Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager Opens and Closes instantly and Anti Virus Programs will not open.


  • This topic is locked This topic is locked
51 replies to this topic

#1 ctspeedy95

ctspeedy95

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 12 September 2017 - 12:40 PM

So this problem seems to have appeared out of nowhere. I cannot get my task manager to open for longer than a second or two. If I click on it, it pops up and says not responding and then closes out immediately. So then I tried to open my anti virus software and the little blue wheel on the mouse spun and spun and then a dialog box popped up and tells me the "The requested resource is already in use". Google tells me that it means my computer is infected with the SmartService trojan. Help! I really do not know what to do  :(  I ran the FRST program and this is the FRST.txt results. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017 02
Ran by colin (administrator) on DESKTOP-JSCGSU8 (12-09-2017 11:30:49)
Running from C:\Users\colin\Downloads
Loaded Profiles: colin (Available Profiles: defaultuser0 & colin)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9e116830ba296902\igfxCUIService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(High-Logic B.V.) C:\Program Files (x86)\High-Logic FontService\fontservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\Temp\WS\mediatek_86.exe
(Microsoft Corporation) C:\Windows\System32\SurfaceDtxService.exe
(Microsoft Corporation) C:\Windows\System32\SurfaceUsbHubFwUpdateService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SurfaceService.exe
() C:\Windows\System32\msubgzt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Windows\System32\SurfaceDTX.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\atgh4627.inf_amd64_1a9e52b1bbedf409\IntelCpHeciSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(High-Logic B.V.) C:\Program Files (x86)\High-Logic MainType\FmsProxy.exe
() C:\Users\colin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
() C:\Users\colin\AppData\Roaming\ZSmsWin\smswin.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\colin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
() C:\Users\colin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.41055.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.41055.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Adobe Illustrator CC 2017\Support Files\Contents\Windows\Illustrator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Illustrator CC 2017\Support Files\Contents\Windows\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Illustrator CC 2017\Support Files\Contents\Windows\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Illustrator CC 2017\Support Files\Contents\Windows\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Illustrator CC 2017\Support Files\Contents\Windows\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Illustrator CC 2017\Support Files\Contents\Windows\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Illustrator CC 2017\Support Files\Contents\Windows\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Illustrator CC 2017\Support Files\Contents\Windows\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Illustrator CC 2017\Support Files\Contents\Windows\CEPHtmlEngine\CEPHtmlEngine.exe
() C:\Users\colin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\colin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\colin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [SurfaceDTX.exe] => C:\WINDOWS\System32\SurfaceDTX.exe [839336 2017-06-07] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-07-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FmsProxy] => C:\Program Files (x86)\High-Logic MainType\FmsProxy.exe [1720320 2016-11-18] (High-Logic B.V.)
HKLM-x32\...\Run: [svcvmx] => C:\Users\colin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-08-02] ()
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-07-31] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1363144225-3694055549-4064340856-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-07-31] (Adobe Systems Incorporated)
HKU\S-1-5-21-1363144225-3694055549-4064340856-1001\...\Run: [11f86284] => C:\Users\colin\AppData\Roaming\ZSmsWin\smswin.exe [674292 2017-08-16] ()
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2183ad0d-29c4-453e-bd76-0dd28bfd6789}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{323cf412-4d36-4c7e-9e50-93a11a259175}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-21] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-21] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-01] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-07-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-08-10]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://boards.sportslogos.net/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default [2017-09-12]
CHR Extension: (Google Slides) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-04]
CHR Extension: (Batch Link Downloader) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahkbnnpafepcgnhhecilboebmmolnn [2017-08-21]
CHR Extension: (Google Docs) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-04]
CHR Extension: (Google Drive) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-04]
CHR Extension: (YouTube) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-04]
CHR Extension: (Facebook) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2017-08-04]
