Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SmartService Trojan Removal


  • This topic is locked This topic is locked
23 replies to this topic

#1 elmm29

elmm29

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 September 2017 - 10:27 AM

So I googled this up and apparently I have this stupid trojan that I can't get rid of, can't hard reset my computer nothing. So I was following this guide https://www.bleepingcomputer.com/virus-removal/remove-the-requested-resource-is-in-use-error#mbar but malawarebytes isnt working it will say could not like DDA driver and it woudl want me to install it restarting my computer and continuing the scan after but i press yes and it says could not install driver scan can't conitue



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:11 PM

Posted 02 September 2017 - 10:30 AM

Welcome :)

 

I will request this topic to be moved to the Malware Removal Forum.

 

Meanwhile,  please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 elmm29

elmm29
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 September 2017 - 11:00 AM

Here is the FRST.txt 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Jayden (administrator) on DESKTOP-E31CJNA (02-09-2017 08:56:03)
Running from C:\Users\Jayden\Downloads
Loaded Profiles: Jayden &  (Available Profiles: Jayden)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\Temp\mswskpzsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\provtool.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\PixelMaster Video HDR\DriverMFTService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\syswow64\explorer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Discord Inc.) C:\Users\Jayden\AppData\Local\Discord\app-0.0.298\Discord.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Jayden\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Razer) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Spotify Ltd) C:\Users\Jayden\AppData\Roaming\Spotify\Spotify.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Jayden\AppData\Local\wmicpra\wmicpra.exe
(Blizzard Entertainment) C:\Program Files (x86)\Blizzard App\Battle.net.9262\Battle.net.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Malwarebytes Corp.) C:\Users\Jayden\Desktop\mbar-1.09.3.1001.exe
() C:\Program Files (x86)\Blizzard App\Battle.net.9262\Battle.net Helper.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5750\Agent.exe
(Discord Inc.) C:\Users\Jayden\AppData\Local\Discord\app-0.0.298\Discord.exe
(Microsoft Corporation) C:\Windows\syswow64\cmd.exe
(Malwarebytes) C:\Users\Jayden\Desktop\mbar\mbar.exe
(Spotify Ltd) C:\Users\Jayden\AppData\Roaming\Spotify\Spotify.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
() C:\Program Files (x86)\Blizzard App\Battle.net.9262\Battle.net Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\syswow64\explorer.exe
() C:\Users\Jayden\AppData\Local\wmicpra\utcmfit.exe
() C:\Users\Jayden\AppData\Local\wmicpra\utcmfit.exe
(Microsoft Corporation) C:\Windows\syswow64\explorer.exe
(Microsoft Corporation) C:\Windows\syswow64\explorer.exe
(Discord Inc.) C:\Users\Jayden\AppData\Local\Discord\app-0.0.298\Discord.exe
(Spotify Ltd) C:\Users\Jayden\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Jayden\AppData\Roaming\Spotify\Spotify.exe
() C:\Users\Jayden\AppData\Local\wmicpra\utcmfit.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\PMRunner32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\PMRunner64.exe
() C:\Program Files (x86)\Razer\Razer Cortex\RazerGamecasterEngine.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\FPSRunner32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\FPSRunner64.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzFpsApplet\RzFpsApplet.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer, Inc.) C:\Users\Jayden\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer, Inc.) C:\Users\Jayden\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Jayden\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Jayden\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Jayden\AppData\Local\wmicpra\utcmfit.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
() C:\Users\Jayden\AppData\Local\wmicpra\utcmfit.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [18299088 2017-05-26] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [wmicpra] => C:\Users\Jayden\AppData\Local\wmicpra\wmicpra.exe [885760 2017-08-20] ()
HKLM\...\RunOnce: [Windows Audit Service Update] => C:\ProgramData\Windows Audit Service Update\97555w19ei3sy9u.exe [577024 2017-08-30] (������� ����)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [Discord] => C:\Users\Jayden\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Blizzard App\Battle.net Launcher.exe [3229160 2017-05-04] (Blizzard Entertainment)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [224752 2017-04-28] (Razer Inc.)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [Spotify Web Helper] => C:\Users\Jayden\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-04] (Spotify Ltd)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [3PS0ZHO966TW61N] => "C:\Program Files (x86)\ShutdownTime\T5TZ0.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [*56289D4EBA2F2388<*>] => C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388\56289D4EBA2F2388.exe [ ] () <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [Windows Audit Service Update] => C:\ProgramData\Windows Audit Service Update\97555w19ei3sy9u.exe [577024 2017-08-30] (������� ����)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [xdsy52fcfkn] => "C:\Users\Jayden\AppData\Roaming\1xou5yd2di3\cg4is2ozwfs.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [K2D8U8PEO2PYP5W] => "C:\Program Files\R3AD2OTJ4D\5AMM1ULNT.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [rihu3ftrjmx] => "C:\Users\Jayden\AppData\Roaming\fh4vycxenzn\hvgdfzhyuzs.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [HC7XC4TIY694K75] => "C:\Program Files\IEV4Z6L34X\R2F2NOFH2.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [baldock] => "C:\Program Files (x86)\dislodged\baldock.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [penicillin] => "C:\Program Files (x86)\Fats\tamoxifen.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [Spotifywn] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\Spotify store files\start64.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [Spotifyws] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\Spotify local files\start.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [WmiPrvSEst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\WmiPrvSE saved files\start.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [svchostst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\svchost saved files\start.vbs" //B "%1" %* <==== ATTENTION
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [Razer] => C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad\srcwcdii.exe [180224 2016-07-16] ()
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [Spotify] => C:\Users\Jayden\AppData\Roaming\Spotify\Spotify.exe [15866480 2017-08-04] (Spotify Ltd)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Policies\Explorer\Run: [Razer] => C:\Users\Jayden\AppData\Roaming\Microsoft\fhjcgvwv\srcwcdii.exe
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Discord] => C:\Users\Jayden\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Battle.net] => C:\Program Files (x86)\Blizzard App\Battle.net Launcher.exe [3229160 2017-05-04] (Blizzard Entertainment)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [224752 2017-04-28] (Razer Inc.)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Jayden\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-04] (Spotify Ltd)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [3PS0ZHO966TW61N] => "C:\Program Files (x86)\ShutdownTime\T5TZ0.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [*56289D4EBA2F2388<*>] => C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388\56289D4EBA2F2388.exe [ ] () <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Windows Audit Service Update] => C:\ProgramData\Windows Audit Service Update\97555w19ei3sy9u.exe [577024 2017-08-30] (������� ����)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [xdsy52fcfkn] => "C:\Users\Jayden\AppData\Roaming\1xou5yd2di3\cg4is2ozwfs.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [K2D8U8PEO2PYP5W] => "C:\Program Files\R3AD2OTJ4D\5AMM1ULNT.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [rihu3ftrjmx] => "C:\Users\Jayden\AppData\Roaming\fh4vycxenzn\hvgdfzhyuzs.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HC7XC4TIY694K75] => "C:\Program Files\IEV4Z6L34X\R2F2NOFH2.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [baldock] => "C:\Program Files (x86)\dislodged\baldock.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [penicillin] => "C:\Program Files (x86)\Fats\tamoxifen.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotifywn] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\Spotify store files\start64.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotifyws] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\Spotify local files\start.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WmiPrvSEst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\WmiPrvSE saved files\start.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [svchostst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\svchost saved files\start.vbs" //B "%1" %* <==== ATTENTION
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Razer] => C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad\srcwcdii.exe [180224 2016-07-16] ()
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Jayden\AppData\Roaming\Spotify\Spotify.exe [15866480 2017-08-04] (Spotify Ltd)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer\Run: [Razer] => C:\Users\Jayden\AppData\Roaming\Microsoft\fhjcgvwv\srcwcdii.exe
IFEO\rstrui.exe: [Debugger] wruyvecxh.exe
Startup: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spotifywn.vbs [2017-09-01] ()
Startup: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spotifyws.vbs [2017-09-01] ()
Startup: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostst.vbs [2017-09-02] () <==== ATTENTION
Startup: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ware.lnk [2017-08-31]
Startup: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WmiPrvSEst.vbs [2017-09-01] ()
BootExecute: autocheck mslnautocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{0b5fe1a1-8b4b-4bcd-b080-2ef6095662f8}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-07-06] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-06] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll => No File
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2017-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-06] (Oracle Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2017-07-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://websearch.searc-hall.info/?pid=20464&r=2014/11/09&hid=3133529749506551500&lg=EN&cc=US&unqvl=65
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR NewTab: Default ->  Active:"chrome-extension://dpachelgiglchfeamdbffmooliidiomi/start/index.html"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Jayden\AppData\Local\Google\Chrome\User Data\Default [2017-09-02]
CHR Extension: (Google Slides) - C:\Users\Jayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-04]
CHR Extension: (Google Docs) - C:\Users\Jayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-04]
CHR Extension: (Google Drive) - C:\Users\Jayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-04]
CHR Extension: (YouTube) - C:\Users\Jayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-04]
CHR Extension: (Destiny Wallpaper HD New Tab Themes) - C:\Users\Jayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpachelgiglchfeamdbffmooliidiomi [2017-09-02]
CHR Extension: (Google Sheets) - C:\Users\Jayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-04]
CHR Extension: (Google Docs Offline) - C:\Users\Jayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Jayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\Jayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-04]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1536520 2017-06-07] ()
R2 DriverMFTService; C:\Program Files (x86)\Asus\PixelMaster Video HDR\DriverMFTService.exe [20992 2015-05-19] (ASUSTek Computer Inc.) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-10-06] ()
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [7986816 2016-11-06] (INCA Internet Co., Ltd.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-07] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-04-18] (Razer Inc)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [183680 2017-04-13] (Razer Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [252176 2017-04-28] (Razer Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [692680 2017-06-28] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-10-06] (Intel® Corporation)
S2 AdsService; C:\Users\Jayden\AppData\Local\AdService\AdService.dll [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45016 2017-05-16] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21976 2017-05-16] (Corsair)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-25] (Intel Corporation)
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2017-09-02] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\4E4B4AE8.sys [192216 2017-09-02] (Malwarebytes)
S3 mctdviusb5064; C:\WINDOWS\system32\drivers\mctdviusb5064.sys [75856 2015-09-07] (Magic Control Technology Corp.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3525896 2016-11-09] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvlddmkm.sys [14461344 2017-06-08] (NVIDIA Corporation)
S3 PXGX112; C:\WINDOWS\system32\drivers\PXGX112.sys [32264 2015-06-05] ( )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2014-11-06] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-10-07] (Razer, Inc.)
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [122512 2017-04-28] (Wacom Technology)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xVGAUSB64; C:\WINDOWS\system32\drivers\xvgausb64.sys [75472 2015-09-07] (Magic Control Technology Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-02 08:56 - 2017-09-02 08:56 - 000028581 _____ C:\Users\Jayden\Downloads\FRST.txt
2017-09-02 08:55 - 2017-09-02 08:56 - 000000000 ____D C:\FRST
2017-09-02 08:53 - 2017-09-02 08:55 - 002395648 _____ (Farbar) C:\Users\Jayden\Downloads\FRST64.exe
2017-09-02 08:51 - 2017-09-02 08:52 - 009932672 _____ C:\Users\Jayden\Downloads\bitdefender_online (1).exe
2017-09-02 08:47 - 2017-09-02 08:47 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4E4B4AE8.sys
2017-09-02 08:45 - 2017-09-02 08:45 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-02 08:43 - 2017-09-02 08:43 - 015466496 _____ C:\WINDOWS\system32\config\SYSTEM
2017-09-02 08:43 - 2017-09-02 08:43 - 015466496 _____ C:\WINDOWS\system32\config\HARDWARE
2017-09-02 08:43 - 2017-09-02 08:43 - 000113488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\moutwzcg.sys
2017-09-02 08:42 - 2017-09-02 08:42 - 000067632 _____ (Symantec Corporation) C:\WINDOWS\SysWOW64\msln.exe
2017-09-02 08:28 - 2017-09-02 08:49 - 000000000 ____D C:\Users\Jayden\AppData\Local\NPE
2017-09-02 08:28 - 2017-09-02 08:42 - 000029742 _____ C:\WINDOWS\system32\Drivers\SMR501.dat
2017-09-02 08:28 - 2017-09-02 08:28 - 003422944 _____ (Symantec Corporation) C:\Users\Jayden\Downloads\NPE.exe
2017-09-02 08:28 - 2017-09-02 08:28 - 000000000 ____D C:\ProgramData\Norton
2017-09-02 08:26 - 2017-09-02 08:26 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0C4A3A8D.sys
2017-09-02 08:22 - 2017-09-02 08:22 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\55903794.sys
2017-09-02 08:19 - 2017-09-02 08:19 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1DEF356D.sys
2017-09-02 08:19 - 2017-09-02 08:19 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\15C43594.sys
2017-09-02 08:19 - 2017-09-02 08:19 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0033352F.sys
2017-09-02 08:18 - 2017-09-02 08:18 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Jayden\Downloads\mbar-1.09.3.1001.exe
2017-09-02 08:18 - 2017-09-02 08:18 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Jayden\Desktop\mbar-1.09.3.1001.exe
2017-09-02 08:12 - 2017-09-02 08:12 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Jayden\Downloads\iExplore.exe
2017-09-02 08:11 - 2017-09-02 08:50 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-02 08:11 - 2017-09-02 08:11 - 000194776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-02 08:11 - 2017-09-02 08:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-02 08:10 - 2017-09-02 08:48 - 000000000 ____D C:\Users\Jayden\Desktop\mbar
2017-09-02 08:10 - 2017-09-02 08:46 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-09-02 08:10 - 2017-09-02 08:10 - 016564750 _____ (Malwarebytes Corp.) C:\Users\Jayden\Downloads\mbar-1.09.4.1001.exe
2017-09-02 08:06 - 2017-09-02 08:06 - 009932672 _____ C:\Users\Jayden\Downloads\bitdefender_online.exe
2017-09-02 07:47 - 2017-09-02 07:49 - 000786796 _____ C:\WINDOWS\Minidump\090217-40468-01.dmp
2017-09-02 00:06 - 2017-09-02 00:06 - 000000000 ____D C:\$WINDOWS.~BT
2017-09-01 23:49 - 2017-09-02 00:07 - 000000000 ___HD C:\$SysReset
2017-09-01 22:33 - 2017-09-01 22:33 - 000000000 ___HD C:\$Windows.~WS
2017-09-01 22:32 - 2017-09-01 22:33 - 018357776 _____ (Microsoft Corporation) C:\Users\Jayden\Downloads\MediaCreationTool (2).exe
2017-09-01 19:51 - 2017-09-01 19:51 - 000376528 _____ (Microsoft Corporation) C:\Users\Jayden\Downloads\RefreshWindowsTool (1).exe
2017-09-01 19:15 - 2017-09-01 19:15 - 000376528 _____ (Microsoft Corporation) C:\Users\Jayden\Downloads\RefreshWindowsTool.exe
