Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have 3-4 Google processes that constantly run


  • This topic is locked This topic is locked
18 replies to this topic

#1 TrevorT2

TrevorT2

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 06 July 2017 - 12:28 PM

So my internet is being slowed by 3-4 google processes that keep running, and restart themselves after their process has been ended by task manager. When they first start I've noticed that in task manager they will have a little drop-down menu like the regular chrome process does where it shows you what websites you have open, but these google processes show sites that I have not, and do not visit like "myfavestyleguide.com". They are forcing my computer to constantly use around 30-50% memory, and sometimes when I've left my computer open they are using 600-700MB of memory. 

Here is my FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017
Ran by Trevor Thompson (administrator) on DESKTOP-RNIOOQE (06-07-2017 10:13:53)
Running from D:\Downloads
Loaded Profiles: Trevor Thompson (Available Profiles: Trevor Thompson)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe
(Wargaming.net) D:\World_of_Warships\WargamingGameUpdater.exe
(Disc Soft Ltd) D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(GUpdate) C:\Users\Trevor Thompson\AppData\Local\TrafficA\GoogleUpdate.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Spotify Ltd) C:\Users\Trevor Thompson\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Trevor Thompson\AppData\Roaming\Spotify\Spotify.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Spotify Ltd) C:\Users\Trevor Thompson\AppData\Roaming\Spotify\Spotify.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Spotify Ltd) C:\Users\Trevor Thompson\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Spotify Ltd) C:\Users\Trevor Thompson\AppData\Roaming\Spotify\Spotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.105.48.0\OverwolfHelper.exe
(Adobe Systems Inc.) D:\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(LG Electronics Inc.) C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreen Control.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.105.48.0\OverwolfBrowser.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(TODO: <Company name>) C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\ScreenSplitterHook64App.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.105.48.0\OverwolfHelper64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1439_none_7efe016621f50bd0\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16291448 2016-09-26] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [subcontracted] => "C:\Program Files (x86)\Champa\packagers.exe"
HKLM\...\Run: [subcontractedsubcontracted] => "C:\Program Files (x86)\Eyring\packagers.exe"
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [OnScreen Control] => C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreenStartUpApp.exe************************************************ [1785328 2015-12-14] ()
HKLM-x32\...\Run: [freeloading] => "C:\Program Files (x86)\Champa\packagers.exe"
HKLM-x32\...\Run: [freeloadingfreeloading] => "C:\Program Files (x86)\Eyring\packagers.exe"
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-06-18] ()
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [DAEMON Tools Lite Automount] => D:\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [World of Warships] => D:\World_of_Warships\WargamingGameUpdater.exe [3136264 2017-06-02] (Wargaming.net)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [TrafficA] => C:\Users\Trevor Thompson\AppData\Local\TrafficA\GoogleUpdate.exe***************************************************************** [157063168 2017-01-17] ()
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [hydrogenated] => "C:\Program Files (x86)\Champa\packagers.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [hydrogenatedhydrogenated] => "C:\Program Files (x86)\Eyring\packagers.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [threshed] => "C:\Program Files (x86)\Champa\packagers.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [threshedthreshed] => "C:\Program Files (x86)\Eyring\packagers.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [wilfred] => "C:\Program Files (x86)\meets\wilfred.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [varnishes] => "C:\Program Files (x86)\Champa\packagers.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1892968 2017-04-08] (Lavasoft)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3048312 2017-06-15] (Electronic Arts)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [Spotify Web Helper] => C:\Users\Trevor Thompson\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-06] (Spotify Ltd)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [Spotify] => C:\Users\Trevor Thompson\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-06] (Spotify Ltd)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Adobe Speed Launcher] => 1499360663
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\MountPoints2: {6093dd31-6c46-11e6-8b55-806e6f6e6963} - "explorer.exe" index.html
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [152064 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2017-04-06] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2017-04-06] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2017-04-06] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2017-04-06] (Lavasoft Limited)
Winsock: Catalog9 18 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2017-04-06] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2017-01-17] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2017-01-17] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2017-01-17] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2017-01-17] (Lavasoft Limited)
Winsock: Catalog9-x64 18 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2017-01-17] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1fc06754-804c-41fc-9ea5-5ec924569dc7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1fc06754-804c-41fc-9ea5-5ec924569dc7}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{21d67b68-c0ec-452b-a07d-7808a2a8becb}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{48cf4353-80ba-11e6-a26c-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7a989595-3f83-49ac-b6dd-1fe3c5ebd822}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8c5c2618-1c63-4524-bfa4-c31b6e005c53}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8c5c2618-1c63-4524-bfa4-c31b6e005c53}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{94ae1625-b559-4405-893e-f57cbba13f71}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c1e16a92-8739-4866-8c8d-df42e7f61fd0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c1e16a92-8739-4866-8c8d-df42e7f61fd0}: [DhcpNameServer] 8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-296551863-3934802668-1121700915-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-20] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-14] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-14] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-05-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-31] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: qolzfn5r.default
FF ProfilePath: C:\Users\Trevor Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\qolzfn5r.default [2017-07-06]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - D:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-10-05] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-06-17] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-14] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> D:\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8
CHR Profile: C:\Users\Trevor Thompson\AppData\Local\Google\Chrome\User Data\Default [2017-07-06]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Trevor Thompson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-06-07]
CHR Extension: (AdBlock) - C:\Users\Trevor Thompson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-26]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Trevor Thompson\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2017-01-20]
CHR Extension: (No Name) - C:\Users\Trevor Thompson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-06-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Trevor Thompson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Trevor Thompson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2278152 2015-08-12] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [409128 2017-02-22] (EasyAntiCheat Ltd)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-06-25] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2017-04-06] (Lavasoft Limited) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-08-10] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-04-26] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [984480 2017-06-03] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241656 2017-04-30] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [390656 2017-04-30] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343544 2017-04-30] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1543248 2017-05-31] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2168208 2017-06-15] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3148184 2017-06-15] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-06-18] (Overwolf LTD)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-21] (Intel Security, Inc.)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-09-08] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-09-07] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [669136 2016-10-14] (Wacom Technology, Corp.)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
S2 OrogeneticC; C:\Program Files (x86)\Orogenetictonero\OrogeneticC.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [199472 2015-08-12] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7585280 2016-07-16] (Broadcom Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [76824 2017-05-02] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-08-27] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-08-27] (Disc Soft Ltd)
S3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-12-07] (Disc Soft Ltd)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [209608 2017-05-31] (McAfee, Inc.)
S3 IAMTVE; C:\WINDOWS\System32\drivers\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-08-09] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-06-24] (Logitech Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832 2017-07-06] (Malwarebytes)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [88448 2017-05-26] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [476176 2017-05-02] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [353808 2017-05-02] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84536 2017-05-02] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [504336 2017-05-02] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [918544 2017-05-02] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [109072 2017-05-02] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252432 2017-05-02] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys [14456944 2017-05-02] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-06-27] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-04] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-06 10:13 - 2017-07-06 10:13 - 00000000 ____D C:\FRST
2017-07-06 10:04 - 2017-07-06 10:04 - 00000000 ___HD C:\OneDriveTemp
2017-07-06 10:03 - 2017-07-06 10:03 - 00000000 ____D C:\WINDOWS\Panther
2017-07-05 01:48 - 2017-07-05 01:48 - 00000000 ____D C:\Users\Trevor Thompson\Desktop\SHGA Documents
2017-07-04 20:34 - 2017-07-04 20:34 - 00112464 _____ C:\Users\Trevor Thompson\Downloads\prices_USD_2017-07-05.csv
2017-07-04 12:33 - 2017-07-04 12:33 - 01525110 _____ (Bomoh ) C:\Users\Trevor Thompson\Downloads\hd_video_player_4210223231.exe
2017-07-04 02:49 - 2017-07-04 02:49 - 00006349 _____ C:\Users\Trevor Thompson\Downloads\f (1).txt
2017-07-02 03:47 - 2017-07-02 03:47 - 00006293 _____ C:\Users\Trevor Thompson\Downloads\f.txt
2017-06-30 08:51 - 2017-06-30 08:51 - 1623385592 _____ C:\Users\Trevor Thompson\Desktop\Unacknowledged.2017.1080p.WEBRip.HEVC.2CH.x265.mkv
2017-06-28 17:41 - 2017-06-28 17:41 - 00000263 _____ C:\Users\Trevor Thompson\Desktop\lol.txt
2017-06-27 11:32 - 2017-06-27 11:32 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-06-27 11:32 - 2017-06-27 11:32 - 00001217 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-06-27 11:32 - 2017-06-27 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-06-27 09:55 - 2017-01-17 06:31 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170627-095524.backup
2017-06-27 09:36 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-06-27 08:03 - 2017-07-06 10:03 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-27 08:03 - 2017-06-27 08:03 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-27 08:03 - 2017-06-27 08:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-27 08:03 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-25 12:36 - 2017-06-25 12:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-25 12:34 - 2017-06-25 12:34 - 00001130 _____ C:\WINDOWS\system32\.crusader
2017-06-25 12:30 - 2017-06-25 12:34 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-25 12:30 - 2017-06-25 12:30 - 00001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-06-25 12:30 - 2017-06-25 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-06-25 12:30 - 2017-06-25 12:30 - 00000000 ____D C:\Program Files\HitmanPro
2017-06-25 12:26 - 2017-06-25 12:27 - 00003972 _____ C:\Users\Trevor Thompson\Desktop\Rkill.txt
2017-06-23 00:58 - 2017-06-23 00:58 - 00044451 _____ C:\Users\Trevor Thompson\Desktop\6232017pay.pdf
2017-06-23 00:56 - 2017-06-23 08:59 - 00000036 _____ C:\Users\Trevor Thompson\Desktop\ADP LOGIN.txt
2017-06-21 17:25 - 2017-06-21 17:25 - 00049229 _____ C:\Users\Trevor Thompson\Downloads\engage-terms-us-1-0.pdf
2017-06-16 11:22 - 2017-06-16 11:23 - 36511318 _____ C:\Users\Trevor Thompson\Downloads\Dustland-Express-EP.zip
2017-06-16 02:49 - 2017-06-16 02:49 - 04045212 _____ C:\Users\Trevor Thompson\Desktop\Drunvalo Melchizedek - The Ancient Secret.Of The Flower Of Life.pdf
2017-06-15 13:42 - 2017-06-29 19:23 - 00000404 _____ C:\WINDOWS\Tasks\HPCeeScheduleForTrevor Thompson.job
2017-06-15 13:42 - 2017-06-29 13:52 - 00003336 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForTrevor Thompson
