9465b2c => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign6c96b487dd3e3bca => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign43c5435ef233e087 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign04a94ea9a17aa6ea => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign0a9ce4eb47128864 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign03dc6f1de88b5a17 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign0e94f95bc3839c32 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign8990b677ddb17003 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign26106d7788da80e0 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignde16537ceb540a4f => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign829e185130438c75 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign5c826da8b94db5a3 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignb3dfdca4759fe881 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigndc878acc9f1de0c1 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign2f042197435c2b22 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignd8d8a60b528709b5 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign6cd9f6afdcf42ae5 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignaf7b77dc991e05bd => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignd824907cf2e00859 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign20246f1ca7c8c723 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign3fb00e4e1b25bbd5 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign3cdf1f0c6085cab2 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign53e6f83e6abd324a => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignc10b071b766ef132 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignbdf60a8e439a5b1d => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign92d678715e421d13 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigndd64b282ebfcd3c3 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign63e96aa9349f71db => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignde326023a07f4c33 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign528f952df6b52251 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign7fc144403c403328 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign084877954ed3289e => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign329831e447358d8c => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign3cbdddbf32df93d2 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign56b8ffb8c72b2534 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigncdf64b4381606b0d => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign45f41200d4aa722e => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign226fd1b4f14f1aa0 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignc623b0cdef24455e => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigncd058777d4f8b99d => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigne6c828d9beb4ace8 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign242767e0cea90dff => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign252e59610654c233 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign43b53697c1eac697 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign7130d48f4c35cd19 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign26604c52c6284ae0 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigne6063b168f40d22f => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigne7d608467a4d57f8 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign6d992a9d94ba7602 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign7309efc4c6211d4a => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignbfdc98083334ca50 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignabfb26746bd1f9d1 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign00c570901fcf6d84 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign7525923ce9982c8f => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign39f1b0e3f0785d3b => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign3424cfc440ae80cc => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign63d40423554f0bf8 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign628785f9a708cf0f => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign96e3f152b55bb81f => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignad4da8143455e918 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigna9b2da80ed1a766b => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign06a32188804b7865 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigne7060a8ee6ef8f8a => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign353c2cfcef33a7f2 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign5016a911a2f4edc5 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign3ecd50216e6c4b6c => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignb8c72c246cd51423 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign9cad32f2af473101 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign7dd3b7d54ef06cd3 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign37c09c1a717f7f0c => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigndd4f30e67f2c8cd1 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsignc9e1c304a113e590 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign7136119ba06cd389 => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsigndcf147c72da5bbba => moved successfully
C:\Users\Brett\AppData\Local\Tempzxpsign6953ac482b056b2b => moved successfully
C:\Users\Brett\AppData\Local\Temp\FNP_ACT_InstallerCA.dll => moved successfully
C:\Users\Brett\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Brett\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Brett\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Brett\RegSvcs.exe => moved successfully
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
 
========= for /d %f in (C:\Users\Brett\AppData\Local\Tempzxpsi*) do rd /s /q "%f" =========
 
 
========= End of CMD: =========
 
 
========= Removeproxy =========
 
'Removeproxy' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{D12F58C8-787F-4856-BEC1-529AD543C2CF} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 102770777 B
Java, Flash, Steam htmlcache => 513494198 B
Windows/system/drivers => 68832224 B
Edge => 3885973 B
Chrome => 641790663 B
Firefox => 58869463 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 2462 B
NetworkService => 0 B
Brett => 1248357482 B
DefaultAppPool => 0 B
 
RecycleBin => 668564761 B
EmptyTemp: => 3.1 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-06-2017 20:02:09)
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
==== End of Fixlog 20:02:09 ====
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Brett (Administrator) on Fri 06/23/2017 at 20:06:39.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/23/2017 at 20:08:17.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v6.047 - Logfile created 23/06/2017 at 20:13:12
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-23.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Brett - DESKTOP-100M70C
# Running from : C:\Users\Brett\Downloads\adwcleaner_6.047.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [999 Bytes] - [23/06/2017 20:13:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1071 Bytes] ##########
 


#4 alexaendergfx

alexaendergfx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 24 June 2017 - 01:23 PM

FYI problem still persists after the above operations.



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:01 PM

Posted 26 June 2017 - 01:49 PM

Sorry for the delay.

 

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

That should remove the quarantined items.

 

Re-scan and let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 alexaendergfx

alexaendergfx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 27 June 2017 - 08:30 PM

Malwarebytes Anti-Malware is still reporting reporting the offending file.  Thank you for helping me with this, hopefully we can figure it out.
 