2017-09-01 19:06 - 2017-09-01 19:07 - 148876056 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\Jayden\Downloads\tb_enterprise_trial.exe
2017-09-01 19:02 - 2017-09-01 19:02 - 018357776 _____ (Microsoft Corporation) C:\Users\Jayden\Downloads\MediaCreationTool (1).exe
2017-09-01 18:59 - 2017-09-01 22:43 - 000000000 ____D C:\ESD
2017-09-01 18:57 - 2017-09-01 18:57 - 018357776 _____ (Microsoft Corporation) C:\Users\Jayden\Downloads\MediaCreationTool.exe
2017-09-01 18:31 - 2017-09-01 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2017-08-31 21:23 - 2017-08-31 21:23 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\Macromedia
2017-08-31 18:37 - 2017-09-02 08:43 - 000081696 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\msidntfs.sys
2017-08-31 18:32 - 2017-08-31 18:32 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-08-31 18:30 - 2017-08-31 18:37 - 000000000 ____D C:\WINDOWS\pss
2017-08-31 18:16 - 2017-09-02 08:47 - 000000000 ____D C:\Users\Jayden\AppData\Local\wmilibx
2017-08-31 18:16 - 2017-09-02 08:47 - 000000000 ____D C:\Users\Jayden\AppData\Local\wmicpra
2017-08-31 18:16 - 2017-08-31 18:16 - 000000000 ____D C:\Users\Jayden\AppData\Local\regtool
2017-08-31 18:14 - 2017-08-31 18:41 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\svchost saved files
2017-08-31 18:11 - 2017-09-02 07:47 - 1149715286 _____ C:\WINDOWS\MEMORY.DMP
2017-08-31 18:11 - 2017-08-31 18:12 - 000812820 _____ C:\WINDOWS\Minidump\083117-37890-01.dmp
2017-08-31 18:09 - 2017-09-01 18:38 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\WmiPrvSE saved files
2017-08-31 18:09 - 2017-08-31 18:09 - 000003072 _____ C:\Users\Jayden\AppData\Local\uninstallce.exe
2017-08-31 18:08 - 2017-08-31 18:14 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\Spotify store files
2017-08-31 18:08 - 2017-08-31 18:09 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\Spotify local files
2017-08-31 18:08 - 2017-08-31 18:08 - 000003852 _____ C:\WINDOWS\System32\Tasks\24176298
2017-08-31 18:08 - 2017-08-31 18:08 - 000003850 _____ C:\WINDOWS\System32\Tasks\36883163
2017-08-31 18:08 - 2017-08-31 18:08 - 000003848 _____ C:\WINDOWS\System32\Tasks\40138800
2017-08-31 18:08 - 2017-08-31 18:08 - 000003844 _____ C:\WINDOWS\System32\Tasks\k36883163
2017-08-31 18:08 - 2017-08-31 18:08 - 000003726 _____ C:\WINDOWS\System32\Tasks\ba2417629824176298
2017-08-31 18:08 - 2017-08-31 18:08 - 000003724 _____ C:\WINDOWS\System32\Tasks\ba3688316336883163
2017-08-31 18:08 - 2017-08-31 18:08 - 000003722 _____ C:\WINDOWS\System32\Tasks\ba4013880040138800
2017-08-31 18:08 - 2017-08-31 18:08 - 000003720 _____ C:\WINDOWS\System32\Tasks\bak36883163k36883163
2017-08-31 18:08 - 2017-08-31 18:08 - 000003436 _____ C:\WINDOWS\System32\Tasks\SystemHealer Run Delay
2017-08-31 18:08 - 2017-08-31 18:08 - 000000020 _____ C:\WINDOWS\b40138800
2017-08-31 18:07 - 2017-08-31 18:07 - 000003442 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2017-08-31 18:07 - 2017-08-31 18:07 - 000000000 ____D C:\Users\Jayden\AppData\Local\IPNinja
2017-08-31 18:06 - 2017-08-31 18:07 - 001847296 _____ C:\Users\Jayden\AppData\Local\po.db
2017-08-31 18:06 - 2017-08-31 18:07 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\fh4vycxenzn
2017-08-31 18:06 - 2017-08-31 18:06 - 000140800 _____ C:\Users\Jayden\AppData\Local\installer.dat
2017-08-31 18:06 - 2017-08-31 18:06 - 000011568 _____ C:\Users\Jayden\AppData\Local\InstallationConfiguration.xml
2017-08-31 18:06 - 2017-08-31 18:06 - 000000000 ____D C:\WINDOWS\SysWOW64\niskqmq
2017-08-31 18:06 - 2017-08-31 18:06 - 000000000 ____D C:\WINDOWS\system32\niskqmq
2017-08-31 04:05 - 2017-08-31 04:05 - 000795648 _____ C:\WINDOWS\f4dffc42d56fd397820b798a5becaced.exe
2017-08-31 04:05 - 2017-08-31 04:05 - 000078744 _____ (MTQ0HV) C:\WINDOWS\system32\Drivers\310f8a5b7af987185d7fd09b4a6a7a63.sys
2017-08-31 04:05 - 2017-08-31 04:05 - 000037162 _____ C:\WINDOWS\uninstaller.dat
2017-08-31 00:12 - 2017-08-31 00:12 - 000011776 _____ (Tamoxifen) C:\WINDOWS\goosey.exe
2017-08-30 21:56 - 2017-08-30 21:56 - 000000000 __SHD C:\ProgramData\Windows Audit Service Update
2017-08-30 21:55 - 2017-08-30 21:55 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388
2017-08-30 21:47 - 2017-08-30 21:47 - 000001293 _____ C:\Users\Jayden\Desktop\Google Chrome.lnk
2017-08-30 21:47 - 2017-08-30 21:47 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-08-30 21:43 - 2017-08-30 21:46 - 000003292 _____ C:\WINDOWS\System32\Tasks\7f3ce402df93561fc4e9a3ef9c35c397
2017-08-30 21:43 - 2017-08-30 21:46 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2017-08-30 21:40 - 2017-08-30 21:40 - 000164596 _____ C:\Users\Jayden\Downloads\destiny-2-patch-fix.zip
2017-08-30 14:11 - 2017-08-30 14:11 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\Bungie
2017-08-30 14:06 - 2017-08-30 14:06 - 000000862 ____N C:\Users\Public\Desktop\Destiny 2.lnk
2017-08-30 14:06 - 2017-08-30 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Destiny 2
2017-08-30 13:39 - 2017-08-30 14:11 - 000000000 ____D C:\Program Files (x86)\Destiny 2
2017-08-28 16:00 - 2017-08-03 22:31 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-08-28 16:00 - 2017-08-03 22:31 - 001214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-08-28 16:00 - 2017-08-03 22:31 - 000629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-08-28 16:00 - 2017-08-03 22:31 - 000544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-08-28 16:00 - 2017-08-03 22:31 - 000335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-08-28 16:00 - 2017-08-03 22:31 - 000334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-08-28 16:00 - 2017-08-03 22:31 - 000233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-08-28 16:00 - 2017-08-03 22:31 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-08-28 16:00 - 2017-08-03 22:31 - 000096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-08-28 16:00 - 2017-08-03 22:31 - 000034656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-08-28 16:00 - 2017-08-03 21:26 - 000192864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-08-27 21:37 - 2017-08-27 21:37 - 001989368 _____ C:\Users\Jayden\Downloads\pg35-36-1.pdf
2017-08-27 21:37 - 2017-08-27 21:37 - 001989368 _____ C:\Users\Jayden\Downloads\pg35-36-1 (1).pdf
2017-08-27 21:37 - 2017-08-27 21:37 - 001820487 _____ C:\Users\Jayden\Downloads\pg35-36.pdf
2017-08-27 21:33 - 2017-08-27 21:33 - 001163278 _____ C:\Users\Jayden\Downloads\pg47-48-1.pdf
2017-08-27 21:33 - 2017-08-27 21:33 - 001052553 _____ C:\Users\Jayden\Downloads\pg47-48.pdf
2017-08-27 19:50 - 2017-09-02 08:47 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-08-27 19:48 - 2017-09-02 07:47 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-27 19:48 - 2017-08-27 19:49 - 000817340 _____ C:\WINDOWS\Minidump\082717-30375-01.dmp
2017-08-27 19:21 - 2017-08-27 19:21 - 000003632 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2017-08-25 21:17 - 2017-08-25 21:17 - 000812600 _____ (ROBLOX Corporation) C:\Users\Jayden\Downloads\RobloxPlayerLauncher.exe
2017-08-24 17:59 - 2017-07-31 08:14 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-08-24 17:59 - 2017-07-31 08:14 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-24 17:54 - 2017-04-21 14:53 - 000029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-08-24 17:54 - 2017-04-21 14:53 - 000018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-08-24 17:54 - 2017-04-21 14:50 - 000030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-08-24 17:54 - 2017-04-21 14:50 - 000018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-08-23 19:28 - 2017-08-23 19:28 - 000000000 ____D C:\Users\Jayden\Documents\AutomaticSolution Software
2017-08-18 20:54 - 2017-08-18 20:54 - 005674640 _____ C:\Users\Jayden\Downloads\98842 Feint - Time Bomb (feat. Veela & Boyinaband) (1).osz
2017-08-18 20:39 - 2017-08-18 20:39 - 014844655 _____ C:\Users\Jayden\Downloads\18315 DM Ashura - deltaMAX.osz
2017-08-18 16:25 - 2017-08-26 11:24 - 000000111 _____ C:\Users\Jayden\Documents\2.mcr
2017-08-18 15:39 - 2017-08-18 15:39 - 001498840 _____ (Jitbit Software ) C:\Users\Jayden\Downloads\MacroRecorderSetup (1).exe
2017-08-18 15:39 - 2017-08-18 15:39 - 000001150 ____N C:\Users\Public\Desktop\Macro Recorder.lnk
2017-08-17 12:41 - 2017-08-17 20:38 - 003098624 _____ C:\Users\database.exe
2017-08-17 12:27 - 2017-08-17 12:27 - 004428235 _____ C:\Users\Jayden\Downloads\EH-12.1 (1).rar
2017-08-17 12:27 - 2017-08-10 03:03 - 004459008 _____ C:\Users\Jayden\Desktop\EH 12.1.exe
2017-08-17 11:07 - 2017-08-26 11:04 - 005956096 _____ C:\Users\Default\Elxs.exe
2017-08-16 19:03 - 2017-08-16 19:03 - 004428235 _____ C:\Users\Jayden\Downloads\EH.12.1.rar
2017-08-16 19:01 - 2017-08-16 19:01 - 004428235 _____ C:\Users\Jayden\Downloads\EH-12.1.rar
2017-08-13 23:56 - 2017-08-13 23:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS
2017-08-13 23:55 - 2017-08-13 23:55 - 000000000 ____D C:\Users\Jayden\AppData\Local\VEGAS
2017-08-13 23:55 - 2017-08-13 23:55 - 000000000 ____D C:\ProgramData\VEGAS
2017-08-13 23:55 - 2017-08-13 23:55 - 000000000 ____D C:\Program Files\VEGAS
2017-08-13 23:53 - 2017-08-14 00:10 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\Sony
2017-08-13 23:52 - 2017-08-13 23:52 - 000000000 ____D C:\Users\Jayden\Desktop\Sony Vegas Pro 14
2017-08-13 23:52 - 2017-08-13 23:52 - 000000000 ____D C:\Users\Jayden\Desktop\Sony Vegas
2017-08-13 23:51 - 2017-08-13 23:51 - 445137688 _____ C:\Users\Jayden\Desktop\Sony Vegas Pro 14.zip
2017-08-13 15:53 - 2017-08-13 15:53 - 024963284 _____ C:\Users\Jayden\Downloads\83560 DJ S3RL - T-T-Techno (feat. Jesskah).osz
2017-08-12 23:00 - 2017-08-12 23:00 - 003882378 _____ C:\Users\Jayden\Downloads\source.mp4
2017-08-12 21:01 - 2017-08-12 21:01 - 000146696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150259689356207
2017-08-12 21:01 - 2017-08-12 21:01 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-08-12 21:01 - 2017-08-12 21:00 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150259688575003
2017-08-12 21:01 - 2017-07-02 17:40 - 001015848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.150259689356207
2017-08-10 02:32 - 2017-08-10 03:33 - 2575833801 _____ C:\Users\Jayden\Downloads\MapleStory v162.4.zip
2017-08-10 02:18 - 2017-08-10 02:18 - 165488602 _____ C:\Users\Jayden\Downloads\SC_ 2017-08-09 14-54-11-081 (1).avi
2017-08-10 02:16 - 2017-08-10 02:16 - 165488602 _____ C:\Users\Jayden\Downloads\SC_ 2017-08-09 14-54-11-081.avi
2017-08-09 13:09 - 2017-08-09 13:09 - 000000000 ____D C:\Users\Jayden\AppData\Local\VirtualStore
2017-08-09 13:09 - 2017-08-09 13:09 - 000000000 ____D C:\Users\Jayden\AppData\Local\SCE
2017-08-09 13:09 - 2017-08-09 13:09 - 000000000 ____D C:\Users\Jayden\AppData\Local\Daybreak Game Company
2017-08-08 19:59 - 2017-08-08 19:59 - 000002244 ____N C:\Users\Jayden\Desktop\Discord.lnk
2017-08-08 19:59 - 2017-08-08 19:59 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-07 22:21 - 2017-08-07 22:22 - 002743099 _____ C:\Users\Jayden\Downloads\93655 AOiRO_Manbow with kagerow obj- Akaibito - dreamin' -happycore version.osz
2017-08-06 11:31 - 2017-08-06 11:31 - 000021037 _____ C:\Users\Jayden\Downloads\Retry and Repair and Elixir.mcr
2017-08-06 11:21 - 2017-08-06 11:21 - 000001170 ____N C:\Users\Jayden\Desktop\Cheat Engine.lnk
2017-08-06 11:20 - 2017-08-06 11:21 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.7
2017-08-06 11:20 - 2017-08-06 11:20 - 000016286 _____ C:\Users\Jayden\Desktop\Success v.02 now with auto repair.mcr
2017-08-06 11:20 - 2017-08-06 11:20 - 000000000 ____D C:\Users\Jayden\Documents\My Cheat Tables
2017-08-06 11:19 - 2017-08-18 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macro Recorder
2017-08-06 11:19 - 2017-08-18 15:39 - 000000000 ____D C:\Program Files (x86)\MacroRecorder
2017-08-06 11:19 - 2017-08-06 11:20 - 012024632 _____ (Cheat Engine ) C:\Users\Jayden\Downloads\CheatEngine67.exe
2017-08-06 11:17 - 2017-08-06 11:17 - 001501872 _____ (Jitbit Software ) C:\Users\Jayden\Downloads\MacroRecorderSetup.exe
2017-08-04 23:44 - 2017-08-31 19:17 - 000000000 ____D C:\Users\Jayden\AppData\Local\Spotify
2017-08-04 23:44 - 2017-08-04 23:44 - 000001857 ____N C:\Users\Jayden\Desktop\Spotify.lnk
2017-08-04 23:44 - 2017-08-04 23:44 - 000001843 _____ C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-08-04 23:43 - 2017-09-02 08:53 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\Spotify
2017-08-04 23:43 - 2017-08-04 23:43 - 000676560 _____ (Spotify Ltd) C:\Users\Jayden\Downloads\SpotifySetup (2).exe
2017-08-04 23:42 - 2017-08-04 23:43 - 000676560 _____ (Spotify Ltd) C:\Users\Jayden\Downloads\SpotifySetup.exe
2017-08-04 23:42 - 2017-08-04 23:43 - 000676560 _____ (Spotify Ltd) C:\Users\Jayden\Downloads\SpotifySetup (1).exe
2017-08-04 18:45 - 2017-08-04 18:45 - 000000000 ____D C:\Users\Jayden\AppData\Local\UNP
2017-08-04 09:31 - 2017-08-04 09:31 - 000000000 ____D C:\Users\Jayden\AppData\Local\CEF
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-02 08:57 - 2017-05-04 05:19 - 000000000 ____D C:\Users\Jayden\AppData\Local\Battle.net
2017-09-02 08:53 - 2017-05-04 05:03 - 000000165 _____ C:\Users\Jayden\AppData\Roaming\sp_data.sys
2017-09-02 08:49 - 2017-05-04 05:07 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\Skype
2017-09-02 08:48 - 2017-05-04 05:17 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-09-02 08:45 - 2015-12-26 03:14 - 000000000 __SHD C:\Users\Jayden\IntelGraphicsProfiles
2017-09-02 08:44 - 2017-05-21 14:22 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-02 08:43 - 2017-05-04 01:51 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-09-02 08:43 - 2017-05-04 01:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-02 08:28 - 2017-05-04 01:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-02 07:55 - 2017-05-25 23:13 - 000000000 ____D C:\Users\Jayden\AppData\Local\CrashDumps
2017-09-02 07:53 - 2017-06-04 13:29 - 000004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4396B2C0-A8A8-4F2D-9A16-547061C4A2BE}
2017-09-02 07:47 - 2017-05-04 01:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-01 22:42 - 2017-05-04 02:28 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-01 22:42 - 2015-09-23 08:26 - 000033081 _____ C:\WINDOWS\diagwrn.xml
2017-09-01 22:42 - 2015-09-23 08:26 - 000021620 _____ C:\WINDOWS\diagerr.xml
2017-09-01 22:07 - 2017-05-04 05:17 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\discord
2017-09-01 20:03 - 2017-05-08 21:33 - 000000000 ____D C:\Users\Jayden\AppData\Local\osu!
2017-09-01 19:57 - 2017-05-04 01:59 - 000000000 ____D C:\Users\Jayden
2017-09-01 18:31 - 2017-06-07 18:07 - 000000892 _____ C:\Users\Public\Desktop\Overwatch.lnk
2017-09-01 18:31 - 2017-06-07 15:00 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-09-01 15:57 - 2017-05-04 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-01 15:57 - 2017-05-04 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-01 15:38 - 2017-07-12 11:25 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\WTablet
2017-08-31 21:17 - 2015-08-18 01:36 - 000005596 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-31 15:48 - 2017-05-04 02:14 - 000000000 ____D C:\WINDOWS\System
2017-08-30 21:42 - 2017-05-04 05:11 - 000002297 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2017-08-30 21:42 - 2017-05-04 05:11 - 000002285 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2017-08-27 19:51 - 2017-05-04 02:13 - 000000000 ____D C:\WINDOWS\INF
2017-08-27 19:21 - 2015-08-18 01:37 - 000000000 ____D C:\Program Files (x86)\ASUS
2017-08-27 19:20 - 2017-05-04 02:26 - 000000000 ____D C:\ProgramData\SetupTPDriver
2017-08-26 20:58 - 2017-05-04 02:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-26 11:04 - 2017-07-19 10:27 - 002436608 _____ C:\Users\Default\BypassEls.exe
2017-08-26 11:04 - 2017-07-19 10:27 - 001948160 _____ C:\Users\Default\Elx.exe
2017-08-26 02:07 - 2017-05-04 02:14 - 000000000 ____D C:\WINDOWS\rescache
2017-08-24 19:16 - 2017-07-02 17:38 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-23 16:36 - 2017-05-05 05:39 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-22 21:53 - 2017-05-06 03:22 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-08-20 17:46 - 2017-05-09 22:27 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\obs-studio
2017-08-14 20:42 - 2017-05-05 21:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-14 20:39 - 2017-05-05 21:51 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 19:58 - 2017-05-04 05:17 - 000000000 ____D C:\Users\Jayden\AppData\Local\Discord
2017-08-07 13:56 - 2017-01-17 19:29 - 000000000 ____D C:\Users\Jayden\Documents\Overwatch
2017-08-06 21:30 - 2017-05-04 05:19 - 000000000 ____D C:\Users\Jayden\AppData\Local\Blizzard Entertainment
2017-08-06 14:14 - 2017-07-19 11:30 - 005675008 _____ C:\Users\Default\elxii.exe
2017-08-06 11:21 - 2017-07-22 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7
2017-08-03 10:40 - 2017-05-06 02:02 - 000000000 ____D C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2017-05-04 05:03 - 2017-09-02 08:53 - 000000165 _____ () C:\Users\Jayden\AppData\Roaming\sp_data.sys
2017-07-22 04:05 - 2017-07-22 04:37 - 000000063 _____ () C:\Users\Jayden\AppData\Local\Autosofted License.txt
2017-08-31 18:06 - 2017-08-31 18:06 - 000011568 _____ () C:\Users\Jayden\AppData\Local\InstallationConfiguration.xml
2017-08-31 18:06 - 2017-08-31 18:06 - 000140800 _____ () C:\Users\Jayden\AppData\Local\installer.dat
2017-08-31 18:06 - 2017-08-31 18:07 - 001847296 _____ () C:\Users\Jayden\AppData\Local\po.db
2017-08-31 18:09 - 2017-08-31 18:09 - 000003072 _____ () C:\Users\Jayden\AppData\Local\uninstallce.exe
2017-05-04 01:37 - 2017-05-04 01:37 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388\56289D4EBA2F2388.exe
C:\Users\Default\BypassEls.exe
C:\Users\Default\Elx.exe
C:\Users\Default\elxii.exe
C:\Users\Default\Elxs.exe
 