2017-06-14 21:12 - 2017-06-14 21:12 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 05:06 - 2017-06-03 03:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 05:06 - 2017-06-03 03:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 05:06 - 2017-06-03 03:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 05:06 - 2017-06-03 03:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 05:06 - 2017-06-03 03:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 05:06 - 2017-06-03 03:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 05:06 - 2017-06-03 03:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 05:06 - 2017-06-03 03:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 05:06 - 2017-06-03 03:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 05:06 - 2017-06-03 03:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 05:06 - 2017-06-03 03:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 05:06 - 2017-06-03 02:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 05:06 - 2017-06-03 02:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 05:06 - 2017-06-03 02:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 05:06 - 2017-06-03 02:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 05:06 - 2017-06-03 02:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 05:06 - 2017-06-03 02:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 05:06 - 2017-06-03 02:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 05:06 - 2017-06-03 02:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 05:06 - 2017-06-03 02:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 05:06 - 2017-06-03 02:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 05:06 - 2017-06-03 02:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 05:06 - 2017-06-03 02:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 05:06 - 2017-06-03 02:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 05:06 - 2017-06-03 02:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 05:06 - 2017-06-03 02:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 05:06 - 2017-06-03 02:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 05:06 - 2017-06-03 02:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 05:06 - 2017-06-03 02:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 05:06 - 2017-06-03 02:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 05:06 - 2017-06-03 02:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 05:06 - 2017-06-03 02:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 05:06 - 2017-06-03 02:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 05:06 - 2017-06-03 02:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 05:06 - 2017-06-03 02:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 05:06 - 2017-06-03 02:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 05:06 - 2017-06-03 02:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 05:06 - 2017-06-03 02:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 05:06 - 2017-06-03 02:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 05:06 - 2017-06-03 02:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 05:06 - 2017-06-03 02:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 05:06 - 2017-06-03 02:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 05:06 - 2017-06-03 02:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 05:06 - 2017-06-03 02:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 05:06 - 2017-06-03 02:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 05:06 - 2017-06-03 02:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 05:06 - 2017-06-03 02:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 05:06 - 2017-06-03 02:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 05:06 - 2017-06-03 02:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 05:06 - 2017-06-03 02:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 05:06 - 2017-06-03 02:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 05:06 - 2017-06-03 02:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 05:06 - 2017-06-03 02:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 05:06 - 2017-06-03 02:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 05:06 - 2017-06-03 02:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 05:06 - 2017-06-03 02:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 05:06 - 2017-06-03 02:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 05:06 - 2017-06-03 02:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 05:06 - 2017-06-03 02:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 05:06 - 2017-06-03 02:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 05:06 - 2017-06-03 02:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 05:06 - 2017-06-03 02:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 05:06 - 2017-06-03 02:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 05:06 - 2017-06-03 02:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 05:06 - 2017-06-03 02:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 05:06 - 2017-06-03 02:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 05:06 - 2017-06-03 02:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 05:06 - 2017-06-03 02:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 05:06 - 2017-06-03 02:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 05:06 - 2017-06-03 02:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 05:06 - 2017-06-03 02:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 05:06 - 2017-06-03 02:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 05:06 - 2017-06-03 02:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 05:06 - 2017-06-03 02:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 05:06 - 2017-06-03 02:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 05:06 - 2017-06-03 02:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 05:06 - 2017-06-03 02:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 05:06 - 2017-06-03 02:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 05:06 - 2017-06-03 02:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 05:06 - 2017-06-03 02:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 05:06 - 2017-06-03 02:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 05:06 - 2017-06-03 02:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 05:06 - 2017-06-03 02:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 05:06 - 2017-06-03 02:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 05:06 - 2017-06-03 02:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 05:06 - 2017-06-03 02:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 05:06 - 2017-06-03 02:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 05:06 - 2017-06-03 02:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 05:06 - 2017-06-03 02:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 05:06 - 2017-06-03 02:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 05:06 - 2017-06-03 02:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 05:06 - 2017-06-03 02:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 05:06 - 2017-06-03 02:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 05:06 - 2017-06-03 02:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 05:06 - 2017-06-03 02:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 05:06 - 2017-06-03 02:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 05:06 - 2017-06-03 02:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 05:06 - 2017-06-03 02:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 05:06 - 2017-06-03 02:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 05:06 - 2017-06-03 01:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 05:06 - 2017-06-03 01:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 05:06 - 2017-06-03 01:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 05:06 - 2017-06-03 01:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 05:06 - 2017-06-03 01:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 05:06 - 2017-06-03 01:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 05:06 - 2017-06-03 01:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 05:06 - 2017-06-03 01:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 05:06 - 2017-06-03 01:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 05:06 - 2017-06-03 01:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 05:06 - 2017-06-03 01:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 05:06 - 2017-06-03 01:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 05:06 - 2017-06-03 01:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 05:06 - 2017-06-03 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 05:06 - 2017-06-03 01:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 05:06 - 2017-06-03 01:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 05:06 - 2017-06-03 01:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 05:06 - 2017-06-03 01:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 05:06 - 2017-06-03 01:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 05:06 - 2017-06-03 01:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 05:06 - 2017-06-03 01:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 05:06 - 2017-06-03 01:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 05:06 - 2017-06-03 01:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 05:06 - 2017-06-03 01:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 05:06 - 2017-06-03 01:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 05:06 - 2017-06-03 01:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 05:06 - 2017-06-02 23:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-14 05:06 - 2017-05-24 22:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 05:06 - 2017-03-03 23:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 05:06 - 2017-03-03 23:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 05:06 - 2017-03-03 23:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 05:06 - 2017-03-03 23:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-14 05:06 - 2016-09-06 21:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-12 10:23 - 2017-06-12 10:26 - 00000518 _____ C:\Users\Trevor Thompson\Desktop\Adobo.txt
2017-06-07 18:49 - 2017-06-07 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cryptigo
2017-06-07 01:53 - 2017-06-07 01:53 - 00000000 ____D C:\Users\Trevor Thompson\Documents\FeedbackHub
2017-06-07 01:52 - 2017-06-07 01:52 - 00000000 ____D C:\Program Files (x86)\Cryptigo
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-06 10:13 - 2017-05-04 18:11 - 00108858 _____ C:\WINDOWS\ZAM.krnl.trace
2017-07-06 10:13 - 2017-05-04 18:11 - 00076383 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-07-06 10:13 - 2016-08-28 09:52 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Roaming\Skype
2017-07-06 10:13 - 2016-08-27 10:21 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Roaming\Spotify
2017-07-06 10:12 - 2017-01-09 18:10 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-07-06 10:09 - 2016-08-27 03:13 - 02685514 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-06 10:09 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-06 10:09 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-06 10:06 - 2017-01-04 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-07-06 10:05 - 2017-01-17 06:47 - 00000000 ____H C:\Users\Trevor Thompson\AppData\Local\@system.temp
2017-07-06 10:04 - 2017-01-17 06:28 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Local\TrafficA
2017-07-06 10:04 - 2017-01-04 16:52 - 00000000 __RSD C:\Users\Trevor Thompson\Documents\McAfee Vaults
2017-07-06 10:04 - 2016-12-28 17:58 - 00000054 _____ C:\Users\Public\Documents\OSCFile.txt
2017-07-06 10:04 - 2016-09-22 03:47 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-06 10:04 - 2016-09-07 18:47 - 00000000 ____D C:\ProgramData\Origin
2017-07-06 10:04 - 2016-08-27 10:22 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Local\Spotify
2017-07-06 10:04 - 2016-08-27 10:07 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Local\Overwolf
2017-07-06 10:04 - 2016-08-27 09:46 - 00000000 ___RD C:\Users\Trevor Thompson\OneDrive
2017-07-06 10:03 - 2016-09-22 03:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-06 10:03 - 2016-09-22 03:48 - 00000000 ____D C:\Users\Trevor Thompson
2017-07-06 10:03 - 2016-09-22 03:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-06 01:13 - 2016-08-27 10:03 - 00000000 ____D C:\Users\Trevor Thompson\Desktop\Desktop Folders
2017-07-06 00:10 - 2016-09-07 18:48 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Roaming\Origin
2017-07-04 01:47 - 2016-07-15 23:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-07-03 10:47 - 2016-11-09 01:08 - 00000000 ____D C:\ProgramData\Skype
2017-07-03 10:46 - 2016-11-09 01:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-03 10:43 - 2016-08-27 13:00 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Roaming\tixati
2017-07-01 23:15 - 2016-09-04 23:35 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Local\CrashDumps
2017-06-29 03:39 - 2017-01-17 06:28 - 00000624 ____H C:\Users\Trevor Thompson\AppData\Local\@system3.att
2017-06-28 03:59 - 2017-03-06 22:38 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 03:59 - 2017-03-06 22:38 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-27 11:32 - 2017-05-04 10:34 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-06-27 09:51 - 2017-05-04 10:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-06-27 09:36 - 2017-05-04 10:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-06-27 09:36 - 2017-01-04 16:51 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-27 08:56 - 2017-04-16 14:47 - 00001037 _____ C:\Users\Public\Desktop\Mass Effect Andromeda.lnk
2017-06-27 08:07 - 2017-05-20 13:56 - 00000000 ____D C:\Program Files (x86)\Origin
2017-06-25 11:27 - 2016-08-27 10:07 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-06-24 23:00 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-23 04:12 - 2016-08-28 14:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-21 11:29 - 2016-12-15 15:04 - 00003310 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-21 11:29 - 2016-08-27 09:46 - 00002393 _____ C:\Users\Trevor Thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-20 06:54 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-17 15:07 - 2017-01-04 16:50 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-06-17 15:06 - 2017-01-04 16:52 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-06-17 15:06 - 2017-01-04 16:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-06-17 15:06 - 2016-07-16 04:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-06-16 10:20 - 2016-08-27 10:07 - 00000000 ____D C:\ProgramData\McAfee
2017-06-15 11:03 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 01:30 - 2016-08-27 09:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-14 21:13 - 2016-09-22 03:47 - 04981152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 21:12 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-14 21:12 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 21:12 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 05:18 - 2016-08-27 12:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 05:12 - 2016-08-27 12:42 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 05:12 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-13 02:04 - 2017-05-15 07:40 - 00415075 ____N C:\WINDOWS\Minidump\061317-6187-01.dmp
2017-06-13 02:04 - 2016-11-24 07:21 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-12 10:42 - 2017-05-15 07:40 - 00415203 ____N C:\WINDOWS\Minidump\061217-6218-01.dmp
2017-06-12 10:42 - 2017-01-23 13:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-12 10:22 - 2017-05-20 13:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-12 10:22 - 2017-01-23 13:41 - 00001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-06-12 10:22 - 2017-01-23 13:41 - 00000993 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-06-11 23:57 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-09 16:52 - 2017-05-15 07:40 - 00425699 ____N C:\WINDOWS\Minidump\060917-6640-01.dmp
2017-06-08 08:47 - 2016-08-27 09:44 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Local\Packages
2017-06-07 02:12 - 2017-05-15 07:40 - 00427939 ____N C:\WINDOWS\Minidump\060717-7031-01.dmp
2017-06-06 14:01 - 2017-05-15 07:40 - 00418275 ____N C:\WINDOWS\Minidump\060617-7468-01.dmp
 