# DelFix v1.013 - Logfile created 27/06/2017 at 16:52:43
# Updated 17/04/2016 by Xplode
# Username : Brett - DESKTOP-100M70C
# Operating System : Windows 10 Home  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Brett\Desktop\Addition.txt
Deleted : C:\Users\Brett\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\Brett\Desktop\Fixlog.txt
Deleted : C:\Users\Brett\Desktop\FRST.txt
Deleted : C:\Users\Brett\Desktop\FRST64.exe
Deleted : C:\Users\Brett\Desktop\JRT.txt
Deleted : C:\Users\Brett\Downloads\adwcleaner_6.047.exe
Deleted : C:\Users\Brett\Downloads\dds Plugin-76482-1-0.rar
Deleted : C:\Users\Brett\Downloads\JRT.exe
Deleted : C:\Users\Brett\Downloads\RogueKiller_portable64.exe
 
~ Creating registry backup ... OK
 
########## - EOF - ##########
 
==============================================================================
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/23/2017
Scan Time: 9:32 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.06.23.07
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Brett
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 521749
Time Elapsed: 8 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Agent.E, C:\Users\Brett\RegSvcs.exe, , [762d65ddf8b106301f4d92f87987ee12], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:01 PM

Posted 27 June 2017 - 11:18 PM

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Highlight the entire content of the quote box below.

Start::
unlock: C:\Users\Brett\RegSvcs.exe
CMD: Attrib -h -s  C:\Users\Brett\RegSvcs.exe
C:\Users\Brett\RegSvcs.exe
Task: {64FBC352-4F54-4236-80D5-837F416457AE} - System32\Tasks\cvqentk => C:\Users\Brett\cvqentk\wfuasou.exe [2015-07-10] (AutoIt Team)
C:\Users\Brett\cvqentk
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.


Edited by JSntgRvr, 28 June 2017 - 11:20 AM.
Typo

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:01 PM

Posted 27 June 2017 - 11:50 PM

Topic Edited above. Added two more lines to the quote box.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 alexaendergfx

alexaendergfx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 27 June 2017 - 11:54 PM

I am starting to wonder if this is some sort of registry issue since I have never actually seen the file RegSvcs.exe in "C:\Users\Brett\" even with hidden files set to visible even though Malwarebytes continues to report that the file is indeed there.  I have checked each time before scanning and it never appears there.  Very odd one for sure.
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by Brett (27-06-2017 21:40:49) Run:1
Running from C:\Users\Brett\Desktop
Loaded Profiles: Brett (Available Profiles: Brett & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
unlock: C:\Users\Brett\RegSvcs.exe
CMD: Attrib - h - s  C:\Users\Brett\RegSvcs.exe
C:\Users\Brett\RegSvcs.exe
 
*****************
 
"C:\Users\Brett\RegSvcs.exe" => not found.
 
========= Attrib - h - s  C:\Users\Brett\RegSvcs.exe =========
 
Parameter format not correct -
 
========= End of CMD: =========
 
"C:\Users\Brett\RegSvcs.exe" => not found.
 
==== End of Fixlog 21:40:49 ====


#10 alexaendergfx

alexaendergfx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 27 June 2017 - 11:57 PM

Just ran it again with the added lines.  I see it is complaining about the Attrib parameters.  Are those extra spaces between the dash and parameters the problem?
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by Brett (27-06-2017 21:55:36) Run:2
Running from C:\Users\Brett\Desktop
Loaded Profiles: Brett &  (Available Profiles: Brett & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
unlock: C:\Users\Brett\RegSvcs.exe
CMD: Attrib - h - s  C:\Users\Brett\RegSvcs.exe
C:\Users\Brett\RegSvcs.exe
Task: {64FBC352-4F54-4236-80D5-837F416457AE} - System32\Tasks\cvqentk => C:\Users\Brett\cvqentk\wfuasou.exe [2015-07-10] (AutoIt Team)
C:\Users\Brett\cvqentk
 
*****************
 
"C:\Users\Brett\RegSvcs.exe" => was unlocked
 
========= Attrib - h - s  C:\Users\Brett\RegSvcs.exe =========
 
Parameter format not correct -
 
========= End of CMD: =========
 
C:\Users\Brett\RegSvcs.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64FBC352-4F54-4236-80D5-837F416457AE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64FBC352-4F54-4236-80D5-837F416457AE} => key removed successfully
C:\WINDOWS\System32\Tasks\cvqentk => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cvqentk => key removed successfully
C:\Users\Brett\cvqentk => moved successfully
 
==== End of Fixlog 21:55:37 ====


#11 alexaendergfx

alexaendergfx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 28 June 2017 - 12:41 AM

I think we may have actually resolved the problem at this point.  I will run Malwarebytes a couple more times after a couple reboots and report back to you.  This last run (after a clean reboot) was the first time I have not seen the detection pop up.  Stand by and thanks again!!!



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:01 PM

Posted 28 June 2017 - 11:19 AM

Just ran it again with the added lines.  I see it is complaining about the Attrib parameters.  Are those extra spaces between the dash and parameters the problem?

 

 

 

 Yes. Fixed.

 

I am starting to wonder if this is some sort of registry issue since I have never actually seen the file RegSvcs.exe in "C:\Users\Brett\" even with hidden files set to visible even though Malwarebytes continues to report that the file is indeed there.  I have checked each time before scanning and it never appears there.  Very odd one for sure.
 

 

 

The file was hidden with a System attribute. That is the reason you were not able to see it.

 

Please let me know the outcome.


Edited by JSntgRvr, 28 June 2017 - 11:26 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 alexaendergfx

alexaendergfx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 28 June 2017 - 04:13 PM

Looks like the issue has been resolved!  Thank you so very much for your help.  I will be sure to hit that donate button as soon as I can.  You guys are great here on Bleeping!



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:01 PM

Posted 28 June 2017 - 07:12 PM

You are welcome.

 

Run DelFix once again to remove the quarantine.

 

Best regards. :hello:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:01 PM

Posted 28 June 2017 - 07:13 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users