 
Some files in TEMP:
====================
2017-07-06 12:11 - 2017-08-06 11:24 - 000000000 _____ () C:\Users\Jayden\AppData\Local\Temp\2e7adecd915fad7ede6cff9c6c6e4e6e.dll
2017-09-01 15:40 - 2017-09-01 15:40 - 000141920 _____ (Adobe Systems) C:\Users\Jayden\AppData\Local\Temp\363E.tmp.exe
2017-06-17 00:26 - 2017-06-20 14:34 - 000000000 _____ () C:\Users\Jayden\AppData\Local\Temp\3fc1552ba19ee3472398342b0fadfa41.dll
2017-05-17 17:21 - 2017-05-17 17:21 - 000000512 _____ () C:\Users\Jayden\AppData\Local\Temp\4ac740ed0737c50e0c4227614cb5d8cb.dll
2017-09-01 15:42 - 2017-09-01 15:42 - 000548864 _____ () C:\Users\Jayden\AppData\Local\Temp\940A.tmp.exe
2017-08-31 18:17 - 2017-08-31 18:17 - 000180224 _____ () C:\Users\Jayden\AppData\Local\Temp\C47.tmp.exe
2017-06-17 00:26 - 2017-06-20 14:10 - 000000089 _____ () C:\Users\Jayden\AppData\Local\Temp\c510884683bb3839289c9d9f39d6d6a5.dll
2017-07-06 12:11 - 2017-08-06 11:24 - 000000088 _____ () C:\Users\Jayden\AppData\Local\Temp\dd221c2a94f225f38abcc7378ae52793.dll
2015-04-27 05:26 - 2015-04-27 05:26 - 000119312 _____ (McAfee, Inc.) C:\Users\Jayden\AppData\Local\Temp\McCSPInstall.dll
2017-05-04 05:32 - 2015-04-27 05:26 - 000161520 _____ (McAfee Inc.) C:\Users\Jayden\AppData\Local\Temp\mccspuninstall.exe
2017-09-01 19:16 - 2017-09-01 19:51 - 018309328 _____ (Microsoft Corporation) C:\Users\Jayden\AppData\Local\Temp\MediaCreationTool.exe
2017-08-31 18:34 - 2017-08-30 21:44 - 000067132 _____ () C:\Users\Jayden\AppData\Local\Temp\Uninstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-29 21:46
 
==================== End of FRST.txt ============================
And the Addition.txt 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Jayden (02-09-2017 08:58:51)
Running from C:\Users\Jayden\Downloads
Windows 10 Home Version 1607 (X64) (2017-05-04 09:14:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2277826130-4195644225-2934306147-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2277826130-4195644225-2934306147-503 - Limited - Disabled)
Guest (S-1-5-21-2277826130-4195644225-2934306147-501 - Limited - Disabled)
Jayden (S-1-5-21-2277826130-4195644225-2934306147-1001 - Administrator - Enabled) => C:\Users\Jayden
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.53 - NVIDIA Corporation) Hidden
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.027 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.30 - ASUS)
Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Corsair Utility Engine (HKLM-x32\...\{A9114889-E4D2-4112-B461-22179C0E122C}) (Version: 2.14.67 - Corsair)
CyberLink PhotoDirector 5 (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Discord (HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Discord (HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Discord) (Version: 0.0.298 - Discord Inc.)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
gPatcher (HKLM-x32\...\{2D5342F2-5D85-4661-A0A5-EC31431D3854}) (Version: 4.1 - gintoki147) Hidden
gPatcher (HKLM-x32\...\gPatcher 4.1) (Version: 4.1 - gintoki147)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{aa2c2346-d0c0-4d3e-9ab1-11a48b4cb9f3}) (Version: 19.20.3 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.5230.111 - Waves Audio Ltd.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA Graphics Driver 382.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.53 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
osu! (HKLM-x32\...\{9e1e9ec6-049d-48bd-885f-6f7d11316061}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
PixelMaster Video HDR (HKLM\...\{65302154-AAF6-4020-A070-76CAA9CEC8D3}) (Version: 1.1.33 - ASUS)
PlanetSide 2 (HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\DGC-PlanetSide 2) (Version: 1.0.3.192 - Daybreak Game Company)
PlanetSide 2 (HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\DGC-PlanetSide 2) (Version: 1.0.3.192 - Daybreak Game Company)
PUSH Video Wallpaper (HKLM\...\PUSH Video Wallpaper_is1) (Version: 3.46 - PUSH Entertainment)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 8.1.7.463 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
ROBLOX Player for Jayden (HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for Jayden (HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
Spotify (HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) Hidden
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.23-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.50 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.2 - win.rar GmbH)
Wizard101 (HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Wizard101 (HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-05-08] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-05-08] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-06-07] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-05-08] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-05-08] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00FF0A1C-1271-45BF-BA86-05881B534382} - \ASUS USB Charger Plus -> No File <==== ATTENTION
Task: {04E05F74-8D01-40EE-AC86-55F50018F239} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
Task: {0821E7C7-081C-43E1-B44C-04E8B56ED353} - System32\Tasks\24176298 => C:\Users\Jayden\AppData\Local\tamoxifen.exe <==== ATTENTION
Task: {0946AAA9-6FAA-4C56-A942-D4F0F010A3DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-04] (Google Inc.)
Task: {0AA798F7-335E-4B4E-8719-B5D424898588} - System32\Tasks\k36883163 => C:\Program Files (x86)\visa\visa.exe
Task: {0D77F98F-7156-4306-A0EF-6EDB0D0869EF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {0E412EEE-D901-49C8-82D7-94A9A7DABDE5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation)
Task: {12C5AFBA-4FFF-4906-8487-69EDCBD77E8E} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Task: {198E1014-1118-402A-88DF-3E439F3A92EC} - System32\Tasks\ba4013880040138800 => C:\Program Files (x86)\Fats\tamoxifen.exe
Task: {2E8281BF-E2C0-4AED-AF67-9B77422C4535} - \ASUS Splendid ACMON -> No File <==== ATTENTION
Task: {2EC0898D-F67D-4DCE-B234-7DA0459BEB40} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Task: {31FE7F83-5B9A-4128-B679-203B6D331569} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe <==== ATTENTION
Task: {3DB4DC15-B6B2-4925-A3ED-EDC179434C3E} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
Task: {4211FCCA-240D-4D9E-99E2-5AE1089998A2} - System32\Tasks\40138800 => C:\Program Files (x86)\Fats\tamoxifen.exe <==== ATTENTION
Task: {59A87AEA-8AE9-4B4E-A32F-E33A6DBB2C70} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-07-29] (Realtek Semiconductor)
Task: {5FE8C86E-A99F-437E-826A-D09142375386} - System32\Tasks\bak36883163k36883163 => C:\Program Files (x86)\visa\visa.exe
Task: {77CF2498-9632-42A5-928F-1E8C98DEA63E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation) <==== ATTENTION
Task: {7B5E24AC-F76B-4878-95DA-5702A2D1D2F1} - System32\Tasks\ba2417629824176298 => C:\Users\Jayden\AppData\Local\tamoxifen.exe
Task: {7E361224-1E26-4385-AAB8-A634A72CC90D} - System32\Tasks\ba3688316336883163 => C:\Program Files (x86)\Hater\tamoxifen.exe
Task: {80780EA9-8959-46F2-9299-C8FD95C9E23C} - System32\Tasks\36883163 => C:\Program Files (x86)\Hater\tamoxifen.exe <==== ATTENTION
Task: {879B11D9-83DF-4A44-822C-97CD8C566A38} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation) <==== ATTENTION
Task: {89F30B33-B6E8-436A-BBF9-1DD445263359} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Task: {A77CB984-BF88-41E8-9437-0A76CAA2705A} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {A9EB117B-834F-4401-B1AB-289A968F1591} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation) <==== ATTENTION
Task: {AE28B9F2-5B5C-4B23-AB97-D29F93D509DC} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {BF7F37D7-97BD-43C2-BAD6-9FC78DD1C3B2} - System32\Tasks\7f3ce402df93561fc4e9a3ef9c35c397 => sc start 7f3ce402df93561fc4e9a3ef9c35c397 <==== ATTENTION
Task: {CC29C191-8E00-43F8-B0A0-910A7E0FF491} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {E26D5096-B7EF-47CA-8BD2-0CA997CC1C40} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-04] (Google Inc.)
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - \ASUS\ASUS Product Register Service -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {E7311B2A-FF63-41FC-A0E7-A9ACF0FFDD6C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation) <==== ATTENTION
Task: {EA707FC7-3D60-4CB5-BED6-8176E252A7F5} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: {F3E82FBC-3D56-40F7-9042-C464BFDF351C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 04:42 - 2016-07-16 04:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-12 09:21 - 2017-06-21 00:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-23 08:16 - 2014-04-14 18:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-05-19 09:11 - 2015-05-19 09:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2017-07-12 11:03 - 2017-06-28 16:43 - 001658312 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-09-30 04:27 - 2016-09-30 04:27 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-16 23:04 - 2017-03-03 23:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-16 23:05 - 2017-03-03 23:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-16 23:05 - 2017-03-03 23:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-16 23:05 - 2017-03-03 23:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-07-12 09:21 - 2017-06-20 23:36 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-07-12 09:21 - 2017-06-20 23:35 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-07-12 09:21 - 2017-06-20 23:37 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-23 08:00 - 2013-05-15 14:39 - 000463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2017-08-20 15:57 - 2017-08-20 15:57 - 000885760 _____ () C:\Users\Jayden\AppData\Local\wmicpra\wmicpra.exe
2017-08-24 15:15 - 2017-08-24 15:15 - 001528296 _____ () C:\Program Files (x86)\Blizzard App\Battle.net.9262\Battle.net Helper.exe
2017-08-20 12:38 - 2017-08-20 12:38 - 001087488 _____ () C:\Users\Jayden\AppData\Local\wmicpra\utcmfit.exe
2017-06-09 21:03 - 2017-04-28 11:43 - 000350760 _____ () C:\Program Files (x86)\Razer\Razer Cortex\RazerGamecasterEngine.exe
2017-08-30 21:44 - 2017-08-30 21:44 - 001378816 _____ () C:\Program Files (x86)\Google\Chrome\Application\WINHTTP.dll
2017-08-29 05:18 - 2017-08-23 01:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-29 05:18 - 2017-08-23 01:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-04-20 02:39 - 2017-03-27 23:26 - 003388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-04-20 02:39 - 2017-03-27 23:13 - 002263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2017-06-15 16:36 - 2017-06-15 16:36 - 002567680 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2017-06-15 16:36 - 2017-06-15 16:36 - 000132608 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2017-08-26 04:37 - 2017-08-26 04:37 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2015-06-09 20:25 - 2015-06-09 20:25 - 000035376 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-06-09 20:25 - 2015-06-09 20:25 - 000124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2017-08-08 19:58 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\Jayden\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-08 19:59 - 2017-08-31 18:15 - 001577976 _____ () \\?\C:\Users\Jayden\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2017-07-24 15:57 - 2017-07-24 15:57 - 001991640 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-06-09 21:03 - 2017-04-28 11:42 - 001025848 _____ () C:\Program Files (x86)\Razer\Razer Cortex\CefSharp.Core.dll
2017-06-09 21:03 - 2017-04-28 11:42 - 053913416 _____ () C:\Program Files (x86)\Razer\Razer Cortex\libcef.dll
2017-08-04 23:43 - 2017-08-04 23:44 - 067117168 _____ () C:\Users\Jayden\AppData\Roaming\Spotify\libcef.dll
2017-05-26 16:27 - 2017-05-26 16:27 - 000199680 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2017-05-26 16:25 - 2017-05-26 16:25 - 000044544 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll
2017-05-26 16:37 - 2017-05-26 16:37 - 000086528 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairAudioDevice.dll
2017-05-26 16:25 - 2017-05-26 16:25 - 000097280 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll
2016-12-01 13:28 - 2016-12-01 13:28 - 001983488 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll
2016-12-01 13:28 - 2016-12-01 13:28 - 000013824 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL
2017-08-24 15:15 - 2017-08-24 15:15 - 055782888 _____ () C:\Program Files (x86)\Blizzard App\Battle.net.9262\libcef.dll
2017-08-24 15:16 - 2017-08-24 15:16 - 000540336 _____ () C:\Program Files (x86)\Blizzard App\Battle.net.9262\ortp.dll
2017-08-24 15:16 - 2017-08-24 15:16 - 003384832 _____ () C:\Program Files (x86)\Blizzard App\Battle.net.9262\libglesv2.dll
2017-08-24 15:15 - 2017-08-24 15:15 - 000133632 _____ () C:\Program Files (x86)\Blizzard App\Battle.net.9262\libegl.dll
2017-08-08 19:59 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\Jayden\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-08 19:59 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\Jayden\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-04-13 16:30 - 2017-04-13 16:34 - 001005408 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.dll
2017-04-13 16:30 - 2017-04-13 16:34 - 053444984 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libcef.dll
2017-08-02 21:40 - 2017-08-02 21:40 - 053460480 _____ () C:\Users\Jayden\AppData\Local\wmicpra\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 001976832 _____ () C:\Users\Jayden\AppData\Local\wmicpra\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 000075264 _____ () C:\Users\Jayden\AppData\Local\wmicpra\libegl.dll
2017-08-08 19:59 - 2017-08-31 18:16 - 009622008 _____ () \\?\C:\Users\Jayden\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-08 19:59 - 2017-08-31 18:15 - 001440248 _____ () \\?\C:\Users\Jayden\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-09-02 08:48 - 2017-09-02 08:48 - 000148992 _____ () \\?\C:\Users\Jayden\AppData\Local\Temp\89ED.tmp.node
2017-08-08 19:59 - 2017-08-31 18:15 - 002658296 _____ () \\?\C:\Users\Jayden\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-08 20:00 - 2017-08-31 18:43 - 002673656 _____ () \\?\C:\Users\Jayden\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2017-08-04 23:43 - 2017-08-04 23:43 - 002253424 _____ () C:\Users\Jayden\AppData\Roaming\Spotify\libglesv2.dll
2017-08-04 23:43 - 2017-08-04 23:43 - 000086640 _____ () C:\Users\Jayden\AppData\Roaming\Spotify\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 017599640 _____ () C:\Users\Jayden\AppData\Local\wmicpra\pepflashplayer.dll
2015-06-24 01:07 - 2015-06-24 01:07 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-04-13 16:30 - 2017-04-13 16:34 - 000691056 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.Core.dll
2017-04-13 16:30 - 2017-04-13 16:34 - 001984392 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libglesv2.dll
2017-04-13 16:30 - 2017-04-13 16:34 - 000082824 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libegl.dll
2017-06-09 21:03 - 2016-07-12 13:43 - 000149352 _____ () C:\Program Files (x86)\Razer\Razer Cortex\SimbaDeviceControl.dll
2017-06-09 21:03 - 2017-04-28 11:42 - 000146280 _____ () C:\Program Files (x86)\Razer\Razer Cortex\ftl.dll
2017-06-09 21:06 - 2016-10-08 00:13 - 050656768 _____ () C:\Users\Jayden\AppData\Local\razer\InGameEngine\cache\RzFpsApplet\cef\libcef.dll
2017-06-09 21:06 - 2016-10-08 00:13 - 001874944 _____ () C:\Users\Jayden\AppData\Local\razer\InGameEngine\cache\RzFpsApplet\cef\libglesv2.dll
2017-06-09 21:06 - 2016-10-08 00:13 - 000075264 _____ () C:\Users\Jayden\AppData\Local\razer\InGameEngine\cache\RzFpsApplet\cef\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Jayden\AppData\Local\Temp:$DATA [34]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 04:04 - 2017-08-31 18:07 - 000001282 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
162.222.193.86       aoaomo.tremorhub.com
188.95.50.62       bobomo.tremorhub.com
162.222.193.86       www.howcast.com
162.222.193.86       howcast.com
162.222.193.86       www.ustream.tv
162.222.193.86       ustream.tv
162.222.193.86       www.livestream.com
162.222.193.86       livestream.com
162.222.193.86       www.dailymotion.com
162.222.193.86       dailymotion.com
192.192.3.8       www.virustotal.com
192.192.3.8       virustotal.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jayden\Pictures\8sQjUeJ.png
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Jayden\Pictures\8sQjUeJ.png
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3218AAE8-482D-4FFA-BA46-F564882D73C3}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{E54534ED-0F68-4364-99FD-E47B7C307129}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{52E30447-14A3-45AE-9D59-EA402301858B}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{683C9342-6916-432F-B937-AB71C44497A2}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{23288D75-24E3-49D4-BFD9-9CA9516CFB36}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E926ED2C-F2B7-4E31-BED3-266275ECCA67}] => (Allow) C:\Nexon\Library\dragonnest\appdata\DragonNest.exe
FirewallRules: [{51292C57-98C5-402A-A864-609945912617}] => (Allow) C:\Nexon\Library\dragonnest\appdata\DragonNest.exe
FirewallRules: [{5F4BE534-0802-474C-B7EA-E70016D4BED5}] => (Allow) C:\Nexon\Library\PS\DragonNest.exe
FirewallRules: [{4F84535F-1130-4634-B65F-283B397F4A20}] => (Allow) C:\Nexon\Library\PS\DragonNest.exe
FirewallRules: [{F0EA27D0-8876-4BFD-9D5D-914F6A74A9CC}] => (Allow) C:\Nexon\Library\DN private server\DragonNest.exe
FirewallRules: [{7B09054E-5C3C-4456-954C-316A49E0312C}] => (Allow) C:\Nexon\Library\DN private server\DragonNest.exe
FirewallRules: [TCP Query User{3DFD56EE-69AB-494A-885A-359ABA9AF37E}C:\users\public\daybreak game company\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\daybreak game company\installed games\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{159E8526-0D1F-48D7-9E05-6BA422BC4DEE}C:\users\public\daybreak game company\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\daybreak game company\installed games\planetside 2\planetside2_x64.exe
FirewallRules: [{4174E494-FD1F-49E0-8505-A2E7E943D4FC}] => (Allow) C:\Program Files (x86)\VoidElsword\VoidElsword\voidels.exe
FirewallRules: [{CABEA30D-CAB8-4AA9-A14E-AF5BF0EB3784}] => (Allow) C:\Program Files (x86)\VoidElsword\VoidElsword\data\x2.exe
FirewallRules: [{338161B5-2C43-43FA-8C7C-831145DDF627}] => (Allow) C:\Program Files (x86)\VoidElsword\VoidElsword\data\x2.exe
FirewallRules: [TCP Query User{416FE5C0-61E9-416F-A3EE-96A806736114}C:\users\jayden\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\jayden\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{F3E197BA-C045-40DD-87DC-605C416F3EF4}C:\users\jayden\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\jayden\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{96421975-B138-4306-B51D-3E241878580F}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{D8CBAF1E-B9F8-42A3-8A66-02E3A214E4AC}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{EACCD421-4504-474F-ACFD-B83ECF60C2D4}C:\users\jayden\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jayden\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EFD88B29-C977-4AE5-960E-4668C259BDA1}C:\users\jayden\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jayden\appdata\roaming\spotify\spotify.exe
FirewallRules: [{47BA6C54-ED70-4279-BD6B-5F2C315F26D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{6EF92BF0-AEDB-4F6B-BA70-0E1E769F9B93}C:\program files (x86)\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{51BEA5EF-5190-4129-87C0-4D7A48C97651}C:\program files (x86)\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [{4BF496A2-3411-47E3-B9CE-A29CC62EBE18}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶啜浮汥整杤敲湯屹湕敭瑬摥牧潥祮攮數
FirewallRules: [{6849B19A-B955-472C-9767-06421D3D975C}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶啜浮汥整杤敲湯屹湕敭瑬摥牧潥祮⹟硥e
 