==================== Files in the root of some directories =======
 
2017-01-17 06:28 - 2017-01-17 06:28 - 0000480 ____H () C:\Users\Trevor Thompson\AppData\Roaming\½Ó
2017-01-17 06:27 - 2017-01-17 06:27 - 0166928 _____ () C:\Users\Trevor Thompson\AppData\Local\881F.tmp
2017-01-17 06:47 - 2017-01-17 06:47 - 0000008 ____H () C:\Users\Trevor Thompson\AppData\Local\@000001.dat
2017-01-17 06:47 - 2017-07-06 10:05 - 0000000 ____H () C:\Users\Trevor Thompson\AppData\Local\@system.temp
2017-01-17 06:28 - 2017-06-29 03:39 - 0000624 ____H () C:\Users\Trevor Thompson\AppData\Local\@system3.att
2017-01-17 07:13 - 2017-01-17 07:13 - 1271953 _____ () C:\Users\Trevor Thompson\AppData\Local\ars.cache
2017-01-17 06:46 - 2017-01-17 06:46 - 0166928 _____ () C:\Users\Trevor Thompson\AppData\Local\B07.tmp
2017-01-17 07:14 - 2017-01-17 07:14 - 1406536 _____ () C:\Users\Trevor Thompson\AppData\Local\census.cache
2017-01-17 06:59 - 2017-01-17 06:59 - 0000036 _____ () C:\Users\Trevor Thompson\AppData\Local\housecall.guid.cache
2017-01-17 06:32 - 2017-01-17 06:32 - 0455173 _____ () C:\Users\Trevor Thompson\AppData\Local\screen_5518_440268062.jpg
2017-01-17 07:07 - 2017-01-17 07:07 - 0000010 _____ () C:\Users\Trevor Thompson\AppData\Local\sponge.last.runtime.cache
2017-01-17 06:32 - 2017-01-17 06:32 - 0011702 _____ () C:\Users\Trevor Thompson\AppData\Local\sreen_process_5518_440268062.log
2016-09-16 17:04 - 2016-09-16 17:04 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
2017-06-07 01:55 - 2017-06-07 01:55 - 0043520 _____ () C:\Users\Trevor Thompson\AppData\Local\Temp\aiw42793968.DLL
2017-06-07 01:55 - 2017-06-07 01:55 - 0048128 _____ () C:\Users\Trevor Thompson\AppData\Local\Temp\aiw42794093.EXE
2017-03-10 01:24 - 2017-03-10 01:24 - 1006272 _____ () C:\Users\Trevor Thompson\AppData\Local\Temp\AppInstaller.exe
2017-05-15 17:11 - 2017-05-15 17:11 - 0694744 _____ (Disc Soft Ltd.) C:\Users\Trevor Thompson\AppData\Local\Temp\DAEMON Tools Lite.exe
2017-05-15 17:14 - 2017-05-15 17:14 - 25660760 _____ (Disc Soft Ltd) C:\Users\Trevor Thompson\AppData\Local\Temp\DTLite1051-0232.exe
2017-02-09 00:17 - 2017-03-16 15:56 - 0754352 _____ (NVIDIA Corporation) C:\Users\Trevor Thompson\AppData\Local\Temp\nvSCPAPI.dll
2017-02-09 00:17 - 2017-03-16 15:56 - 0867968 _____ (NVIDIA Corporation) C:\Users\Trevor Thompson\AppData\Local\Temp\nvSCPAPI64.dll
2017-03-01 14:56 - 2017-03-16 15:56 - 0352704 _____ (NVIDIA Corporation) C:\Users\Trevor Thompson\AppData\Local\Temp\nvStInst.exe
2017-03-06 06:44 - 2017-04-05 18:39 - 57827288 _____ (Skype Technologies S.A.) C:\Users\Trevor Thompson\AppData\Local\Temp\SkypeSetup.exe
2017-03-06 12:50 - 2017-03-06 12:50 - 14456872 _____ (Microsoft Corporation) C:\Users\Trevor Thompson\AppData\Local\Temp\vc_redist.x86.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-28 08:03
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 06 July 2017 - 08:56 PM