==================== Restore Points =========================
 
31-08-2017 21:51:38 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/02/2017 08:33:49 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (09/02/2017 08:32:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (09/02/2017 07:51:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.14393.1378, time stamp: 0x594a1517
Faulting module name: TwinUI.dll, version: 10.0.14393.1480, time stamp: 0x595f2b84
Exception code: 0x80270233
Fault offset: 0x0000000000586ba1
Faulting process id: 0x107c
Faulting application start time: 0x01d323fadf312e4f
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\Windows\System32\TwinUI.dll
Report Id: 7a384ea0-3d99-494b-a869-b5c7b3297ee9
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/02/2017 03:58:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/02/2017 03:58:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/02/2017 03:40:59 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (09/02/2017 03:40:59 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (09/02/2017 03:40:59 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (09/02/2017 03:40:59 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (09/02/2017 03:40:58 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
 
System errors:
=============
Error: (09/02/2017 08:51:14 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.
 
Error: (09/02/2017 08:49:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (09/02/2017 08:47:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/02/2017 08:47:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/02/2017 08:47:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/02/2017 08:47:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/02/2017 08:44:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/02/2017 08:44:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/02/2017 08:44:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/02/2017 08:44:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-31 18:08:54.847
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\310f8a5b7af987185d7fd09b4a6a7a63.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-30 21:43:34.880
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\310f8a5b7af987185d7fd09b4a6a7a63.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-30 21:43:27.599
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\310f8a5b7af987185d7fd09b4a6a7a63.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-29 21:46:35.280
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-28 14:45:58.329
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-27 03:15:32.256
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-26 01:41:02.404
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-17 12:10:38.342
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-16 11:58:58.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-14 20:39:08.656
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 56%
Total physical RAM: 8081.01 MB
Available physical RAM: 3514.08 MB
Total Virtual: 12433.01 MB
Available Virtual: 6659.98 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:223.88 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:557.9 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 23B11240)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:11 PM

Posted 02 September 2017 - 02:00 PM

Topic moved to MRL forum as requested.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:11 PM

Posted 02 September 2017 - 02:34 PM

Were you able to run Malwarebytes Antirookit?

  • Highlight the entire content of the quote box below.

Start::  
S2 AdsService; C:\Users\Jayden\AppData\Local\AdService\AdService.dll [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [X] <==== ATTENTION
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [*56289D4EBA2F2388<*>] => C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388\56289D4EBA2F2388.exe [ ] () <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [svchostst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\svchost saved files\start.vbs" //B "%1" %* <==== ATTENTION
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [*56289D4EBA2F2388<*>] => C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388\56289D4EBA2F2388.exe [ ] () <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [svchostst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\svchost saved files\start.vbs" //B "%1" %* <==== ATTENTION
Startup: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostst.vbs [2017-09-02] () <==== ATTENTION
C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostst.vbs
C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388
C:\Users\Jayden\AppData\Roaming\svchost saved files
C:\Program Files (x86)\ProxyGate
C:\Users\Jayden\AppData\Local\tamoxifen.exe
C:\Program Files (x86)\SystemHealer
C:\Program Files (x86)\Fats
C:\Windows\System32\Tasks\7f3ce402df93561fc4e9a3ef9c35c397
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [X] <==== ATTENTION
Task: {00FF0A1C-1271-45BF-BA86-05881B534382} - \ASUS USB Charger Plus -> No File <==== ATTENTION
Task: {0821E7C7-081C-43E1-B44C-04E8B56ED353} - System32\Tasks\24176298 => C:\Users\Jayden\AppData\Local\tamoxifen.exe <==== ATTENTION
Task: {2E8281BF-E2C0-4AED-AF67-9B77422C4535} - \ASUS Splendid ACMON -> No File <==== ATTENTION
Task: {31FE7F83-5B9A-4128-B679-203B6D331569} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe <==== ATTENTION
Task: {4211FCCA-240D-4D9E-99E2-5AE1089998A2} - System32\Tasks\40138800 => C:\Program Files (x86)\Fats\tamoxifen.exe <==== ATTENTION
Task: {77CF2498-9632-42A5-928F-1E8C98DEA63E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation) <==== ATTENTION
Task: {80780EA9-8959-46F2-9299-C8FD95C9E23C} - System32\Tasks\36883163 => C:\Program Files (x86)\Hater\tamoxifen.exe <==== ATTENTION
Task: {879B11D9-83DF-4A44-822C-97CD8C566A38} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation) <==== ATTENTION
Task: {A9EB117B-834F-4401-B1AB-289A968F1591} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation) <==== ATTENTION
Task: {BF7F37D7-97BD-43C2-BAD6-9FC78DD1C3B2} - System32\Tasks\7f3ce402df93561fc4e9a3ef9c35c397 => sc start 7f3ce402df93561fc4e9a3ef9c35c397 <==== ATTENTION
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - \ASUS\ASUS Product Register Service -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {E7311B2A-FF63-41FC-A0E7-A9ACF0FFDD6C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation) <==== ATTENTION
Task: {EA707FC7-3D60-4CB5-BED6-8176E252A7F5} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [Spotifywn] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\Spotify store files\start64.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [Spotifyws] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\Spotify local files\start.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [WmiPrvSEst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\WmiPrvSE saved files\start.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [svchostst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\svchost saved files\start.vbs" //B "%1" %* <==== ATTENTION
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [Razer] => C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad\srcwcdii.exe [180224 2016-07-16] ()
C:\Users\Jayden\AppData\Roaming\Spotify store files
C:\Users\Jayden\AppData\Roaming\WmiPrvSE saved files
C:\Users\Jayden\AppData\Roaming\svchost saved files
C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Policies\Explorer\Run: [Razer] => C:\Users\Jayden\AppData\Roaming\Microsoft\fhjcgvwv\srcwcdii.exe
C:\Users\Jayden\AppData\Roaming\Microsoft\fhjcgvwv
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [3PS0ZHO966TW61N] => "C:\Program Files (x86)\ShutdownTime\T5TZ0.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [*56289D4EBA2F2388<*>] => C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388\56289D4EBA2F2388.exe [ ] () <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Windows Audit Service Update] => C:\ProgramData\Windows Audit Service Update\97555w19ei3sy9u.exe [577024 2017-08-30] (������� ����)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [xdsy52fcfkn] => "C:\Users\Jayden\AppData\Roaming\1xou5yd2di3\cg4is2ozwfs.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [K2D8U8PEO2PYP5W] => "C:\Program Files\R3AD2OTJ4D\5AMM1ULNT.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [rihu3ftrjmx] => "C:\Users\Jayden\AppData\Roaming\fh4vycxenzn\hvgdfzhyuzs.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HC7XC4TIY694K75] => "C:\Program Files\IEV4Z6L34X\R2F2NOFH2.exe"
C:\Program Files (x86)\ShutdownTime
C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388
C:\ProgramData\Windows Audit Service Update
C:\Users\Jayden\AppData\Roaming\1xou5yd2di3
C:\Program Files\R3AD2OTJ4D
C:\Users\Jayden\AppData\Roaming\fh4vycxenzn
C:\Program Files\IEV4Z6L34X
C:\WINDOWS\System32\Tasks\24176298
2017-05-04 05:03 - 2017-09-02 08:53 - 000000165 _____ () C:\Users\Jayden\AppData\Roaming\sp_data.sys
2017-07-22 04:05 - 2017-07-22 04:37 - 000000063 _____ () C:\Users\Jayden\AppData\Local\Autosofted License.txt
2017-08-31 18:06 - 2017-08-31 18:06 - 000011568 _____ () C:\Users\Jayden\AppData\Local\InstallationConfiguration.xml
2017-08-31 18:06 - 2017-08-31 18:06 - 000140800 _____ () C:\Users\Jayden\AppData\Local\installer.dat
2017-08-31 18:06 - 2017-08-31 18:07 - 001847296 _____ () C:\Users\Jayden\AppData\Local\po.db
2017-08-31 18:09 - 2017-08-31 18:09 - 000003072 _____ () C:\Users\Jayden\AppData\Local\uninstallce.exe
2017-05-04 01:37 - 2017-05-04 01:37 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388\56289D4EBA2F2388.exe
C:\Users\Default\BypassEls.exe
C:\Users\Default\Elx.exe
C:\Users\Default\elxii.exe
C:\Users\Default\Elxs.exe
2017-07-06 12:11 - 2017-08-06 11:24 - 000000000 _____ () C:\Users\Jayden\AppData\Local\Temp\2e7adecd915fad7ede6cff9c6c6e4e6e.dll
2017-09-01 15:40 - 2017-09-01 15:40 - 000141920 _____ (Adobe Systems) C:\Users\Jayden\AppData\Local\Temp\363E.tmp.exe
2017-06-17 00:26 - 2017-06-20 14:34 - 000000000 _____ () C:\Users\Jayden\AppData\Local\Temp\3fc1552ba19ee3472398342b0fadfa41.dll
2017-05-17 17:21 - 2017-05-17 17:21 - 000000512 _____ () C:\Users\Jayden\AppData\Local\Temp\4ac740ed0737c50e0c4227614cb5d8cb.dll
2017-09-01 15:42 - 2017-09-01 15:42 - 000548864 _____ () C:\Users\Jayden\AppData\Local\Temp\940A.tmp.exe
2017-08-31 18:17 - 2017-08-31 18:17 - 000180224 _____ () C:\Users\Jayden\AppData\Local\Temp\C47.tmp.exe
2017-06-17 00:26 - 2017-06-20 14:10 - 000000089 _____ () C:\Users\Jayden\AppData\Local\Temp\c510884683bb3839289c9d9f39d6d6a5.dll
2017-07-06 12:11 - 2017-08-06 11:24 - 000000088 _____ () C:\Users\Jayden\AppData\Local\Temp\dd221c2a94f225f38abcc7378ae52793.dll
2015-04-27 05:26 - 2015-04-27 05:26 - 000119312 _____ (McAfee, Inc.) C:\Users\Jayden\AppData\Local\Temp\McCSPInstall.dll
2017-05-04 05:32 - 2015-04-27 05:26 - 000161520 _____ (McAfee Inc.) C:\Users\Jayden\AppData\Local\Temp\mccspuninstall.exe
2017-09-01 19:16 - 2017-09-01 19:51 - 018309328 _____ (Microsoft Corporation) C:\Users\Jayden\AppData\Local\Temp\MediaCreationTool.exe
2017-08-31 18:34 - 2017-08-30 21:44 - 000067132 _____ () C:\Users\Jayden\AppData\Local\Temp\Uninstall.exe
2017-08-31 18:08 - 2017-08-31 18:08 - 000003850 _____ C:\WINDOWS\System32\Tasks\36883163
2017-08-31 18:08 - 2017-08-31 18:08 - 000003848 _____ C:\WINDOWS\System32\Tasks\40138800
2017-08-31 18:08 - 2017-08-31 18:08 - 000003844 _____ C:\WINDOWS\System32\Tasks\k36883163
2017-08-31 18:08 - 2017-08-31 18:08 - 000003726 _____ C:\WINDOWS\System32\Tasks\ba2417629824176298
2017-08-31 18:08 - 2017-08-31 18:08 - 000003724 _____ C:\WINDOWS\System32\Tasks\ba3688316336883163
2017-08-31 18:08 - 2017-08-31 18:08 - 000003722 _____ C:\WINDOWS\System32\Tasks\ba4013880040138800
2017-08-31 18:08 - 2017-08-31 18:08 - 000003720 _____ C:\WINDOWS\System32\Tasks\bak36883163k36883163
2017-08-31 18:08 - 2017-08-31 18:08 - 000003436 _____ C:\WINDOWS\System32\Tasks\SystemHealer Run Delay
2017-08-31 18:08 - 2017-08-31 18:08 - 000000020 _____ C:\WINDOWS\b40138800
C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2017-08-31 18:07 - 2017-08-31 18:07 - 000000000 ____D C:\Users\Jayden\AppData\Local\IPNinja
2017-08-31 18:06 - 2017-08-31 18:07 - 001847296 _____ C:\Users\Jayden\AppData\Local\po.db
2017-08-31 18:06 - 2017-08-31 18:07 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\fh4vycxenzn
2017-08-31 18:06 - 2017-08-31 18:06 - 000000000 ____D C:\WINDOWS\SysWOW64\niskqmq
2017-08-31 18:06 - 2017-08-31 18:06 - 000000000 ____D C:\WINDOWS\system32\niskqmq
2017-08-31 04:05 - 2017-08-31 04:05 - 000795648 _____ C:\WINDOWS\f4dffc42d56fd397820b798a5becaced.exe
2017-08-31 04:05 - 2017-08-31 04:05 - 000078744 _____ (MTQ0HV) C:\WINDOWS\system32\Drivers\310f8a5b7af987185d7fd09b4a6a7a63.sys
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [baldock] => "C:\Program Files (x86)\dislodged\baldock.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [penicillin] => "C:\Program Files (x86)\Fats\tamoxifen.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotifywn] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\Spotify store files\start64.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotifyws] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\Spotify local files\start.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WmiPrvSEst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\WmiPrvSE saved files\start.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [svchostst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\svchost saved files\start.vbs" //B "%1" %* <==== ATTENTION
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Razer] => C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad\srcwcdii.exe [180224 2016-07-16] ()
C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad
S2 AdsService; C:\Users\Jayden\AppData\Local\AdService\AdService.dll [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
C:\Program Files (x86)\ProxyGate
C:\Users\Jayden\AppData\Roaming\Microsoft\fhjcgvwv
IFEO\rstrui.exe: [Debugger] wruyvecxh.exe
Startup: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spotifywn.vbs [2017-09-01] ()
Startup: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spotifyws.vbs [2017-09-01] ()
Startup: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ware.lnk [2017-08-31]
Startup: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WmiPrvSEst.vbs [2017-09-01] ()
BootExecute: autocheck mslnautocheck autochk *
Task: {00FF0A1C-1271-45BF-BA86-05881B534382} - \ASUS USB Charger Plus -> No File <==== ATTENTION
Task: {2E8281BF-E2C0-4AED-AF67-9B77422C4535} - \ASUS Splendid ACMON -> No File <==== ATTENTION
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - \ASUS\ASUS Product Register Service -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [K2D8U8PEO2PYP5W] => "C:\Program Files\R3AD2OTJ4D\5AMM1ULNT.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [rihu3ftrjmx] => "C:\Users\Jayden\AppData\Roaming\fh4vycxenzn\hvgdfzhyuzs.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [HC7XC4TIY694K75] => "C:\Program Files\IEV4Z6L34X\R2F2NOFH2.exe"
C:\Program Files\R3AD2OTJ4D
C:\Program Files\IEV4Z6L34X
C:\Users\Jayden\AppData\Roaming\fh4vycxenzn
C:\Program Files\IEV4Z6L34X
C:\Program Files (x86)\dislodged
C:\Program Files (x86)\Fats
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [HC7XC4TIY694K75] => "C:\Program Files\IEV4Z6L34X\R2F2NOFH2.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [baldock] => "C:\Program Files (x86)\dislodged\baldock.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [penicillin] => "C:\Program Files (x86)\Fats\tamoxifen.exe"
C:\Windows\Temp\mswskpzsrv.exe
C:\Users\Jayden\AppData\Local\wmicpra
HKLM-x32\...\Run: [wmicpra] => C:\Users\Jayden\AppData\Local\wmicpra\wmicpra.exe [885760 2017-08-20] ()
HKLM\...\RunOnce: [Windows Audit Service Update] => C:\ProgramData\Windows Audit Service Update\97555w19ei3sy9u.exe [577024 2017-08-30] (������� ����)
C:\ProgramData\Windows Audit Service Update
C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [xdsy52fcfkn] => "C:\Users\Jayden\AppData\Roaming\1xou5yd2di3\cg4is2ozwfs.exe"
C:\Users\Jayden\AppData\Roaming\1xou5yd2di3
2017-07-06 12:11 - 2017-08-06 11:24 - 000000000 _____ () C:\Users\Jayden\AppData\Local\Temp\2e7adecd915fad7ede6cff9c6c6e4e6e.dll
2017-09-01 15:40 - 2017-09-01 15:40 - 000141920 _____ (Adobe Systems) C:\Users\Jayden\AppData\Local\Temp\363E.tmp.exe
2017-06-17 00:26 - 2017-06-20 14:34 - 000000000 _____ () C:\Users\Jayden\AppData\Local\Temp\3fc1552ba19ee3472398342b0fadfa41.dll
2017-05-17 17:21 - 2017-05-17 17:21 - 000000512 _____ () C:\Users\Jayden\AppData\Local\Temp\4ac740ed0737c50e0c4227614cb5d8cb.dll
2017-09-01 15:42 - 2017-09-01 15:42 - 000548864 _____ () C:\Users\Jayden\AppData\Local\Temp\940A.tmp.exe
2017-08-31 18:17 - 2017-08-31 18:17 - 000180224 _____ () C:\Users\Jayden\AppData\Local\Temp\C47.tmp.exe
2017-06-17 00:26 - 2017-06-20 14:10 - 000000089 _____ () C:\Users\Jayden\AppData\Local\Temp\c510884683bb3839289c9d9f39d6d6a5.dll
2017-07-06 12:11 - 2017-08-06 11:24 - 000000088 _____ () C:\Users\Jayden\AppData\Local\Temp\dd221c2a94f225f38abcc7378ae52793.dll
2015-04-27 05:26 - 2015-04-27 05:26 - 000119312 _____ (McAfee, Inc.) C:\Users\Jayden\AppData\Local\Temp\McCSPInstall.dll
2017-05-04 05:32 - 2015-04-27 05:26 - 000161520 _____ (McAfee Inc.) C:\Users\Jayden\AppData\Local\Temp\mccspuninstall.exe
2017-09-01 19:16 - 2017-09-01 19:51 - 018309328 _____ (Microsoft Corporation) C:\Users\Jayden\AppData\Local\Temp\MediaCreationTool.exe
2017-08-31 18:34 - 2017-08-30 21:44 - 000067132 _____ () C:\Users\Jayden\AppData\Local\Temp\Uninstall.exe
2017-09-02 08:48 - 2017-09-02 08:48 - 000148992 _____ () \\?\C:\Users\Jayden\AppData\Local\Temp\89ED.tmp.node
AlternateDataStreams: C:\Users\Jayden\AppData\Local\Temp:$DATA [34]
2017-09-01 15:40 - 2017-09-01 15:40 - 000141920 _____ (Adobe Systems) C:\Users\Jayden\AppData\Local\Temp\363E.tmp.exe
2017-09-01 15:42 - 2017-09-01 15:42 - 000548864 _____ () C:\Users\Jayden\AppData\Local\Temp\940A.tmp.exe
2017-08-31 18:17 - 2017-08-31 18:17 - 000180224 _____ () C:\Users\Jayden\AppData\Local\Temp\C47.tmp.exe
2017-09-02 08:48 - 2017-09-02 08:48 - 000148992 _____ () \\?\C:\Users\Jayden\AppData\Local\Temp\89ED.tmp.node
IFEO\rstrui.exe: [Debugger] wruyvecxh.exe
Folder:: C:\Windows\System32\Drivers
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 elmm29

elmm29
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 September 2017 - 03:15 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Jayden (02-09-2017 12:40:24) Run:2
Running from C:\Users\Jayden\Downloads
Loaded Profiles: Jayden (Available Profiles: Jayden)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
S2 AdsService; C:\Users\Jayden\AppData\Local\AdService\AdService.dll [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [X] <==== ATTENTION
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [*56289D4EBA2F2388<*>] => C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388\56289D4EBA2F2388.exe [ ] () <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [svchostst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\svchost saved files\start.vbs" //B "%1" %* <==== ATTENTION
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [*56289D4EBA2F2388<*>] => C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388\56289D4EBA2F2388.exe [ ] () <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [svchostst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\svchost saved files\start.vbs" //B "%1" %* <==== ATTENTION
Startup: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostst.vbs [2017-09-02] () <==== ATTENTION
C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostst.vbs
C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388
C:\Users\Jayden\AppData\Roaming\svchost saved files
C:\Program Files (x86)\ProxyGate
C:\Users\Jayden\AppData\Local\tamoxifen.exe
C:\Program Files (x86)\SystemHealer
C:\Program Files (x86)\Fats
C:\Windows\System32\Tasks\7f3ce402df93561fc4e9a3ef9c35c397
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [X] <==== ATTENTION
Task: {00FF0A1C-1271-45BF-BA86-05881B534382} - \ASUS USB Charger Plus -> No File <==== ATTENTION
Task: {0821E7C7-081C-43E1-B44C-04E8B56ED353} - System32\Tasks\24176298 => C:\Users\Jayden\AppData\Local\tamoxifen.exe <==== ATTENTION
Task: {2E8281BF-E2C0-4AED-AF67-9B77422C4535} - \ASUS Splendid ACMON -> No File <==== ATTENTION
Task: {31FE7F83-5B9A-4128-B679-203B6D331569} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe <==== ATTENTION
Task: {4211FCCA-240D-4D9E-99E2-5AE1089998A2} - System32\Tasks\40138800 => C:\Program Files (x86)\Fats\tamoxifen.exe <==== ATTENTION
Task: {77CF2498-9632-42A5-928F-1E8C98DEA63E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation) <==== ATTENTION
Task: {80780EA9-8959-46F2-9299-C8FD95C9E23C} - System32\Tasks\36883163 => C:\Program Files (x86)\Hater\tamoxifen.exe <==== ATTENTION
Task: {879B11D9-83DF-4A44-822C-97CD8C566A38} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation) <==== ATTENTION
Task: {A9EB117B-834F-4401-B1AB-289A968F1591} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation) <==== ATTENTION
Task: {BF7F37D7-97BD-43C2-BAD6-9FC78DD1C3B2} - System32\Tasks\7f3ce402df93561fc4e9a3ef9c35c397 => sc start 7f3ce402df93561fc4e9a3ef9c35c397 <==== ATTENTION
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - \ASUS\ASUS Product Register Service -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {E7311B2A-FF63-41FC-A0E7-A9ACF0FFDD6C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation) <==== ATTENTION
Task: {EA707FC7-3D60-4CB5-BED6-8176E252A7F5} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [Spotifywn] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\Spotify store files\start64.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [Spotifyws] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\Spotify local files\start.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [WmiPrvSEst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\WmiPrvSE saved files\start.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [svchostst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\svchost saved files\start.vbs" //B "%1" %* <==== ATTENTION
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [Razer] => C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad\srcwcdii.exe [180224 2016-07-16] ()
C:\Users\Jayden\AppData\Roaming\Spotify store files
C:\Users\Jayden\AppData\Roaming\WmiPrvSE saved files
C:\Users\Jayden\AppData\Roaming\svchost saved files
C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Policies\Explorer\Run: [Razer] => C:\Users\Jayden\AppData\Roaming\Microsoft\fhjcgvwv\srcwcdii.exe
C:\Users\Jayden\AppData\Roaming\Microsoft\fhjcgvwv
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [3PS0ZHO966TW61N] => "C:\Program Files (x86)\ShutdownTime\T5TZ0.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [*56289D4EBA2F2388<*>] => C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388\56289D4EBA2F2388.exe [ ] () <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Windows Audit Service Update] => C:\ProgramData\Windows Audit Service Update\97555w19ei3sy9u.exe [577024 2017-08-30] (������� ����)
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [xdsy52fcfkn] => "C:\Users\Jayden\AppData\Roaming\1xou5yd2di3\cg4is2ozwfs.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [K2D8U8PEO2PYP5W] => "C:\Program Files\R3AD2OTJ4D\5AMM1ULNT.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [rihu3ftrjmx] => "C:\Users\Jayden\AppData\Roaming\fh4vycxenzn\hvgdfzhyuzs.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HC7XC4TIY694K75] => "C:\Program Files\IEV4Z6L34X\R2F2NOFH2.exe"
C:\Program Files (x86)\ShutdownTime
C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388
C:\ProgramData\Windows Audit Service Update
C:\Users\Jayden\AppData\Roaming\1xou5yd2di3
C:\Program Files\R3AD2OTJ4D
C:\Users\Jayden\AppData\Roaming\fh4vycxenzn
C:\Program Files\IEV4Z6L34X
C:\WINDOWS\System32\Tasks\24176298
2017-05-04 05:03 - 2017-09-02 08:53 - 000000165 _____ () C:\Users\Jayden\AppData\Roaming\sp_data.sys
2017-07-22 04:05 - 2017-07-22 04:37 - 000000063 _____ () C:\Users\Jayden\AppData\Local\Autosofted License.txt
2017-08-31 18:06 - 2017-08-31 18:06 - 000011568 _____ () C:\Users\Jayden\AppData\Local\InstallationConfiguration.xml
2017-08-31 18:06 - 2017-08-31 18:06 - 000140800 _____ () C:\Users\Jayden\AppData\Local\installer.dat
2017-08-31 18:06 - 2017-08-31 18:07 - 001847296 _____ () C:\Users\Jayden\AppData\Local\po.db
2017-08-31 18:09 - 2017-08-31 18:09 - 000003072 _____ () C:\Users\Jayden\AppData\Local\uninstallce.exe
2017-05-04 01:37 - 2017-05-04 01:37 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388\56289D4EBA2F2388.exe
C:\Users\Default\BypassEls.exe
C:\Users\Default\Elx.exe
C:\Users\Default\elxii.exe
C:\Users\Default\Elxs.exe
2017-07-06 12:11 - 2017-08-06 11:24 - 000000000 _____ () C:\Users\Jayden\AppData\Local\Temp\2e7adecd915fad7ede6cff9c6c6e4e6e.dll
2017-09-01 15:40 - 2017-09-01 15:40 - 000141920 _____ (Adobe Systems) C:\Users\Jayden\AppData\Local\Temp\363E.tmp.exe
2017-06-17 00:26 - 2017-06-20 14:34 - 000000000 _____ () C:\Users\Jayden\AppData\Local\Temp\3fc1552ba19ee3472398342b0fadfa41.dll
2017-05-17 17:21 - 2017-05-17 17:21 - 000000512 _____ () C:\Users\Jayden\AppData\Local\Temp\4ac740ed0737c50e0c4227614cb5d8cb.dll
2017-09-01 15:42 - 2017-09-01 15:42 - 000548864 _____ () C:\Users\Jayden\AppData\Local\Temp\940A.tmp.exe
2017-08-31 18:17 - 2017-08-31 18:17 - 000180224 _____ () C:\Users\Jayden\AppData\Local\Temp\C47.tmp.exe
2017-06-17 00:26 - 2017-06-20 14:10 - 000000089 _____ () C:\Users\Jayden\AppData\Local\Temp\c510884683bb3839289c9d9f39d6d6a5.dll
2017-07-06 12:11 - 2017-08-06 11:24 - 000000088 _____ () C:\Users\Jayden\AppData\Local\Temp\dd221c2a94f225f38abcc7378ae52793.dll
2015-04-27 05:26 - 2015-04-27 05:26 - 000119312 _____ (McAfee, Inc.) C:\Users\Jayden\AppData\Local\Temp\McCSPInstall.dll
2017-05-04 05:32 - 2015-04-27 05:26 - 000161520 _____ (McAfee Inc.) C:\Users\Jayden\AppData\Local\Temp\mccspuninstall.exe
2017-09-01 19:16 - 2017-09-01 19:51 - 018309328 _____ (Microsoft Corporation) C:\Users\Jayden\AppData\Local\Temp\MediaCreationTool.exe
2017-08-31 18:34 - 2017-08-30 21:44 - 000067132 _____ () C:\Users\Jayden\AppData\Local\Temp\Uninstall.exe
2017-08-31 18:08 - 2017-08-31 18:08 - 000003850 _____ C:\WINDOWS\System32\Tasks\36883163
2017-08-31 18:08 - 2017-08-31 18:08 - 000003848 _____ C:\WINDOWS\System32\Tasks\40138800
2017-08-31 18:08 - 2017-08-31 18:08 - 000003844 _____ C:\WINDOWS\System32\Tasks\k36883163
2017-08-31 18:08 - 2017-08-31 18:08 - 000003726 _____ C:\WINDOWS\System32\Tasks\ba2417629824176298
2017-08-31 18:08 - 2017-08-31 18:08 - 000003724 _____ C:\WINDOWS\System32\Tasks\ba3688316336883163
2017-08-31 18:08 - 2017-08-31 18:08 - 000003722 _____ C:\WINDOWS\System32\Tasks\ba4013880040138800
2017-08-31 18:08 - 2017-08-31 18:08 - 000003720 _____ C:\WINDOWS\System32\Tasks\bak36883163k36883163
2017-08-31 18:08 - 2017-08-31 18:08 - 000003436 _____ C:\WINDOWS\System32\Tasks\SystemHealer Run Delay
2017-08-31 18:08 - 2017-08-31 18:08 - 000000020 _____ C:\WINDOWS\b40138800
C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2017-08-31 18:07 - 2017-08-31 18:07 - 000000000 ____D C:\Users\Jayden\AppData\Local\IPNinja
2017-08-31 18:06 - 2017-08-31 18:07 - 001847296 _____ C:\Users\Jayden\AppData\Local\po.db
2017-08-31 18:06 - 2017-08-31 18:07 - 000000000 ____D C:\Users\Jayden\AppData\Roaming\fh4vycxenzn
2017-08-31 18:06 - 2017-08-31 18:06 - 000000000 ____D C:\WINDOWS\SysWOW64\niskqmq
2017-08-31 18:06 - 2017-08-31 18:06 - 000000000 ____D C:\WINDOWS\system32\niskqmq
2017-08-31 04:05 - 2017-08-31 04:05 - 000795648 _____ C:\WINDOWS\f4dffc42d56fd397820b798a5becaced.exe
2017-08-31 04:05 - 2017-08-31 04:05 - 000078744 _____ (MTQ0HV) C:\WINDOWS\system32\Drivers\310f8a5b7af987185d7fd09b4a6a7a63.sys
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [baldock] => "C:\Program Files (x86)\dislodged\baldock.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [penicillin] => "C:\Program Files (x86)\Fats\tamoxifen.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotifywn] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\Spotify store files\start64.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotifyws] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\Spotify local files\start.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WmiPrvSEst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\WmiPrvSE saved files\start.vbs" //B "%1" %*
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [svchostst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\svchost saved files\start.vbs" //B "%1" %* <==== ATTENTION
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Razer] => C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad\srcwcdii.exe [180224 2016-07-16] ()
C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad
S2 AdsService; C:\Users\Jayden\AppData\Local\AdService\AdService.dll [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
C:\Program Files (x86)\ProxyGate
C:\Users\Jayden\AppData\Roaming\Microsoft\fhjcgvwv
IFEO\rstrui.exe: [Debugger] wruyvecxh.exe
Startup: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spotifywn.vbs [2017-09-01] ()
Startup: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spotifyws.vbs [2017-09-01] ()
Startup: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ware.lnk [2017-08-31]
Startup: C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WmiPrvSEst.vbs [2017-09-01] ()
BootExecute: autocheck mslnautocheck autochk *
Task: {00FF0A1C-1271-45BF-BA86-05881B534382} - \ASUS USB Charger Plus -> No File <==== ATTENTION
Task: {2E8281BF-E2C0-4AED-AF67-9B77422C4535} - \ASUS Splendid ACMON -> No File <==== ATTENTION
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - \ASUS\ASUS Product Register Service -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [K2D8U8PEO2PYP5W] => "C:\Program Files\R3AD2OTJ4D\5AMM1ULNT.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [rihu3ftrjmx] => "C:\Users\Jayden\AppData\Roaming\fh4vycxenzn\hvgdfzhyuzs.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [HC7XC4TIY694K75] => "C:\Program Files\IEV4Z6L34X\R2F2NOFH2.exe"
C:\Program Files\R3AD2OTJ4D
C:\Program Files\IEV4Z6L34X
C:\Users\Jayden\AppData\Roaming\fh4vycxenzn
C:\Program Files\IEV4Z6L34X
C:\Program Files (x86)\dislodged
C:\Program Files (x86)\Fats
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [HC7XC4TIY694K75] => "C:\Program Files\IEV4Z6L34X\R2F2NOFH2.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [baldock] => "C:\Program Files (x86)\dislodged\baldock.exe"
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [penicillin] => "C:\Program Files (x86)\Fats\tamoxifen.exe"
C:\Windows\Temp\mswskpzsrv.exe
C:\Users\Jayden\AppData\Local\wmicpra
HKLM-x32\...\Run: [wmicpra] => C:\Users\Jayden\AppData\Local\wmicpra\wmicpra.exe [885760 2017-08-20] ()
HKLM\...\RunOnce: [Windows Audit Service Update] => C:\ProgramData\Windows Audit Service Update\97555w19ei3sy9u.exe [577024 2017-08-30] (������� ����)
C:\ProgramData\Windows Audit Service Update
C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\...\Run: [xdsy52fcfkn] => "C:\Users\Jayden\AppData\Roaming\1xou5yd2di3\cg4is2ozwfs.exe"
C:\Users\Jayden\AppData\Roaming\1xou5yd2di3
2017-07-06 12:11 - 2017-08-06 11:24 - 000000000 _____ () C:\Users\Jayden\AppData\Local\Temp\2e7adecd915fad7ede6cff9c6c6e4e6e.dll
2017-09-01 15:40 - 2017-09-01 15:40 - 000141920 _____ (Adobe Systems) C:\Users\Jayden\AppData\Local\Temp\363E.tmp.exe
2017-06-17 00:26 - 2017-06-20 14:34 - 000000000 _____ () C:\Users\Jayden\AppData\Local\Temp\3fc1552ba19ee3472398342b0fadfa41.dll
2017-05-17 17:21 - 2017-05-17 17:21 - 000000512 _____ () C:\Users\Jayden\AppData\Local\Temp\4ac740ed0737c50e0c4227614cb5d8cb.dll
2017-09-01 15:42 - 2017-09-01 15:42 - 000548864 _____ () C:\Users\Jayden\AppData\Local\Temp\940A.tmp.exe
2017-08-31 18:17 - 2017-08-31 18:17 - 000180224 _____ () C:\Users\Jayden\AppData\Local\Temp\C47.tmp.exe
2017-06-17 00:26 - 2017-06-20 14:10 - 000000089 _____ () C:\Users\Jayden\AppData\Local\Temp\c510884683bb3839289c9d9f39d6d6a5.dll
2017-07-06 12:11 - 2017-08-06 11:24 - 000000088 _____ () C:\Users\Jayden\AppData\Local\Temp\dd221c2a94f225f38abcc7378ae52793.dll
2015-04-27 05:26 - 2015-04-27 05:26 - 000119312 _____ (McAfee, Inc.) C:\Users\Jayden\AppData\Local\Temp\McCSPInstall.dll
2017-05-04 05:32 - 2015-04-27 05:26 - 000161520 _____ (McAfee Inc.) C:\Users\Jayden\AppData\Local\Temp\mccspuninstall.exe
2017-09-01 19:16 - 2017-09-01 19:51 - 018309328 _____ (Microsoft Corporation) C:\Users\Jayden\AppData\Local\Temp\MediaCreationTool.exe
2017-08-31 18:34 - 2017-08-30 21:44 - 000067132 _____ () C:\Users\Jayden\AppData\Local\Temp\Uninstall.exe
2017-09-02 08:48 - 2017-09-02 08:48 - 000148992 _____ () \\?\C:\Users\Jayden\AppData\Local\Temp\89ED.tmp.node
AlternateDataStreams: C:\Users\Jayden\AppData\Local\Temp:$DATA [34]
2017-09-01 15:40 - 2017-09-01 15:40 - 000141920 _____ (Adobe Systems) C:\Users\Jayden\AppData\Local\Temp\363E.tmp.exe
2017-09-01 15:42 - 2017-09-01 15:42 - 000548864 _____ () C:\Users\Jayden\AppData\Local\Temp\940A.tmp.exe
2017-08-31 18:17 - 2017-08-31 18:17 - 000180224 _____ () C:\Users\Jayden\AppData\Local\Temp\C47.tmp.exe
2017-09-02 08:48 - 2017-09-02 08:48 - 000148992 _____ () \\?\C:\Users\Jayden\AppData\Local\Temp\89ED.tmp.node
IFEO\rstrui.exe: [Debugger] wruyvecxh.exe
Folder:: C:\Windows\System32\Drivers
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
AdsService => service not found.
ibtsiva => service not found.
pgt_svc => service not found.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key not found. 
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Windows\CurrentVersion\Run\\*56289D4EBA2F2388<*> => value removed successfully
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Windows\CurrentVersion\Run\\svchostst => value not found.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [*56289D4EBA2F2388<*>] => C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388\56289D4EBA2F2388.exe [ ] () <==== ATTENTION (Value Name with invalid characters) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [svchostst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\svchost saved files\start.vbs" //B "%1" %* <==== ATTENTION => Error: No automatic fix found for this entry.
Could not move "C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostst.vbs" => Scheduled to move on reboot.
Could not move "C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostst.vbs" => Scheduled to move on reboot.
C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388 => moved successfully
"C:\Users\Jayden\AppData\Roaming\svchost saved files" => not found.
"C:\Program Files (x86)\ProxyGate" => not found.
"C:\Users\Jayden\AppData\Local\tamoxifen.exe" => not found.
"C:\Program Files (x86)\SystemHealer" => not found.
"C:\Program Files (x86)\Fats" => not found.
"C:\Windows\System32\Tasks\7f3ce402df93561fc4e9a3ef9c35c397" => not found.
pgt_svc => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00FF0A1C-1271-45BF-BA86-05881B534382} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS USB Charger Plus => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0821E7C7-081C-43E1-B44C-04E8B56ED353} => key not found. 
C:\WINDOWS\System32\Tasks\24176298 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\24176298 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E8281BF-E2C0-4AED-AF67-9B77422C4535} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ACMON => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31FE7F83-5B9A-4128-B679-203B6D331569} => key not found. 
C:\WINDOWS\System32\Tasks\SystemHealer Monitor => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4211FCCA-240D-4D9E-99E2-5AE1089998A2} => key not found. 
C:\WINDOWS\System32\Tasks\40138800 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\40138800 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77CF2498-9632-42A5-928F-1E8C98DEA63E} => key not found. 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80780EA9-8959-46F2-9299-C8FD95C9E23C} => key not found. 
C:\WINDOWS\System32\Tasks\36883163 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\36883163 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{879B11D9-83DF-4A44-822C-97CD8C566A38} => key not found. 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9EB117B-834F-4401-B1AB-289A968F1591} => key not found. 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Verification => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF7F37D7-97BD-43C2-BAD6-9FC78DD1C3B2} => key not found. 
C:\WINDOWS\System32\Tasks\7f3ce402df93561fc4e9a3ef9c35c397 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7f3ce402df93561fc4e9a3ef9c35c397 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3743588-7A16-4C43-8C71-1C01151FD07B} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\ASUS Product Register Service => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7311B2A-FF63-41FC-A0E7-A9ACF0FFDD6C} => key not found. 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA707FC7-3D60-4CB5-BED6-8176E252A7F5} => key not found. 
C:\WINDOWS\System32\Tasks\SystemHealer Run Delay => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E} => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E} => key not found. 
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jayden\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key not found. 
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key not found. 
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key not found. 
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key not found. 
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key not found. 
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key not found. 
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key not found. 
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key not found. 
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key not found. 
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Spotifywn => value not found.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Spotifyws => value not found.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WmiPrvSEst => value not found.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Windows\CurrentVersion\Run\\svchostst => value not found.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Razer => value not found.
"C:\Users\Jayden\AppData\Roaming\Spotify store files" => not found.
"C:\Users\Jayden\AppData\Roaming\WmiPrvSE saved files" => not found.
"C:\Users\Jayden\AppData\Roaming\svchost saved files" => not found.
 