Hi TrevorT2 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Since you have Malwarebytes installed already on the system, let's run a scan with it and see what it can detect and remove for us.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 TrevorT2

TrevorT2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 07 July 2017 - 11:26 AM

Thank you very much, and I understand!
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/7/17
Scan Time: 9:21 AM
Log File: MalwarebytesScan772017.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2311
License: Free
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-RNIOOQE\Trevor Thompson
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388355
Threats Detected: 4
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 9 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-296551863-3934802668-1121700915-1001\CONSOLE\TASKENG.EXE, No Action By User, [9483], [408199],1.0.2311
 
Registry Value: 2
PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-296551863-3934802668-1121700915-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, No Action By User, [9483], [408201],1.0.2311
PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-296551863-3934802668-1121700915-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, No Action By User, [9483], [408199],1.0.2311
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.BundleInstaller, C:\USERS\TREVOR THOMPSON\DOWNLOADS\HD_VIDEO_PLAYER_4210223231.EXE, No Action By User, [25], [413546],1.0.2311
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 07 July 2017 - 11:35 AM

Looks like you provided me a scan log from Malwarebytes, did you quarantine the threats it detected afterwards? Just making sure.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 TrevorT2

TrevorT2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 07 July 2017 - 03:22 PM

Yes, I quarantined the threats afterward.



#6 TrevorT2

TrevorT2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 07 July 2017 - 03:26 PM

I scanned again and exported the summary this time.

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/7/17
Scan Time: 1:22 PM
Log File: 
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2313
License: Free
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-RNIOOQE\Trevor Thompson
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388456
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 25 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

I scanned again and exported the summary this time.

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/7/17
Scan Time: 1:22 PM
Log File: 
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2313
License: Free
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-RNIOOQE\Trevor Thompson
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388456
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 25 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 07 July 2017 - 06:22 PM

Good :) Now let's see if AdwCleaner and JRT detects anything.

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted JRT log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 TrevorT2

TrevorT2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 08 July 2017 - 01:46 AM

# AdwCleaner v6.047 - Logfile created 07/07/2017 at 23:43:43
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-07.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Trevor Thompson - DESKTOP-RNIOOQE
# Running from : D:\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: LavasoftTcpService
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\18f1cc4e
[-] Folder deleted: C:\Users\Trevor Thompson\AppData\Local\cpx
[-] Folder deleted: C:\Users\Trevor Thompson\AppData\Local\TrafficA
[-] Folder deleted: C:\Users\Trevor Thompson\AppData\Roaming\lavasoft\web companion
[-] Folder deleted: C:\ProgramData\lavasoft\web companion
[#] Folder deleted on reboot: C:\ProgramData\Application Data\lavasoft\web companion
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
[-] Folder deleted: C:\Program Files (x86)\lavasoft\web companion
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService
 
 
***** [ Files ] *****
 
[#] File deleted: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] File deleted: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[#] File deleted: C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
[-] File deleted: C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key deleted: HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Lavasoft\Web Companion
[#] Key deleted on reboot: HKCU\Software\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\IDOT
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter
[#] Key deleted on reboot: [x64] HKCU\Software\Lavasoft\Web Companion
[-] Key deleted: [x64] HKLM\SOFTWARE\IDOT
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
[-] Value deleted: HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[-] Value deleted: HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\Run [TrafficA]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [TrafficA]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [TrafficA]
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [6974 Bytes] - [07/07/2017 23:43:43]
C:\AdwCleaner\AdwCleaner[S0].txt - [6700 Bytes] - [07/07/2017 23:42:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7120 Bytes] ##########


#9 TrevorT2

TrevorT2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 08 July 2017 - 01:48 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Trevor Thompson (Administrator) on Fri 07/07/2017 at 23:46:36.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/07/2017 at 23:48:00.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 08 July 2017 - 08:38 AM

Good! Please a new FRST scan and provide me a fresh set of logs (FRST.txt and Addition.txt). We'll remove the rest using a fix.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 TrevorT2