"C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad" folder move:
 
Could not move "C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad" => Scheduled to move on reboot.
 
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Razer => value removed successfully
C:\Users\Jayden\AppData\Roaming\Microsoft\fhjcgvwv => moved successfully
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [3PS0ZHO966TW61N] => "C:\Program Files (x86)\ShutdownTime\T5TZ0.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [*56289D4EBA2F2388<*>] => C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388\56289D4EBA2F2388.exe [ ] () <==== ATTENTION (Value Name with invalid characters) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Windows Audit Service Update] => C:\ProgramData\Windows Audit Service Update\97555w19ei3sy9u.exe [577024 2017-08-30] (������� ����) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [xdsy52fcfkn] => "C:\Users\Jayden\AppData\Roaming\1xou5yd2di3\cg4is2ozwfs.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [K2D8U8PEO2PYP5W] => "C:\Program Files\R3AD2OTJ4D\5AMM1ULNT.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [rihu3ftrjmx] => "C:\Users\Jayden\AppData\Roaming\fh4vycxenzn\hvgdfzhyuzs.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HC7XC4TIY694K75] => "C:\Program Files\IEV4Z6L34X\R2F2NOFH2.exe" => Error: No automatic fix found for this entry.
"C:\Program Files (x86)\ShutdownTime" => not found.
"C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388" => not found.
 
"C:\ProgramData\Windows Audit Service Update" folder move:
 
Could not move "C:\ProgramData\Windows Audit Service Update" => Scheduled to move on reboot.
 
"C:\Users\Jayden\AppData\Roaming\1xou5yd2di3" => not found.
"C:\Program Files\R3AD2OTJ4D" => not found.
C:\Users\Jayden\AppData\Roaming\fh4vycxenzn => moved successfully
"C:\Program Files\IEV4Z6L34X" => not found.
"C:\WINDOWS\System32\Tasks\24176298" => not found.
C:\Users\Jayden\AppData\Roaming\sp_data.sys => moved successfully
C:\Users\Jayden\AppData\Local\Autosofted License.txt => moved successfully
C:\Users\Jayden\AppData\Local\InstallationConfiguration.xml => moved successfully
C:\Users\Jayden\AppData\Local\installer.dat => moved successfully
C:\Users\Jayden\AppData\Local\po.db => moved successfully
C:\Users\Jayden\AppData\Local\uninstallce.exe => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388\56289D4EBA2F2388.exe" => not found.
C:\Users\Default\BypassEls.exe => moved successfully
C:\Users\Default\Elx.exe => moved successfully
C:\Users\Default\elxii.exe => moved successfully
C:\Users\Default\Elxs.exe => moved successfully
C:\Users\Jayden\AppData\Local\Temp\2e7adecd915fad7ede6cff9c6c6e4e6e.dll => moved successfully
C:\Users\Jayden\AppData\Local\Temp\363E.tmp.exe => moved successfully
C:\Users\Jayden\AppData\Local\Temp\3fc1552ba19ee3472398342b0fadfa41.dll => moved successfully
C:\Users\Jayden\AppData\Local\Temp\4ac740ed0737c50e0c4227614cb5d8cb.dll => moved successfully
C:\Users\Jayden\AppData\Local\Temp\940A.tmp.exe => moved successfully
C:\Users\Jayden\AppData\Local\Temp\C47.tmp.exe => moved successfully
C:\Users\Jayden\AppData\Local\Temp\c510884683bb3839289c9d9f39d6d6a5.dll => moved successfully
C:\Users\Jayden\AppData\Local\Temp\dd221c2a94f225f38abcc7378ae52793.dll => moved successfully
C:\Users\Jayden\AppData\Local\Temp\McCSPInstall.dll => moved successfully
C:\Users\Jayden\AppData\Local\Temp\mccspuninstall.exe => moved successfully
C:\Users\Jayden\AppData\Local\Temp\MediaCreationTool.exe => moved successfully
C:\Users\Jayden\AppData\Local\Temp\Uninstall.exe => moved successfully
"C:\WINDOWS\System32\Tasks\36883163" => not found.
"C:\WINDOWS\System32\Tasks\40138800" => not found.
C:\WINDOWS\System32\Tasks\k36883163 => moved successfully
C:\WINDOWS\System32\Tasks\ba2417629824176298 => moved successfully
C:\WINDOWS\System32\Tasks\ba3688316336883163 => moved successfully
C:\WINDOWS\System32\Tasks\ba4013880040138800 => moved successfully
C:\WINDOWS\System32\Tasks\bak36883163k36883163 => moved successfully
"C:\WINDOWS\System32\Tasks\SystemHealer Run Delay" => not found.
C:\WINDOWS\b40138800 => moved successfully
"C:\WINDOWS\System32\Tasks\SystemHealer Monitor" => not found.
C:\Users\Jayden\AppData\Local\IPNinja => moved successfully
"C:\Users\Jayden\AppData\Local\po.db" => not found.
"C:\Users\Jayden\AppData\Roaming\fh4vycxenzn" => not found.
C:\WINDOWS\SysWOW64\niskqmq => moved successfully
 
"C:\WINDOWS\system32\niskqmq" folder move:
 
Could not move "C:\WINDOWS\system32\niskqmq" => Scheduled to move on reboot.
 
C:\WINDOWS\f4dffc42d56fd397820b798a5becaced.exe => moved successfully
C:\WINDOWS\system32\Drivers\310f8a5b7af987185d7fd09b4a6a7a63.sys => moved successfully
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [baldock] => "C:\Program Files (x86)\dislodged\baldock.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [penicillin] => "C:\Program Files (x86)\Fats\tamoxifen.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotifywn] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\Spotify store files\start64.vbs" //B "%1" %* => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotifyws] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\Spotify local files\start.vbs" //B "%1" %* => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WmiPrvSEst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\WmiPrvSE saved files\start.vbs" //B "%1" %* => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [svchostst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Jayden\AppData\Roaming\svchost saved files\start.vbs" //B "%1" %* <==== ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Razer] => C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad\srcwcdii.exe [180224 2016-07-16] () => Error: No automatic fix found for this entry.
 
"C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad" folder move:
 
Could not move "C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad" => Scheduled to move on reboot.
 
AdsService => service not found.
ibtsiva => service not found.
"C:\Program Files (x86)\ProxyGate" => not found.
"C:\Users\Jayden\AppData\Roaming\Microsoft\fhjcgvwv" => not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => key removed successfully
Could not move "C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spotifywn.vbs" => Scheduled to move on reboot.
Could not move "C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spotifyws.vbs" => Scheduled to move on reboot.
C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ware.lnk => moved successfully
Could not move "C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WmiPrvSEst.vbs" => Scheduled to move on reboot.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00FF0A1C-1271-45BF-BA86-05881B534382} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS USB Charger Plus => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E8281BF-E2C0-4AED-AF67-9B77422C4535} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ACMON => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3743588-7A16-4C43-8C71-1C01151FD07B} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\ASUS Product Register Service => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler => key not found. 
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Windows\CurrentVersion\Run\\K2D8U8PEO2PYP5W => value removed successfully
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Windows\CurrentVersion\Run\\rihu3ftrjmx => value removed successfully
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HC7XC4TIY694K75 => value removed successfully
"C:\Program Files\R3AD2OTJ4D" => not found.
"C:\Program Files\IEV4Z6L34X" => not found.
"C:\Users\Jayden\AppData\Roaming\fh4vycxenzn" => not found.
"C:\Program Files\IEV4Z6L34X" => not found.
"C:\Program Files (x86)\dislodged" => not found.
"C:\Program Files (x86)\Fats" => not found.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HC7XC4TIY694K75 => value not found.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Windows\CurrentVersion\Run\\baldock => value removed successfully
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Windows\CurrentVersion\Run\\penicillin => value removed successfully
C:\Windows\Temp\mswskpzsrv.exe => moved successfully
 
"C:\Users\Jayden\AppData\Local\wmicpra" folder move:
 
Could not move "C:\Users\Jayden\AppData\Local\wmicpra" => Scheduled to move on reboot.
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\wmicpra => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Windows Audit Service Update => value removed successfully
 
"C:\ProgramData\Windows Audit Service Update" folder move:
 
Could not move "C:\ProgramData\Windows Audit Service Update" => Scheduled to move on reboot.
 