TrevorT2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 08 July 2017 - 12:04 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by Trevor Thompson (administrator) on DESKTOP-RNIOOQE (08-07-2017 10:01:00)
Running from D:\Downloads
Loaded Profiles: Trevor Thompson (Available Profiles: Trevor Thompson)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Windows\System32\PnkBstrA.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Wargaming.net) D:\World_of_Warships\WargamingGameUpdater.exe
(Disc Soft Ltd) D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.105.48.0\OverwolfBrowser.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.105.48.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.105.48.0\OverwolfHelper64.exe
(Spotify Ltd) C:\Users\Trevor Thompson\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) D:\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(LG Electronics Inc.) C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreen Control.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(TODO: <Company name>) C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\ScreenSplitterHook64App.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16291448 2016-09-26] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [subcontracted] => "C:\Program Files (x86)\Champa\packagers.exe"
HKLM\...\Run: [subcontractedsubcontracted] => "C:\Program Files (x86)\Eyring\packagers.exe"
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [OnScreen Control] => C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreenStartUpApp.exe************************************************ [1785328 2015-12-14] ()
HKLM-x32\...\Run: [freeloading] => "C:\Program Files (x86)\Champa\packagers.exe"
HKLM-x32\...\Run: [freeloadingfreeloading] => "C:\Program Files (x86)\Eyring\packagers.exe"
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-06-18] ()
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [DAEMON Tools Lite Automount] => D:\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [World of Warships] => D:\World_of_Warships\WargamingGameUpdater.exe [3136264 2017-06-02] (Wargaming.net)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [hydrogenated] => "C:\Program Files (x86)\Champa\packagers.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [hydrogenatedhydrogenated] => "C:\Program Files (x86)\Eyring\packagers.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [threshed] => "C:\Program Files (x86)\Champa\packagers.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [threshedthreshed] => "C:\Program Files (x86)\Eyring\packagers.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [wilfred] => "C:\Program Files (x86)\meets\wilfred.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [varnishes] => "C:\Program Files (x86)\Champa\packagers.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3048312 2017-06-15] (Electronic Arts)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [Spotify] => C:\Users\Trevor Thompson\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-06] (Spotify Ltd)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [Spotify Web Helper] => C:\Users\Trevor Thompson\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-06] (Spotify Ltd)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Adobe Speed Launcher] => 1499528387
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\MountPoints2: {6093dd31-6c46-11e6-8b55-806e6f6e6963} - "explorer.exe" index.html
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [152064 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1fc06754-804c-41fc-9ea5-5ec924569dc7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1fc06754-804c-41fc-9ea5-5ec924569dc7}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{21d67b68-c0ec-452b-a07d-7808a2a8becb}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{48cf4353-80ba-11e6-a26c-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7a989595-3f83-49ac-b6dd-1fe3c5ebd822}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8c5c2618-1c63-4524-bfa4-c31b6e005c53}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8c5c2618-1c63-4524-bfa4-c31b6e005c53}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{94ae1625-b559-4405-893e-f57cbba13f71}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c1e16a92-8739-4866-8c8d-df42e7f61fd0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c1e16a92-8739-4866-8c8d-df42e7f61fd0}: [DhcpNameServer] 8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-07] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-07] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-14] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-14] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-05-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-31] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: qolzfn5r.default
FF ProfilePath: C:\Users\Trevor Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\qolzfn5r.default [2017-07-08]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - D:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-10-05] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-06-17] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-14] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> D:\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8
CHR Profile: C:\Users\Trevor Thompson\AppData\Local\Google\Chrome\User Data\Default [2017-07-08]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Trevor Thompson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-06-07]
CHR Extension: (AdBlock) - C:\Users\Trevor Thompson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-26]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Trevor Thompson\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2017-01-20]
CHR Extension: (No Name) - C:\Users\Trevor Thompson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-06-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Trevor Thompson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Trevor Thompson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2278152 2015-08-12] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [409128 2017-02-22] (EasyAntiCheat Ltd)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-06-25] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-08-10] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-04-26] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [984480 2017-06-03] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241656 2017-04-30] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [390656 2017-04-30] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343544 2017-04-30] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1543248 2017-05-31] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2168208 2017-06-15] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3148184 2017-06-15] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-06-18] (Overwolf LTD)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-21] (Intel Security, Inc.)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-09-08] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-09-07] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [669136 2016-10-14] (Wacom Technology, Corp.)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
S2 OrogeneticC; C:\Program Files (x86)\Orogenetictonero\OrogeneticC.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [199472 2015-08-12] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7585280 2016-07-16] (Broadcom Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [76824 2017-05-02] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-08-27] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-08-27] (Disc Soft Ltd)
S3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-12-07] (Disc Soft Ltd)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [209608 2017-05-31] (McAfee, Inc.)
S3 IAMTVE; C:\WINDOWS\System32\drivers\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-08-09] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-06-24] (Logitech Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832 2017-07-08] (Malwarebytes)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [88448 2017-05-26] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [476176 2017-05-02] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [353808 2017-05-02] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84536 2017-05-02] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [504336 2017-05-02] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [918544 2017-05-02] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [109072 2017-05-02] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252432 2017-05-02] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys [14456944 2017-05-02] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-06-27] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-04] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-07 23:48 - 2017-07-07 23:48 - 00000697 _____ C:\Users\Trevor Thompson\Desktop\JRT.txt
2017-07-07 23:46 - 2017-07-07 23:46 - 01663672 _____ (Malwarebytes) C:\Users\Trevor Thompson\Desktop\JRT.exe
2017-07-07 23:46 - 2017-07-07 23:40 - 04110280 _____ C:\Users\Trevor Thompson\Desktop\AdwCleaner.exe
2017-07-07 23:41 - 2017-07-07 23:43 - 00000000 ____D C:\AdwCleaner
2017-07-07 21:47 - 2017-07-07 21:47 - 00006200 _____ C:\Users\Trevor Thompson\Downloads\f (4).txt
2017-07-07 18:21 - 2017-07-07 18:21 - 00006517 _____ C:\Users\Trevor Thompson\Downloads\f (3).txt
2017-07-07 16:08 - 2017-07-07 16:08 - 00006252 _____ C:\Users\Trevor Thompson\Downloads\f (2).txt
2017-07-07 13:51 - 2017-07-07 13:51 - 00000000 ___HD C:\OneDriveTemp
2017-07-07 13:49 - 2017-07-07 13:49 - 00001410 _____ C:\Users\Trevor Thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-07-07 13:49 - 2017-07-07 13:49 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Local\UNP
2017-07-07 09:30 - 2017-07-07 09:31 - 00000000 ____D C:\Program Files\UNP
2017-07-07 09:30 - 2017-07-07 09:30 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-07-07 09:23 - 2017-07-07 09:23 - 00001769 _____ C:\Users\Trevor Thompson\Desktop\MalwarebytesScan772017.txt
2017-07-06 11:22 - 2017-07-08 09:00 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-07-06 10:17 - 2017-07-06 10:17 - 00097712 _____ C:\Users\Trevor Thompson\Desktop\Addition.txt
2017-07-06 10:17 - 2017-07-06 10:17 - 00066232 _____ C:\Users\Trevor Thompson\Desktop\FRST.txt
2017-07-06 10:13 - 2017-07-08 10:01 - 00000000 ____D C:\FRST
2017-07-06 10:03 - 2017-07-06 10:03 - 00000000 ____D C:\WINDOWS\Panther
2017-07-05 01:48 - 2017-07-05 01:48 - 00000000 ____D C:\Users\Trevor Thompson\Desktop\SHGA Documents
2017-07-04 20:34 - 2017-07-04 20:34 - 00112464 _____ C:\Users\Trevor Thompson\Downloads\prices_USD_2017-07-05.csv
2017-07-04 02:49 - 2017-07-04 02:49 - 00006349 _____ C:\Users\Trevor Thompson\Downloads\f (1).txt
2017-07-02 03:47 - 2017-07-02 03:47 - 00006293 _____ C:\Users\Trevor Thompson\Downloads\f.txt
2017-06-30 08:51 - 2017-06-30 08:51 - 1623385592 _____ C:\Users\Trevor Thompson\Desktop\Unacknowledged.2017.1080p.WEBRip.HEVC.2CH.x265.mkv
2017-06-28 17:41 - 2017-06-28 17:41 - 00000263 _____ C:\Users\Trevor Thompson\Desktop\lol.txt
2017-06-27 11:32 - 2017-06-27 11:32 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-06-27 11:32 - 2017-06-27 11:32 - 00001217 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-06-27 11:32 - 2017-06-27 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-06-27 09:55 - 2017-01-17 06:31 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170627-095524.backup
2017-06-27 09:36 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-06-27 08:03 - 2017-07-08 08:38 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-27 08:03 - 2017-06-27 08:03 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-27 08:03 - 2017-06-27 08:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-27 08:03 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-25 12:36 - 2017-06-25 12:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-25 12:34 - 2017-06-25 12:34 - 00001130 _____ C:\WINDOWS\system32\.crusader
2017-06-25 12:30 - 2017-06-25 12:34 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-25 12:30 - 2017-06-25 12:30 - 00001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-06-25 12:30 - 2017-06-25 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-06-25 12:30 - 2017-06-25 12:30 - 00000000 ____D C:\Program Files\HitmanPro
2017-06-25 12:26 - 2017-06-25 12:27 - 00003972 _____ C:\Users\Trevor Thompson\Desktop\Rkill.txt
2017-06-23 00:58 - 2017-06-23 00:58 - 00044451 _____ C:\Users\Trevor Thompson\Desktop\6232017pay.pdf
2017-06-23 00:56 - 2017-06-23 08:59 - 00000036 _____ C:\Users\Trevor Thompson\Desktop\ADP LOGIN.txt
2017-06-21 17:25 - 2017-06-21 17:25 - 00049229 _____ C:\Users\Trevor Thompson\Downloads\engage-terms-us-1-0.pdf
2017-06-16 11:22 - 2017-06-16 11:23 - 36511318 _____ C:\Users\Trevor Thompson\Downloads\Dustland-Express-EP.zip
2017-06-16 02:49 - 2017-06-16 02:49 - 04045212 _____ C:\Users\Trevor Thompson\Desktop\Drunvalo Melchizedek - The Ancient Secret.Of The Flower Of Life.pdf
2017-06-15 13:42 - 2017-07-07 09:24 - 00000404 _____ C:\WINDOWS\Tasks\HPCeeScheduleForTrevor Thompson.job
2017-06-15 13:42 - 2017-07-06 18:01 - 00003336 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForTrevor Thompson
2017-06-14 21:12 - 2017-06-14 21:12 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 05:06 - 2017-06-03 03:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 05:06 - 2017-06-03 03:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 05:06 - 2017-06-03 03:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 05:06 - 2017-06-03 03:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 05:06 - 2017-06-03 03:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 05:06 - 2017-06-03 03:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 05:06 - 2017-06-03 03:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 05:06 - 2017-06-03 03:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 05:06 - 2017-06-03 03:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 05:06 - 2017-06-03 03:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 05:06 - 2017-06-03 03:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 05:06 - 2017-06-03 03:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 05:06 - 2017-06-03 02:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 05:06 - 2017-06-03 02:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 05:06 - 2017-06-03 02:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 05:06 - 2017-06-03 02:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 05:06 - 2017-06-03 02:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 05:06 - 2017-06-03 02:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 05:06 - 2017-06-03 02:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 05:06 - 2017-06-03 02:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 05:06 - 2017-06-03 02:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 05:06 - 2017-06-03 02:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 05:06 - 2017-06-03 02:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 05:06 - 2017-06-03 02:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 05:06 - 2017-06-03 02:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 05:06 - 2017-06-03 02:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 05:06 - 2017-06-03 02:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 05:06 - 2017-06-03 02:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 05:06 - 2017-06-03 02:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 05:06 - 2017-06-03 02:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 05:06 - 2017-06-03 02:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 05:06 - 2017-06-03 02:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 05:06 - 2017-06-03 02:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 05:06 - 2017-06-03 02:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 05:06 - 2017-06-03 02:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 05:06 - 2017-06-03 02:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 05:06 - 2017-06-03 02:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 05:06 - 2017-06-03 02:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 05:06 - 2017-06-03 02:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 05:06 - 2017-06-03 02:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 05:06 - 2017-06-03 02:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 05:06 - 2017-06-03 02:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 05:06 - 2017-06-03 02:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 05:06 - 2017-06-03 02:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 05:06 - 2017-06-03 02:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 05:06 - 2017-06-03 02:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 05:06 - 2017-06-03 02:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 05:06 - 2017-06-03 02:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 05:06 - 2017-06-03 02:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 05:06 - 2017-06-03 02:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 05:06 - 2017-06-03 02:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 05:06 - 2017-06-03 02:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 05:06 - 2017-06-03 02:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 05:06 - 2017-06-03 02:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 05:06 - 2017-06-03 02:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 05:06 - 2017-06-03 02:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 05:06 - 2017-06-03 02:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 05:06 - 2017-06-03 02:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 05:06 - 2017-06-03 02:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 05:06 - 2017-06-03 02:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 05:06 - 2017-06-03 02:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 05:06 - 2017-06-03 02:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 05:06 - 2017-06-03 02:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 05:06 - 2017-06-03 02:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 05:06 - 2017-06-03 02:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 05:06 - 2017-06-03 02:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 05:06 - 2017-06-03 02:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 05:06 - 2017-06-03 02:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 05:06 - 2017-06-03 02:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 05:06 - 2017-06-03 02:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 05:06 - 2017-06-03 02:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 05:06 - 2017-06-03 02:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 05:06 - 2017-06-03 02:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 05:06 - 2017-06-03 02:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 05:06 - 2017-06-03 02:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 05:06 - 2017-06-03 02:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 05:06 - 2017-06-03 02:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 05:06 - 2017-06-03 02:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 05:06 - 2017-06-03 02:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 05:06 - 2017-06-03 02:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 05:06 - 2017-06-03 02:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 05:06 - 2017-06-03 02:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 05:06 - 2017-06-03 02:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 05:06 - 2017-06-03 02:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 05:06 - 2017-06-03 02:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 05:06 - 2017-06-03 02:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 05:06 - 2017-06-03 02:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 05:06 - 2017-06-03 02:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 05:06 - 2017-06-03 02:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 05:06 - 2017-06-03 02:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 05:06 - 2017-06-03 02:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 05:06 - 2017-06-03 02:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 05:06 - 2017-06-03 02:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 05:06 - 2017-06-03 02:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 05:06 - 2017-06-03 02:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 05:06 - 2017-06-03 02:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 05:06 - 2017-06-03 02:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 05:06 - 2017-06-03 02:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 05:06 - 2017-06-03 02:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 05:06 - 2017-06-03 02:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 05:06 - 2017-06-03 01:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 05:06 - 2017-06-03 01:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 05:06 - 2017-06-03 01:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 05:06 - 2017-06-03 01:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 05:06 - 2017-06-03 01:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 05:06 - 2017-06-03 01:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 05:06 - 2017-06-03 01:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 05:06 - 2017-06-03 01:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 05:06 - 2017-06-03 01:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 05:06 - 2017-06-03 01:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 05:06 - 2017-06-03 01:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 05:06 - 2017-06-03 01:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 05:06 - 2017-06-03 01:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 05:06 - 2017-06-03 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 05:06 - 2017-06-03 01:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 05:06 - 2017-06-03 01:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 05:06 - 2017-06-03 01:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 05:06 - 2017-06-03 01:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 05:06 - 2017-06-03 01:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 05:06 - 2017-06-03 01:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 05:06 - 2017-06-03 01:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 05:06 - 2017-06-03 01:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 05:06 - 2017-06-03 01:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 05:06 - 2017-06-03 01:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 05:06 - 2017-06-03 01:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 05:06 - 2017-06-03 01:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 05:06 - 2017-06-02 23:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-14 05:06 - 2017-05-24 22:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 05:06 - 2017-03-03 23:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 05:06 - 2017-03-03 23:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 05:06 - 2017-03-03 23:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 05:06 - 2017-03-03 23:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-14 05:06 - 2016-09-06 21:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-12 10:23 - 2017-06-12 10:26 - 00000518 _____ C:\Users\Trevor Thompson\Desktop\Adobo.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-08 10:01 - 2017-05-04 18:11 - 00166878 _____ C:\WINDOWS\ZAM.krnl.trace
2017-07-08 10:01 - 2017-05-04 18:11 - 00133197 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-07-08 10:00 - 2016-09-07 18:48 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Roaming\Origin
2017-07-08 10:00 - 2016-08-28 09:52 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Roaming\Skype
2017-07-08 09:58 - 2016-12-28 17:58 - 00000054 _____ C:\Users\Public\Documents\OSCFile.txt
2017-07-08 09:24 - 2016-09-22 03:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-08 09:10 - 2017-01-09 18:10 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-07-08 08:44 - 2016-08-27 03:13 - 02739664 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-08 08:44 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-08 08:44 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-08 08:42 - 2017-01-04 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-07-08 08:40 - 2017-01-04 16:52 - 00000000 __RSD C:\Users\Trevor Thompson\Documents\McAfee Vaults
2017-07-08 08:40 - 2016-09-22 03:48 - 00000000 ____D C:\Users\Trevor Thompson
2017-07-08 08:40 - 2016-08-27 10:22 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Local\Spotify
2017-07-08 08:39 - 2016-09-22 03:47 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-08 08:39 - 2016-09-07 18:47 - 00000000 ____D C:\ProgramData\Origin
2017-07-08 08:39 - 2016-08-27 10:21 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Roaming\Spotify
2017-07-08 08:39 - 2016-08-27 10:07 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Local\Overwolf
2017-07-08 08:39 - 2016-08-27 09:46 - 00000000 ___RD C:\Users\Trevor Thompson\OneDrive
2017-07-08 08:38 - 2016-09-22 03:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-08 08:38 - 2016-07-15 23:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-07-07 23:43 - 2017-01-17 06:36 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Roaming\Lavasoft
2017-07-07 23:43 - 2017-01-17 06:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-07-07 23:43 - 2017-01-17 06:36 - 00000000 ____D C:\ProgramData\Lavasoft
2017-07-07 23:43 - 2017-01-17 06:36 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2017-07-07 22:56 - 2017-01-17 06:47 - 00000000 ____H C:\Users\Trevor Thompson\AppData\Local\@system.temp
2017-07-07 09:41 - 2016-08-28 14:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-07 04:43 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-06 11:11 - 2017-04-16 14:47 - 00001037 _____ C:\Users\Public\Desktop\Mass Effect Andromeda.lnk
2017-07-06 01:13 - 2016-08-27 10:03 - 00000000 ____D C:\Users\Trevor Thompson\Desktop\Desktop Folders
2017-07-03 10:47 - 2016-11-09 01:08 - 00000000 ____D C:\ProgramData\Skype
2017-07-03 10:46 - 2016-11-09 01:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-03 10:43 - 2016-08-27 13:00 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Roaming\tixati
2017-07-01 23:15 - 2016-09-04 23:35 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Local\CrashDumps
2017-06-29 03:39 - 2017-01-17 06:28 - 00000624 ____H C:\Users\Trevor Thompson\AppData\Local\@system3.att
2017-06-28 03:59 - 2017-03-06 22:38 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 03:59 - 2017-03-06 22:38 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-27 11:32 - 2017-05-04 10:34 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-06-27 09:51 - 2017-05-04 10:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-06-27 09:36 - 2017-05-04 10:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-06-27 09:36 - 2017-01-04 16:51 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-27 08:07 - 2017-05-20 13:56 - 00000000 ____D C:\Program Files (x86)\Origin
2017-06-25 11:27 - 2016-08-27 10:07 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-06-24 23:00 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-21 11:29 - 2016-12-15 15:04 - 00003310 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-21 11:29 - 2016-08-27 09:46 - 00002393 _____ C:\Users\Trevor Thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-17 15:07 - 2017-01-04 16:50 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-06-17 15:06 - 2017-01-04 16:52 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-06-17 15:06 - 2017-01-04 16:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-06-17 15:06 - 2016-07-16 04:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-06-16 10:20 - 2016-08-27 10:07 - 00000000 ____D C:\ProgramData\McAfee
2017-06-15 11:03 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 01:30 - 2016-08-27 09:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-14 21:13 - 2016-09-22 03:47 - 04981152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 21:12 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-14 21:12 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 21:12 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 05:18 - 2016-08-27 12:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 05:12 - 2016-08-27 12:42 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 05:12 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-13 02:04 - 2017-05-15 07:40 - 00415075 ____N C:\WINDOWS\Minidump\061317-6187-01.dmp
2017-06-13 02:04 - 2016-11-24 07:21 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-12 10:42 - 2017-05-15 07:40 - 00415203 ____N C:\WINDOWS\Minidump\061217-6218-01.dmp
2017-06-12 10:42 - 2017-01-23 13:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-12 10:22 - 2017-05-20 13:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-12 10:22 - 2017-01-23 13:41 - 00001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-06-12 10:22 - 2017-01-23 13:41 - 00000993 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-06-11 23:57 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-09 16:52 - 2017-05-15 07:40 - 00425699 ____N C:\WINDOWS\Minidump\060917-6640-01.dmp
2017-06-08 08:47 - 2016-08-27 09:44 - 00000000 ____D C:\Users\Trevor Thompson\AppData\Local\Packages
 