"C:\Users\Jayden\AppData\Roaming\56289D4EBA2F2388" => not found.
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\Software\Microsoft\Windows\CurrentVersion\Run\\xdsy52fcfkn => value removed successfully
"C:\Users\Jayden\AppData\Roaming\1xou5yd2di3" => not found.
"C:\Users\Jayden\AppData\Local\Temp\2e7adecd915fad7ede6cff9c6c6e4e6e.dll" => not found.
"C:\Users\Jayden\AppData\Local\Temp\363E.tmp.exe" => not found.
"C:\Users\Jayden\AppData\Local\Temp\3fc1552ba19ee3472398342b0fadfa41.dll" => not found.
"C:\Users\Jayden\AppData\Local\Temp\4ac740ed0737c50e0c4227614cb5d8cb.dll" => not found.
"C:\Users\Jayden\AppData\Local\Temp\940A.tmp.exe" => not found.
"C:\Users\Jayden\AppData\Local\Temp\C47.tmp.exe" => not found.
"C:\Users\Jayden\AppData\Local\Temp\c510884683bb3839289c9d9f39d6d6a5.dll" => not found.
"C:\Users\Jayden\AppData\Local\Temp\dd221c2a94f225f38abcc7378ae52793.dll" => not found.
"C:\Users\Jayden\AppData\Local\Temp\McCSPInstall.dll" => not found.
"C:\Users\Jayden\AppData\Local\Temp\mccspuninstall.exe" => not found.
"C:\Users\Jayden\AppData\Local\Temp\MediaCreationTool.exe" => not found.
"C:\Users\Jayden\AppData\Local\Temp\Uninstall.exe" => not found.
C:\Users\Jayden\AppData\Local\Temp\89ED.tmp.node => moved successfully
C:\Users\Jayden\AppData\Local\Temp => ":$DATA" ADS removed successfully.
"C:\Users\Jayden\AppData\Local\Temp\363E.tmp.exe" => not found.
"C:\Users\Jayden\AppData\Local\Temp\940A.tmp.exe" => not found.
"C:\Users\Jayden\AppData\Local\Temp\C47.tmp.exe" => not found.
"C:\Users\Jayden\AppData\Local\Temp\89ED.tmp.node" => not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => key not found. 
 
========================= Folder:: C:\Windows\System32\Drivers ========================
 
not found.
 
====== End of Folder: ======
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2277826130-4195644225-2934306147-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 337080423 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 104709179 B
Edge => 17044441 B
Chrome => 68787272 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 36156 B
NetworkService => 1123586 B
Jayden => 4007952701 B
 
RecycleBin => 24212355 B
EmptyTemp: => 4.2 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-09-2017 12:52:32)
 
"C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostst.vbs" => Could not move
"C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostst.vbs" => Could not move
C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad => Is moved successfully
C:\ProgramData\Windows Audit Service Update => Is moved successfully
"C:\WINDOWS\system32\niskqmq" => Could not move
C:\Users\Jayden\AppData\Roaming\Microsoft\tuswbgad => Is moved successfully
"C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spotifywn.vbs" => Could not move
"C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spotifyws.vbs" => Could not move
"C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WmiPrvSEst.vbs" => Could not move
"C:\Users\Jayden\AppData\Local\wmicpra" => Could not move
C:\ProgramData\Windows Audit Service Update => Is moved successfully
 
==== End of Fixlog 12:52:39 ====


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:11 PM

Posted 02 September 2017 - 03:54 PM

  • Highlight the entire content of the quote box below.

Start::
Folder: C:\Windows\System32\Drivers
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 elmm29

elmm29
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 September 2017 - 04:11 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Jayden (02-09-2017 14:09:49) Run:3
Running from C:\Users\Jayden\Downloads
Loaded Profiles: Jayden (Available Profiles: Jayden)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
Folder: C:\Windows\System32\Drivers
 
*****************
 
 
========================= Folder: C:\Windows\System32\Drivers ========================
 
2017-09-02 08:19 - 2017-09-02 08:19 - 000192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\0033352F.sys
2017-09-02 08:26 - 2017-09-02 08:26 - 000192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\0C4A3A8D.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000235520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys
2017-09-02 08:19 - 2017-09-02 08:19 - 000192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\15C43594.sys
2017-09-02 08:19 - 2017-09-02 08:19 - 000192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\1DEF356D.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000107360 _____ (LSI) C:\Windows\System32\Drivers\3ware.sys
2017-09-02 08:47 - 2017-09-02 10:53 - 000192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\4E4B4AE8.sys
2017-09-02 08:22 - 2017-09-02 08:22 - 000192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\55903794.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000705888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AcpiDev.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000126816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpiex.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpipagr.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000013312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpitime.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 001135456 _____ (PMC-Sierra) C:\Windows\System32\Drivers\adp80xx.sys
2016-10-27 18:51 - 2016-10-14 21:21 - 000584032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000107520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys
2016-10-27 18:50 - 2016-10-14 20:31 - 000227328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ahcache.sys
2015-05-25 13:20 - 2015-05-25 13:20 - 000021816 _____ (ASUSTek Computer Inc.) C:\Windows\System32\Drivers\AiCharger.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000123392 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000120832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000083296 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000259424 _____ (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000026976 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000172896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000015360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\applockerfltr.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000131936 _____ (PMC-Sierra, Inc.) C:\Windows\System32\Drivers\arcsas.sys
2015-05-12 23:33 - 2015-05-12 22:44 - 000019976 _____ (ASUS) C:\Windows\System32\Drivers\AsHIDSwitch64.sys
2017-03-09 10:18 - 2017-03-09 10:18 - 000128024 _____ (ASUS Corporation) C:\Windows\System32\Drivers\AsusTP.sys
2017-08-12 21:01 - 2017-08-12 21:00 - 000146664 _____ (AVAST Software) C:\Windows\System32\Drivers\aswmonflt.sys.150259688575003
2017-08-12 21:01 - 2017-08-12 21:01 - 000146696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswmonflt.sys.150259689356207
2017-08-12 21:01 - 2017-07-02 17:40 - 001015848 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys.150259689356207
2016-07-16 04:42 - 2016-07-16 04:42 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000028512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000191840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2017-04-20 02:41 - 2017-03-27 22:36 - 000056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BasicDisplay.sys
2017-06-15 16:35 - 2017-06-03 02:15 - 000041472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BasicRender.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000036192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000009728 _____ (Windows ® Win 7 DDK provider) C:\Windows\System32\Drivers\bcmfn.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000009728 _____ (Windows ® Win 7 DDK provider) C:\Windows\System32\Drivers\bcmfn2.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000009728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys
2016-11-08 19:24 - 2016-11-02 03:23 - 000101888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2017-07-12 09:23 - 2017-07-06 23:49 - 000115200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BtaMPM.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BthAvrcpTg.sys
2016-09-30 04:27 - 2016-09-30 04:27 - 000114176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthenum.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000065536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthhfenum.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BthhfHid.sys
2017-05-09 16:04 - 2017-04-27 17:00 - 000249856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BthLEEnum.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000066048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys
2017-07-12 09:20 - 2017-07-06 23:47 - 000128512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthpan.sys
2017-05-09 16:04 - 2017-04-27 16:54 - 000967680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2016-09-30 04:27 - 2016-09-30 04:27 - 000084992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2016-07-16 04:41 - 2016-07-16 04:41 - 000038912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\buttonconverter.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000533856 _____ (QLogic Corporation) C:\Windows\System32\Drivers\bxvbda.sys
2016-10-27 18:49 - 2016-09-10 06:21 - 000118272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\capimg.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000092160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000173056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000076640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CEA.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000102752 _____ (Chelsio Communications) C:\Windows\System32\Drivers\cht4dx64.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000346976 _____ (Chelsio Communications) C:\Windows\System32\Drivers\cht4sx64.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 002104160 _____ (Chelsio Communications) C:\Windows\System32\Drivers\cht4vx64.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000048640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys
2017-03-16 23:05 - 2017-03-04 00:20 - 000379744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2017-07-12 09:21 - 2017-07-07 00:40 - 000376672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\clfs.sys
2016-09-30 04:27 - 2016-09-30 04:27 - 000681304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ClipSp.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000029696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys
2016-09-30 21:34 - 2016-09-15 10:29 - 000023392 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cmimcext.sys
2017-07-12 09:23 - 2017-06-21 00:36 - 000624048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000038752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cnghwassist.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000053088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\condrv.sys
2017-05-16 18:30 - 2017-05-16 18:30 - 000045016 _____ (Corsair) C:\Windows\System32\Drivers\CorsairVBusDriver.sys
2017-05-16 18:30 - 2017-05-16 18:30 - 000021976 _____ (Corsair) C:\Windows\System32\Drivers\CorsairVHidDriver.sys
2016-10-27 18:50 - 2016-10-14 21:29 - 000079200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2017-03-16 23:06 - 2017-03-04 00:15 - 000063328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dam.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000044032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\devauthe.sys
2017-07-12 09:22 - 2017-06-20 23:58 - 000144896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000101720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000038240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Dmpusbstor.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000035840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dmvsc.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000097280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000016168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000035680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys
2016-07-16 04:44 - 2016-07-16 04:44 - 000089560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys
2017-06-15 16:35 - 2017-06-03 02:54 - 000187232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsdport.sys
2017-06-15 16:34 - 2017-06-03 02:51 - 002187104 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2017-06-15 16:34 - 2017-06-03 02:51 - 000402272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2017-03-16 23:06 - 2017-03-04 00:09 - 000658784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms2.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000088416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\EhStorClass.sys
2016-09-30 04:27 - 2016-09-30 04:27 - 000118112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\EhStorTcgDrv.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000013312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 003418976 _____ (QLogic Corporation) C:\Windows\System32\Drivers\evbda.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000334848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\exfat.sys
2016-12-10 00:20 - 2016-11-11 03:13 - 000352096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000032256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000088576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\filecrypt.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000085344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000035840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000377696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000031584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2017-05-09 16:05 - 2017-04-27 17:44 - 000062816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys
2015-12-26 21:25 - 2014-09-09 12:42 - 000098160 _____ (FTDI Ltd.) C:\Windows\System32\Drivers\ftdibus.sys
2015-12-26 21:25 - 2014-09-09 12:42 - 000079872 _____ (FTDI Ltd.) C:\Windows\System32\Drivers\ftser2k.sys
2016-09-30 21:34 - 2016-09-15 10:15 - 000649568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2017-03-16 23:06 - 2017-03-04 00:17 - 000409952 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2016-07-16 04:41 - 2016-07-16 04:41 - 000020480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\genericusbfn.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 003440660 _____ () C:\Windows\System32\Drivers\gm.dls
2016-07-16 04:42 - 2016-07-16 04:42 - 000000646 _____ () C:\Windows\System32\Drivers\gmreadme.txt
2016-07-16 04:42 - 2016-07-16 04:42 - 000008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\gpuenergydrv.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000083456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000036704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000108032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2016-10-27 18:49 - 2016-10-14 20:55 - 000156672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000051200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidi2c.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000050016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidinterrupt.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000046592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys
2015-12-26 21:25 - 2015-11-30 10:34 - 000014016 _____ (Windows ® Win 7 DDK provider) C:\Windows\System32\Drivers\hidkmdf.sys
2016-09-30 04:27 - 2016-09-30 04:27 - 000040960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2016-09-30 04:27 - 2016-09-30 04:27 - 000038400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000064352 _____ (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys
2017-07-12 09:22 - 2017-07-07 00:18 - 001100120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2016-09-30 04:27 - 2016-09-30 04:27 - 000073568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hvservice.sys
2017-03-16 23:04 - 2017-03-04 00:07 - 000110944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hvsocket.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000029536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000016384 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hyperkbd.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000114176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000033280 _____ (Intel® Corporation) C:\Windows\System32\Drivers\iagpio.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000081408 _____ (Intel® Corporation) C:\Windows\System32\Drivers\iai2c.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000064512 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaLPSS2i_GPIO2.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000176384 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaLPSS2i_I2C.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000038128 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaLPSSi_GPIO.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000113152 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaLPSSi_I2C.sys
2015-08-13 03:03 - 2015-06-25 18:59 - 001455552 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorA.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000673120 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorAV.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000412000 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000526176 _____ (Mellanox) C:\Windows\System32\Drivers\ibbus.sys
2016-07-12 03:01 - 2016-07-12 03:01 - 000349960 _____ (Intel Corporation) C:\Windows\System32\Drivers\ibtusb.sys
2015-08-13 03:03 - 2016-11-30 21:56 - 007969760 _____ (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000035840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\IndirectKmd.sys
2016-05-12 05:32 - 2016-05-12 05:32 - 000481768 _____ (Intel® Corporation) C:\Windows\System32\Drivers\IntcDAud.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000019296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys
2015-06-24 01:02 - 2015-06-24 01:02 - 000018720 _____ (Intel Corporation) C:\Windows\System32\Drivers\IntelMEFWVer.dll
2015-08-13 03:05 - 2015-06-25 19:04 - 000088256 _____ (Intel Corporation) C:\Windows\System32\Drivers\IntelPcc.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000048152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelpep.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000134144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2016-11-08 19:22 - 2016-11-02 03:55 - 000048992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\iorate.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000085504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys
2017-03-16 23:08 - 2017-03-04 00:24 - 000090976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000212480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000120320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000019456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000022880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000062304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys
2016-09-30 21:35 - 2016-09-15 09:43 - 000039424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kdnic.sys
2017-03-16 23:05 - 2017-03-03 23:28 - 000394752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2016-09-30 04:28 - 2016-09-30 04:28 - 000133472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2016-09-30 04:27 - 2016-09-30 04:27 - 000168800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksthunk.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000066048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys
2017-08-12 21:01 - 2017-08-12 21:01 - 000061304 _____ () C:\Windows\System32\Drivers\lpsport.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000108896 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000105824 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2i.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000101216 _____ (Avago Technologies) C:\Windows\System32\Drivers\lsi_sas3i.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000082776 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sss.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000125952 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys
2017-09-02 08:10 - 2017-09-02 10:52 - 000109272 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2017-09-02 08:11 - 2017-09-02 08:11 - 000194776 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000022528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys
2017-01-21 12:30 - 2015-09-07 15:45 - 000075856 _____ (Magic Control Technology Corp.) C:\Windows\System32\Drivers\mctdviusb5064.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000059744 _____ (Avago Technologies) C:\Windows\System32\Drivers\megasas.sys
2016-10-19 22:57 - 2016-10-05 03:09 - 000064352 _____ (Avago Technologies) C:\Windows\System32\Drivers\MegaSas2i.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000575840 _____ (LSI Corporation, Inc.) C:\Windows\System32\Drivers\megasr.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000842584 _____ (Mellanox) C:\Windows\System32\Drivers\mlx4_bus.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000048128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mmcss.sys
2016-12-10 00:19 - 2016-11-11 02:26 - 000042496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000038400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000059232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys
2017-09-02 13:05 - 2017-09-02 13:05 - 000113488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\moufilps.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000032256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000104800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys
2016-10-19 22:57 - 2016-10-05 02:20 - 000143872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2017-03-16 23:06 - 2017-03-04 00:08 - 000450400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-07-12 09:25 - 2017-07-06 23:39 - 000282624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-07-12 09:25 - 2017-07-07 00:28 - 000223584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys
2017-07-22 00:16 - 2017-07-22 00:16 - 000000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-06-22 00:10 - 2017-06-22 00:10 - 000000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-18 01:25 - 2015-08-18 01:25 - 000000000 ____H () C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2016-07-16 04:42 - 2016-07-16 04:42 - 000000003 _____ () C:\Windows\System32\Drivers\MsftWdf_Kernel_01019_Inbox_Critical.Wdf
2016-07-16 04:42 - 2016-07-16 04:42 - 000000003 _____ () C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2016-07-16 04:42 - 2016-07-16 04:42 - 000168800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msgpioclx.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000050528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msgpiowin32.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000008704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000011776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mshidumdf.sys
2017-08-31 18:37 - 2017-09-02 13:06 - 000081696 _____ (Windows ® Win 7 DDK provider) C:\Windows\System32\Drivers\msidntfs.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000018784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys
2017-04-20 02:41 - 2017-03-27 23:04 - 000277344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2017-03-16 23:05 - 2017-03-03 23:36 - 000027136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000078336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mslldp.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000010752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000010752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000361312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000043360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000012800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys
2017-07-12 09:23 - 2017-06-21 00:50 - 000126304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000063840 _____ (Marvell Semiconductor, Inc.) C:\Windows\System32\Drivers\mvumis.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000108896 _____ (Mellanox) C:\Windows\System32\Drivers\ndfltr.sys
2017-06-15 16:35 - 2017-06-03 02:59 - 001181024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000126464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\NdisImPlatform.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000063488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000020480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\NdisVirtualBus.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000189440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000060928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000125440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Ndu.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000090624 _____ () C:\Windows\System32\Drivers\NetAdapterCx.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000057184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000279040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2017-07-12 09:23 - 2017-07-07 00:37 - 000468320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2015-07-16 12:55 - 2016-11-09 22:15 - 003525896 _____ (Intel Corporation) C:\Windows\System32\Drivers\Netwbw02.sys
2016-11-09 18:06 - 2016-11-09 18:06 - 010719648 _____ () C:\Windows\System32\Drivers\Netwfw02.dat
2016-07-16 04:42 - 2016-07-16 04:42 - 000068608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\npsvctrig.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000041984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys
2017-07-12 09:23 - 2017-06-21 00:51 - 002255712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2016-07-16 04:43 - 2016-07-16 04:43 - 000019296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntosext.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000150368 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000166240 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2016-09-12 21:15 - 2016-09-12 21:15 - 000486976 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstusb.sys
2017-03-16 23:06 - 2017-03-03 23:30 - 000535552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000160608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys
2017-03-16 23:05 - 2017-03-04 00:20 - 000128352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2017-01-10 20:27 - 2016-12-13 22:18 - 000335712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000016224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000052576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000118112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000051552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys
2017-07-12 09:23 - 2017-07-07 00:44 - 000108896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000723968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000058720 _____ (Avago Technologies) C:\Windows\System32\Drivers\percsas2i.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000061792 _____ (Avago Technologies) C:\Windows\System32\Drivers\percsas3i.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000366592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000119808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2015-09-23 08:00 - 2015-06-05 00:35 - 000032264 _____ ( ) C:\Windows\System32\Drivers\PXGX112.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000048640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000017408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000104960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys
2017-05-09 16:06 - 2017-04-27 17:03 - 000081408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000096256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000077824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys
2017-05-09 16:06 - 2017-04-27 17:38 - 000431968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2016-07-16 04:41 - 2016-07-16 07:27 - 000026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys
2016-07-16 04:44 - 2016-07-16 07:27 - 000177152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpdr.sys
2016-07-16 04:43 - 2016-07-16 07:27 - 000029536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000267104 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000928608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\refsv1.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000070144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\registry.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000183808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rfcomm.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RfxVmt.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000147968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000034304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2017-07-12 09:26 - 2017-06-21 00:03 - 000013312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000081408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys
2015-09-23 07:55 - 2015-07-14 18:57 - 000887552 _____ (Realtek ) C:\Windows\System32\Drivers\rt640x64.sys
2015-09-23 07:52 - 2015-07-29 12:34 - 031085611 _____ () C:\Windows\System32\Drivers\RTAIODAT.DAT
2015-09-23 07:52 - 2015-07-29 15:00 - 004577024 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2015-09-23 07:55 - 2015-06-15 02:08 - 000753368 _____ (Realsil Semiconductor Corporation) C:\Windows\System32\Drivers\RtsPer.sys
2017-05-04 01:37 - 2017-05-04 01:37 - 000317061 _____ () C:\Windows\System32\Drivers\RTWAVES40.dat
2017-05-04 01:37 - 2017-05-04 01:37 - 000006786 _____ () C:\Windows\System32\Drivers\rtwavesEFX.dat
2017-05-04 01:37 - 2017-05-04 01:37 - 000002626 _____ () C:\Windows\System32\Drivers\rtwavesMFX.dat
2017-05-06 02:50 - 2014-11-06 16:17 - 000037184 _____ (Razer, Inc.) C:\Windows\System32\Drivers\rzpmgrk.sys
2017-06-09 21:04 - 2016-10-07 23:56 - 000137840 _____ (Razer, Inc.) C:\Windows\System32\Drivers\rzpnk.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000110432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000043008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys
2017-07-12 09:27 - 2017-06-21 00:52 - 000088416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scmbus.sys
2017-07-12 09:27 - 2017-06-21 00:02 - 000124928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scmdisk0101.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000173408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
2017-06-15 16:35 - 2017-06-03 03:16 - 000279904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000095584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdport.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000095072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdstor.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000074592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\SerCx.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000151904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\SerCx2.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000083968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000027648 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys
2015-12-26 21:25 - 2014-12-01 11:43 - 000023552 _____ (Silicon Laboratories) C:\Windows\System32\Drivers\silabenm.sys
2015-12-26 21:25 - 2014-12-01 11:43 - 000079360 _____ (Silicon Laboratories) C:\Windows\System32\Drivers\silabser.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000044896 _____ (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000081760 _____ (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000022016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys
2017-09-02 08:28 - 2017-09-02 08:42 - 000029742 _____ () C:\Windows\System32\Drivers\SMR501.dat
2017-07-12 09:20 - 2017-06-21 00:36 - 000557408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000079200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\SpbCx.sys
2017-05-09 16:07 - 2017-04-27 16:51 - 000409600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2017-05-09 16:07 - 2017-04-27 16:51 - 000713216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2016-09-30 04:28 - 2016-09-30 04:28 - 000248320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000031072 _____ (Promise Technology, Inc.) C:\Windows\System32\Drivers\stexstor.sys
2017-03-16 23:08 - 2017-03-04 00:08 - 000130912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storahci.sys
2017-07-12 09:27 - 2017-06-21 00:52 - 000081760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\stornvme.sys
2017-06-15 16:34 - 2017-06-03 02:49 - 000509280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000078336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storqosflt.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000032096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storufs.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000036192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storvsc.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000074240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000017760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000064000 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Synth3dVsc.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000026976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tbs.sys
2017-07-12 09:25 - 2017-07-07 00:18 - 002532192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2017-07-12 09:23 - 2017-07-06 23:46 - 000052224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000040288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys
2017-07-12 09:25 - 2017-07-07 00:37 - 000118112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2015-06-12 04:54 - 2015-06-12 04:54 - 000183584 _____ (Intel Corporation) C:\Windows\System32\Drivers\TeeDriverW8x64.sys
2016-07-16 04:41 - 2016-07-16 07:27 - 000038752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\terminpt.sys
2017-06-15 16:34 - 2017-06-03 03:11 - 000128864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tm.sys
2016-12-10 00:19 - 2016-11-11 03:00 - 000219488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000034304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000158208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000077152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\uaspstor.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000095744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UcmCx.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UcmTcpciCx.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000050688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UcmUcsi.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000210272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Ucx01000.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000045568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Udecx.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000320000 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000028512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\uefi.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000263008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ufx01000.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000096608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UfxChipidea.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000137056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ufxsynopsys.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000056832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000028512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\urschipidea.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000057696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\urscx01000.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000027488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\urssynopsys.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000023040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000036864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000169312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000102400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000032608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000096096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000501088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000535904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2016-07-16 04:41 - 2016-07-16 04:41 - 000030208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000455520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000027648 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys
2016-07-16 04:43 - 2016-07-16 04:43 - 000032256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000069120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbser.sys
2017-07-12 09:20 - 2017-06-21 00:36 - 000129888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2016-07-16 04:41 - 2016-07-16 04:41 - 000035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2016-09-30 04:27 - 2016-09-30 04:27 - 000226816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2017-06-15 16:35 - 2017-06-03 02:50 - 000381792 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2016-07-16 04:41 - 2016-07-16 04:41 - 000053088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000201056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\VerifierExt.sys
2017-05-09 16:04 - 2017-04-27 17:39 - 000715104 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000032256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhf.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2017-03-16 23:05 - 2017-03-04 00:07 - 000080224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbkmcl.sys
2017-03-16 23:04 - 2017-03-03 23:34 - 000080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbkmclr.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000104288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbus.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\VMBusHID.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000013312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmgencounter.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000010240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmgid.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000009216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vms3cap.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000046944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmstorfl.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000080224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000367456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000391520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000016224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volume.sys
2016-09-30 21:33 - 2016-09-15 10:29 - 000074080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vpci.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000166752 _____ (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000305504 _____ (VIA Corporation) C:\Windows\System32\Drivers\VSTXRAID.SYS
2016-07-16 04:42 - 2016-07-16 04:42 - 000026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys
2017-05-09 16:07 - 2017-04-27 17:02 - 000040448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys
2017-07-12 11:04 - 2017-04-28 16:21 - 000122512 _____ (Wacom Technology) C:\Windows\System32\Drivers\wachidrouter.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000030208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys
2017-07-12 11:04 - 2017-04-11 11:23 - 000024040 _____ (Wacom Technology) C:\Windows\System32\Drivers\wacomrouterfilter.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000079872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys
2016-09-30 21:35 - 2016-09-15 10:14 - 000119648 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wcifs.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000066560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wcnfs.sys
2016-07-16 04:43 - 2016-07-16 04:43 - 000044056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000861296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2015-12-26 21:25 - 2012-12-11 15:12 - 001721576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wdfcoinstaller01009.dll
2016-07-16 04:43 - 2016-07-16 04:43 - 000290144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000061040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2017-07-12 09:23 - 2017-06-20 23:56 - 000719872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdiWiFi.sys
2016-07-16 04:43 - 2016-07-16 04:43 - 000123232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdNisDrv.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000039776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\werkernel.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000156000 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwfs.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000035680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000107032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WindowsTrustedRT.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000017944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WindowsTrustedRTProxy.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000031584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winhv.sys
2016-09-30 21:34 - 2016-09-15 09:42 - 000051712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winhvr.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000032096 _____ (Mellanox) C:\Windows\System32\Drivers\winmad.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000089088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000064864 _____ (Mellanox) C:\Windows\System32\Drivers\winverbs.sys
2016-07-16 04:41 - 2016-07-16 04:41 - 000018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000020320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys
2016-09-30 04:18 - 2016-09-30 04:18 - 000199008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wof.sys
2016-07-16 04:44 - 2016-07-16 04:44 - 000030560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WpdUpFltr.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000031584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WppRecorder.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000022528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000099328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2016-07-16 04:42 - 2016-07-16 04:42 - 000216064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2017-03-16 23:07 - 2017-03-03 23:34 - 000258560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\xboxgip.sys
2016-09-30 04:27 - 2016-09-30 04:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\xinputhid.sys
2017-01-21 12:30 - 2015-09-07 15:45 - 000075472 _____ (Magic Control Technology Corp.) C:\Windows\System32\Drivers\xvgausb64.sys
2017-05-04 02:19 - 2017-05-06 23:18 - 000000000 ____D () C:\Windows\System32\Drivers\en-US
2016-07-16 07:12 - 2016-07-16 07:12 - 000012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\1394ohci.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000010752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\acpi.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000022528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\afd.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\agilevpn.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000014848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdk8.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000014848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdppm.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000007680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ataport.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\battc.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BthAvrcpTg.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthenum.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthhfenum.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BthhfHid.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BthLEEnum.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BthMini.SYS.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthpan.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthport.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BTHUSB.SYS.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\cdrom.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\disk.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\dmvsc.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\dumpsd.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000008704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\EhStorTcgDrv.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000005632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fltmgr.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000022528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fvevol.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fwpkclnt.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hidbth.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hidclass.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hidi2c.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000038912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\http.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hvservice.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000010752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\i8042prt.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\IndirectKmd.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000014848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\intelppm.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\iorate.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\IPMIDrv.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ipnat.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\isapnp.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdclass.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdhid.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ks.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\luafv.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\modem.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouclass.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouhid.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mountmgr.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mrxsmb.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\msgpiowin32.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mshidkmdf.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mshidumdf.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000009216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mslldp.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mssmbios.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\MTConfig.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000013312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mup.sys.mui
2017-03-16 23:06 - 2017-03-04 00:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndis.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndiscap.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000011776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\NdisImPlatform.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndisuio.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\NdisVirtualBus.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000009216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\netvsc.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000099328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ntfs.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000014848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\nwifi.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pacer.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\parport.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\partmgr.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000008704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pci.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pcmcia.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pdc.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pnpmem.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000014848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\processr.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\qwavedrv.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rdbss.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rdpdr.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000008704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\refsv1.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rfcomm.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rfxvmt.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\RNDISMP.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rndismp6.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rndismpx.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scfilter.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scmbus.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000019456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scmdisk0101.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scsiport.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sdbus.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sdstor.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sercx.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000009216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sercx2.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000010752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serial.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000005632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sermouse.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serscan.sys.mui
2016-09-30 21:34 - 2016-09-15 10:14 - 000045568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\spaceport.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\spbcx.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\srv.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000078848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\srv2.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000009216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\storqosflt.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000008704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\synth3dvsc.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000109568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tcpip.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000008704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tpm.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tsusbflt.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tunnel.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000012800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ucx01000.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\umbus.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbehci.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000014848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbhub.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000022016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\USBHUB3.SYS.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbport.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbrpm.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbstor.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbvideo.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000015360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\USBXHCI.SYS.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vdrvroot.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vhdmp.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vhf.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vmbus.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vmstorfl.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\volmgr.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\volmgrx.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wacompen.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wdf01000.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wfplwfs.sys.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wmbclass.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000005632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wof.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\WpdUpFltr.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ws2ifsl.sys.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wudfpf.sys.mui
2015-08-18 02:00 - 2015-08-18 01:40 - 000000000 ____D () C:\Windows\System32\Drivers\es-ES
2017-05-04 02:14 - 2017-09-02 12:41 - 000000000 ____D () C:\Windows\System32\Drivers\etc
2017-09-02 12:41 - 2017-09-02 12:41 - 000000027 _____ () C:\Windows\System32\Drivers\etc\hosts
2017-05-04 02:14 - 2017-05-04 02:12 - 000003683 _____ () C:\Windows\System32\Drivers\etc\lmhosts.sam
2015-07-10 04:04 - 2015-07-10 04:02 - 000000407 _____ () C:\Windows\System32\Drivers\etc\networks
2015-07-10 04:04 - 2015-07-10 04:02 - 000001358 _____ () C:\Windows\System32\Drivers\etc\protocol
2015-07-10 04:04 - 2015-07-10 04:02 - 000017463 _____ () C:\Windows\System32\Drivers\etc\services
2015-08-18 01:53 - 2015-08-18 01:40 - 000000000 ____D () C:\Windows\System32\Drivers\fr-FR
2017-05-04 02:14 - 2017-07-22 00:16 - 000000000 ____D () C:\Windows\System32\Drivers\UMDF
2016-07-16 04:41 - 2016-07-16 04:41 - 000086016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\EhStorPwdDrv.dll
2016-07-16 04:41 - 2016-07-16 04:41 - 000060928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\HidBthLE.dll
2016-07-16 04:42 - 2016-07-16 04:42 - 000158720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\IddCx.dll
2016-07-16 04:42 - 2016-07-16 04:42 - 000701440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\NfcCx.dll
2016-07-16 04:42 - 2016-07-16 04:42 - 000027136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\PosCx.dll
2016-07-16 04:42 - 2016-07-16 04:42 - 000153088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\SensorsCx.dll
2016-07-16 04:42 - 2016-07-16 04:42 - 000097280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\UcmCx.dll
2016-07-16 04:41 - 2016-07-16 04:41 - 000287232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\WpdFs.dll
2016-07-16 04:41 - 2016-07-16 04:41 - 000947200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\WpdMtpDr.dll
2017-05-04 02:19 - 2017-05-04 02:19 - 000000000 ____D () C:\Windows\System32\Drivers\UMDF\en-US
2016-07-16 07:13 - 2016-07-16 07:13 - 000004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\HidBthLE.dll.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\hidscanner.dll.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\IddCx.dll.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000010752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\idtsec.dll.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000010752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\mgtdyn.dll.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\NfcCx.dll.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\SensorsCx.dll.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\SensorsHid.dll.mui
2016-07-16 07:13 - 2016-07-16 07:13 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\WpdMtpDr.dll.mui
2016-07-16 07:12 - 2016-07-16 07:12 - 000007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\WUDFUsbccidDriver.dll.mui
2015-08-18 02:00 - 2015-08-18 02:00 - 000000000 ____D () C:\Windows\System32\Drivers\UMDF\es-ES
2015-08-18 01:53 - 2015-08-18 01:53 - 000000000 ____D () C:\Windows\System32\Drivers\UMDF\fr-FR
 
====== End of Folder: ======
 
 
==== End of Fixlog 14:10:35 ====


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:11 PM

Posted 02 September 2017 - 04:34 PM

We will need to run the fix in the Recovery Environment.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Please also download the attached file [attachment=197531:Fixlist.txt] and save it in the same location the FRST64 is saved in the flash drive.

Insert the USB drive in the infected computer.

Boot to the Recovery Console's Command prompt.

Entry points into the Windows Recovery Environment (WinRE).

You can access WinRE features through the Boot Options menu, which can be launched from Windows in a few different ways:

  • Option 1: From the login screen, click Shutdown, then hold down the Shift key while selecting Restart.
  • Option 2: In Windows 10, select Start > Settings > Update & security > Recovery > under Advanced Startup, click Restart now.
  • Option 3: Boot to recovery media.
  • Option 4: Use a hardware recovery button (or button combination) configured by the OEM (Computer Manufacturer).

After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button.
  • It will make a log (Fixlog.txt) in the flash drive. Please copy and paste it to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 elmm29

elmm29
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 September 2017 - 04:57 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by SYSTEM (02-09-2017 14:50:28) Run:4
Running from e:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostst.vbs
C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostst.vbs
C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spotifywn.vbs
C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spotifyws.vbs
C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WmiPrvSEst.vbs
C:\Users\Jayden\AppData\Local\wmicpra
 
*****************
 
C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostst.vbs => moved successfully
"C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostst.vbs" => not found.
C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spotifywn.vbs => moved successfully
C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spotifyws.vbs => moved successfully
C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WmiPrvSEst.vbs => moved successfully
C:\Users\Jayden\AppData\Local\wmicpra => moved successfully
 
==== End of Fixlog 14:50:28 ====


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:11 PM

Posted 02 September 2017 - 04:59 PM

Remove any MBAR folder from your desktop.

 

  • Please download this version of Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.

  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 elmm29

elmm29
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 September 2017 - 05:09 PM

After I scan it says Cleanup: Scan Failed! then a window pops up Error "The system volume seems inaccessible or encrypted. Scan can't continue."



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:11 PM

Posted 02 September 2017 - 05:17 PM

Lets try this:

 

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 elmm29

elmm29
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 September 2017 - 06:07 PM

When  I try to run  Junkware Removal it says "Could not create file "C:\Users\Jayden\AppData\Local\Tempt\jrt\clean_shortcut.vbs" . Access is denied.



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:11 PM

Posted 02 September 2017 - 06:11 PM

I might have missed something.

 

Please make sure there is a check mark on addition.txt and rescan with FRST. Post the new set of logs, FRST.txt and addition.txt.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users