==================== Files in the root of some directories =======
 
2017-01-17 06:28 - 2017-01-17 06:28 - 0000480 ____H () C:\Users\Trevor Thompson\AppData\Roaming\½ž’“Ó™œ‰
2017-01-17 06:27 - 2017-01-17 06:27 - 0166928 _____ () C:\Users\Trevor Thompson\AppData\Local\881F.tmp
2017-01-17 06:47 - 2017-01-17 06:47 - 0000008 ____H () C:\Users\Trevor Thompson\AppData\Local\@000001.dat
2017-01-17 06:47 - 2017-07-07 22:56 - 0000000 ____H () C:\Users\Trevor Thompson\AppData\Local\@system.temp
2017-01-17 06:28 - 2017-06-29 03:39 - 0000624 ____H () C:\Users\Trevor Thompson\AppData\Local\@system3.att
2017-01-17 07:13 - 2017-01-17 07:13 - 1271953 _____ () C:\Users\Trevor Thompson\AppData\Local\ars.cache
2017-01-17 06:46 - 2017-01-17 06:46 - 0166928 _____ () C:\Users\Trevor Thompson\AppData\Local\B07.tmp
2017-01-17 07:14 - 2017-01-17 07:14 - 1406536 _____ () C:\Users\Trevor Thompson\AppData\Local\census.cache
2017-01-17 06:59 - 2017-01-17 06:59 - 0000036 _____ () C:\Users\Trevor Thompson\AppData\Local\housecall.guid.cache
2017-01-17 06:32 - 2017-01-17 06:32 - 0455173 _____ () C:\Users\Trevor Thompson\AppData\Local\screen_5518_440268062.jpg
2017-01-17 07:07 - 2017-01-17 07:07 - 0000010 _____ () C:\Users\Trevor Thompson\AppData\Local\sponge.last.runtime.cache
2017-01-17 06:32 - 2017-01-17 06:32 - 0011702 _____ () C:\Users\Trevor Thompson\AppData\Local\sreen_process_5518_440268062.log
2016-09-16 17:04 - 2016-09-16 17:04 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
2017-06-07 01:55 - 2017-06-07 01:55 - 0043520 _____ () C:\Users\Trevor Thompson\AppData\Local\Temp\aiw42793968.DLL
2017-06-07 01:55 - 2017-06-07 01:55 - 0048128 _____ () C:\Users\Trevor Thompson\AppData\Local\Temp\aiw42794093.EXE
2017-03-10 01:24 - 2017-03-10 01:24 - 1006272 _____ () C:\Users\Trevor Thompson\AppData\Local\Temp\AppInstaller.exe
2017-05-15 17:11 - 2017-05-15 17:11 - 0694744 _____ (Disc Soft Ltd.) C:\Users\Trevor Thompson\AppData\Local\Temp\DAEMON Tools Lite.exe
2017-05-15 17:14 - 2017-05-15 17:14 - 25660760 _____ (Disc Soft Ltd) C:\Users\Trevor Thompson\AppData\Local\Temp\DTLite1051-0232.exe
2017-02-09 00:17 - 2017-03-16 15:56 - 0754352 _____ (NVIDIA Corporation) C:\Users\Trevor Thompson\AppData\Local\Temp\nvSCPAPI.dll
2017-02-09 00:17 - 2017-03-16 15:56 - 0867968 _____ (NVIDIA Corporation) C:\Users\Trevor Thompson\AppData\Local\Temp\nvSCPAPI64.dll
2017-03-01 14:56 - 2017-03-16 15:56 - 0352704 _____ (NVIDIA Corporation) C:\Users\Trevor Thompson\AppData\Local\Temp\nvStInst.exe
2017-03-06 06:44 - 2017-04-05 18:39 - 57827288 _____ (Skype Technologies S.A.) C:\Users\Trevor Thompson\AppData\Local\Temp\SkypeSetup.exe
2017-03-06 12:50 - 2017-03-06 12:50 - 14456872 _____ (Microsoft Corporation) C:\Users\Trevor Thompson\AppData\Local\Temp\vc_redist.x86.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-08 08:51
 
==================== End of FRST.txt ============================

Attached Files



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 09 July 2017 - 10:53 AM

Almost done.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 TrevorT2

TrevorT2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 09 July 2017 - 01:29 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Trevor Thompson (09-07-2017 11:24:21) Run:1
Running from C:\Users\Trevor Thompson\Desktop
Loaded Profiles: Trevor Thompson (Available Profiles: Trevor Thompson)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
HKLM\...\Run: [subcontracted] => "C:\Program Files (x86)\Champa\packagers.exe"
HKLM\...\Run: [subcontractedsubcontracted] => "C:\Program Files (x86)\Eyring\packagers.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [freeloading] => "C:\Program Files (x86)\Champa\packagers.exe"
HKLM-x32\...\Run: [freeloadingfreeloading] => "C:\Program Files (x86)\Eyring\packagers.exe"
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [hydrogenated] => "C:\Program Files (x86)\Champa\packagers.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [hydrogenatedhydrogenated] => "C:\Program Files (x86)\Eyring\packagers.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [threshed] => "C:\Program Files (x86)\Champa\packagers.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [threshedthreshed] => "C:\Program Files (x86)\Eyring\packagers.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [wilfred] => "C:\Program Files (x86)\meets\wilfred.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\Run: [varnishes] => "C:\Program Files (x86)\Champa\packagers.exe"
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Adobe Speed Launcher] => 1499528387
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\MountPoints2: {6093dd31-6c46-11e6-8b55-806e6f6e6963} - "explorer.exe" index.html
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Application Restart #7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\RunOnce: [Adobe Speed Launcher] => 1499528387
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\...\MountPoints2: {6093dd31-6c46-11e6-8b55-806e6f6e6963} - "explorer.exe" index.html
 
SearchScopes: HKLM -> DefaultScope value is missing
 
S2 OrogeneticC; C:\Program Files (x86)\Orogenetictonero\OrogeneticC.exe [X]
 
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
 
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
 
Task: {8330CF6F-81B8-485A-AD86-13AD4742C2CB} - \{4E6CA4FB-46A1-BAA4-DB18-9A7CE6E8B674} -> No File <==== ATTENTION
Task: {DBD39215-4935-41CF-A85B-DD98675FC504} - \{090C7D47-0A7E-0509-0A11-790A790F1105} -> No File <==== ATTENTION
 
FirewallRules: [{52B9A4F7-30EB-4AC1-BE2E-BEBCE007A28A}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶作潲敧敮楴瑣湯牥屯牏杯湥瑥捩潴敮潲攮數
FirewallRules: [{90004CE2-BCF0-4B87-B4A0-07A668DA8D8C}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶作潲敧敮楴瑣湯牥屯牏杯湥瑥捩潴敮潲⹟硥e
FirewallRules: [{7CD2B2CE-1097-42F8-9CA5-100DD29D0D51}] => (Allow) C:\Program Files (x86)\Champa\packagers.exe
FirewallRules: [{30FCE39B-DD0E-4660-92B5-233704B84567}] => (Allow) C:\Program Files (x86)\Eyring\packagers.exe
 
C:\Program Files (x86)\Champa
C:\Program Files (x86)\Eyring
C:\Program Files (x86)\Orogenetictonero
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
C:\Users\Trevor Thompson\AppData\Local\881F.tmp
2017-01-17 06:47 - 2017-01-17 06:47 - 0000008 ____H () C:\Users\Trevor Thompson\AppData\Local\@000001.dat
2017-01-17 06:47 - 2017-07-07 22:56 - 0000000 ____H () C:\Users\Trevor Thompson\AppData\Local\@system.temp
2017-01-17 06:28 - 2017-06-29 03:39 - 0000624 ____H () C:\Users\Trevor Thompson\AppData\Local\@system3.att
2017-01-17 07:13 - 2017-01-17 07:13 - 1271953 _____ () C:\Users\Trevor Thompson\AppData\Local\ars.cache
2017-01-17 06:46 - 2017-01-17 06:46 - 0166928 _____ () C:\Users\Trevor Thompson\AppData\Local\B07.tmp
2017-01-17 07:14 - 2017-01-17 07:14 - 1406536 _____ () C:\Users\Trevor Thompson\AppData\Local\census.cache
2017-01-17 06:59 - 2017-01-17 06:59 - 0000036 _____ () C:\Users\Trevor Thompson\AppData\Local\housecall.guid.cache
2017-01-17 06:32 - 2017-01-17 06:32 - 0455173 _____ () C:\Users\Trevor Thompson\AppData\Local\screen_5518_440268062.jpg
2017-01-17 07:07 - 2017-01-17 07:07 - 0000010 _____ () C:\Users\Trevor Thompson\AppData\Local\sponge.last.runtime.cache
2017-01-17 06:32 - 2017-01-17 06:32 - 0011702 _____ () C:\Users\Trevor Thompson\AppData\Local\sreen_process_5518_440268062.log
C:\Users\Trevor Thompson\AppData\Roaming\½ž’“Ó™œ‰
C:\Users\Trevor Thompson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk
C:\Users\Trevor Thompson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk
C:\Users\Trevor Thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk
 
 
 
EmptyTemp:
*****************
 
Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\subcontracted => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\subcontractedsubcontracted => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\freeloading => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\freeloadingfreeloading => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\Run\\hydrogenated => value removed successfully
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\Run\\hydrogenatedhydrogenated => value removed successfully
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\Run\\threshed => value removed successfully
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\Run\\threshedthreshed => value removed successfully
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\Run\\wilfred => value removed successfully
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\Run\\varnishes => value removed successfully
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #5 => value removed successfully
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #4 => value removed successfully
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #6 => value removed successfully
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #7 => value removed successfully
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value removed successfully
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6093dd31-6c46-11e6-8b55-806e6f6e6963} => key removed successfully
HKLM\Software\Classes\CLSID\{6093dd31-6c46-11e6-8b55-806e6f6e6963} => key not found. 
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #5 => value not found.
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #4 => value not found.
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #6 => value not found.
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #7 => value not found.
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value not found.
HKU\S-1-5-21-296551863-3934802668-1121700915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6093dd31-6c46-11e6-8b55-806e6f6e6963} => key not found. 
HKLM\Software\Classes\CLSID\{6093dd31-6c46-11e6-8b55-806e6f6e6963} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\System\CurrentControlSet\Services\OrogeneticC => key removed successfully
OrogeneticC => service removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{185F9795-9663-4F13-9EF9-307A282ADB5A}\\SystemComponent => value removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8330CF6F-81B8-485A-AD86-13AD4742C2CB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8330CF6F-81B8-485A-AD86-13AD4742C2CB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4E6CA4FB-46A1-BAA4-DB18-9A7CE6E8B674} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBD39215-4935-41CF-A85B-DD98675FC504} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBD39215-4935-41CF-A85B-DD98675FC504} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{090C7D47-0A7E-0509-0A11-790A790F1105} => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{52B9A4F7-30EB-4AC1-BE2E-BEBCE007A28A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{90004CE2-BCF0-4B87-B4A0-07A668DA8D8C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CD2B2CE-1097-42F8-9CA5-100DD29D0D51} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{30FCE39B-DD0E-4660-92B5-233704B84567} => value removed successfully
"C:\Program Files (x86)\Champa" => not found.
"C:\Program Files (x86)\Eyring" => not found.
"C:\Program Files (x86)\Orogenetictonero" => not found.
"C:\Program Files (x86)\Google\Chrome\Application\chrome.bat" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk => moved successfully
C:\Users\Trevor Thompson\AppData\Local\881F.tmp => moved successfully
C:\Users\Trevor Thompson\AppData\Local\@000001.dat => moved successfully
C:\Users\Trevor Thompson\AppData\Local\@system.temp => moved successfully
C:\Users\Trevor Thompson\AppData\Local\@system3.att => moved successfully
C:\Users\Trevor Thompson\AppData\Local\ars.cache => moved successfully
C:\Users\Trevor Thompson\AppData\Local\B07.tmp => moved successfully
C:\Users\Trevor Thompson\AppData\Local\census.cache => moved successfully
C:\Users\Trevor Thompson\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\Trevor Thompson\AppData\Local\screen_5518_440268062.jpg => moved successfully
C:\Users\Trevor Thompson\AppData\Local\sponge.last.runtime.cache => moved successfully
C:\Users\Trevor Thompson\AppData\Local\sreen_process_5518_440268062.log => moved successfully
"C:\Users\Trevor Thompson\AppData\Roaming\½ž’“Ó™œ‰" => not found.
C:\Users\Trevor Thompson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk => moved successfully
C:\Users\Trevor Thompson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk => moved successfully
C:\Users\Trevor Thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 141689 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32761528 B
Java, Flash, Steam htmlcache => 11072 B
Windows/system/drivers => 4926295 B
Edge => 4290873 B
Chrome => 142845684 B
Firefox => 12476046 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 55159 B
systemprofile32 => 128 B
LocalService => 93400 B
NetworkService => 4554 B
Trevor Thompson => 9000603150 B
 
RecycleBin => 1326000 B
EmptyTemp: => 8.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:26:21 ====


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 09 July 2017 - 01:31 PM

Good :) How's your system behaving now? Are there any other issues that needs to be addressed?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 TrevorT2

TrevorT2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 09 July 2017 - 02:15 PM

It seems like it is back to normal! Thanks so much Aura, very much appreciated.  :bananas:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users