CHR Extension: (uBlock Origin) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-09-07]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-08-04]
CHR Extension: (Adobe Acrobat) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-16]
CHR Extension: (Google Sheets) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-04]
CHR Extension: (Causality Games) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2017-08-04]
CHR Extension: (FBDown Video Downloader) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-08-04]
CHR Extension: (Google Docs Offline) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-16]
CHR Extension: (FullTab) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkgmhlmmnkembnnlligllepkedjphhjk [2017-08-04]
CHR Extension: (WhatFont) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2017-08-04]
CHR Extension: (Linkclump) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2017-08-04]
CHR Extension: (Tumblr - Tiled Dashboard) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lihlecjjccdkghhmegpnaanhlimchlkf [2017-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-04]
CHR Extension: (Chrome Media Router) - C:\Users\colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424384 2017-08-28] (Microsoft Corporation)
R2 HLfms; C:\Program Files (x86)\High-Logic FontService\fontservice.exe [5505008 2016-11-18] (High-Logic B.V.)
R2 LDrvSvc; C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll [180904 2017-06-12] ()
R2 mediatek_86; C:\WINDOWS\TEMP\WS\mediatek_86.exe [50688 2017-07-21] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 SurfaceDtxService; C:\WINDOWS\system32\SurfaceDtxService.exe [125608 2017-06-07] (Microsoft Corporation)
R2 SurfaceUsbHubFwUpdateService; C:\WINDOWS\System32\SurfaceUsbHubFwUpdateService.exe [951056 2017-02-09] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-17] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 iactrllogic; C:\WINDOWS\System32\drivers\iactrllogic64.sys [183192 2017-07-13] (Intel® Corporation)
R1 MpKsl452246ac; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BFDBC723-763C-40CC-B524-7BB9634F3D41}\MpKsl452246ac.sys [44928 2017-09-12] (Microsoft Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SurfaceBaseIntegration; C:\WINDOWS\System32\drivers\SurfaceBaseIntegration.sys [59448 2015-09-19] (Microsoft Corporation)
S0 SurfaceUsbHubFwUpdate; C:\WINDOWS\System32\drivers\SurfaceUsbHubFwUpdate.sys [80144 2017-02-09] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-12 11:22 - 2017-09-12 11:22 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign4d86162537fa3b32
2017-09-12 11:21 - 2017-09-12 11:21 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign9dcfc6469576e1c3
2017-09-12 11:21 - 2017-09-12 11:21 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign725ed3607ca9959b
2017-09-12 11:16 - 2017-09-12 11:16 - 000044597 _____ C:\Users\colin\Downloads\Addition.txt
2017-09-12 11:15 - 2017-09-12 11:32 - 000022246 _____ C:\Users\colin\Downloads\FRST.txt
2017-09-12 11:15 - 2017-09-12 11:30 - 000000000 ____D C:\FRST
2017-09-12 11:14 - 2017-09-12 11:14 - 002397184 _____ (Farbar) C:\Users\colin\Downloads\FRST64.exe
2017-09-12 11:13 - 2017-09-12 11:13 - 016563352 _____ (Malwarebytes Corp.) C:\Users\colin\Downloads\mbar-1.09.3.1001.exe
2017-09-12 10:47 - 2017-09-12 10:47 - 005659851 _____ (Swearware) C:\Users\colin\Downloads\ComboFix.exe
2017-09-12 10:44 - 2017-09-12 10:44 - 000061011 _____ C:\Users\colin\Desktop\dds.txt
2017-09-12 10:44 - 2017-09-12 10:44 - 000007149 _____ C:\Users\colin\Desktop\attach.txt
2017-09-12 10:43 - 2017-09-12 10:43 - 000688992 ____R (Swearware) C:\Users\colin\Downloads\dds.scr
2017-09-12 10:41 - 2017-09-12 10:41 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2017-09-12 10:40 - 2017-09-12 10:40 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\colin\Downloads\AVG_Protection_Free_1606.exe
2017-09-12 10:21 - 2017-09-12 10:21 - 000077824 _____ (Task Manager Fix) C:\Users\colin\Downloads\TaskManagerFix.exe
2017-09-12 10:16 - 2017-09-12 10:16 - 000000440 __RSH C:\Users\colin\ntuser.pol
2017-09-12 10:12 - 2017-09-12 10:12 - 000000149 _____ C:\Users\colin\Documents\Enable Task Manager.reg
2017-09-12 10:08 - 2017-09-12 10:08 - 000000114 _____ C:\Users\colin\Documents\TaskManager.bat
2017-09-12 10:00 - 2017-09-12 11:18 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-09-12 09:56 - 2017-09-12 09:56 - 000000738 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-09-12 09:56 - 2017-09-12 09:56 - 000000726 _____ C:\Users\colin\Desktop\Windows 10 Update Assistant.lnk
2017-09-12 09:53 - 2017-09-12 09:54 - 006457520 _____ (Microsoft Corporation) C:\Users\colin\Downloads\Windows10Upgrade9252.exe
2017-09-12 09:52 - 2017-09-12 09:58 - 2266964892 _____ C:\Users\colin\Downloads\Windows10_InsiderPreview_Client_x64_en-us_16251.iso.crdownload
2017-09-12 09:46 - 2017-09-12 09:46 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsigna565e0e38ec796c7
2017-09-12 09:46 - 2017-09-12 09:46 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign96dadc878f12a545
2017-09-11 18:11 - 2017-09-11 18:11 - 001405869 _____ C:\Users\colin\Documents\bsu stuff.ai
2017-09-11 17:28 - 2017-09-11 17:28 - 000000000 ____D C:\Users\colin\Documents\HyperCam3
2017-09-11 17:28 - 2017-09-11 17:28 - 000000000 ____D C:\Users\colin\.swt
2017-09-11 17:27 - 2017-09-11 17:29 - 000000000 ____D C:\Users\colin\Incomplete
2017-09-11 17:25 - 2017-09-11 17:25 - 136346424 _____ (Apple Inc.) C:\Users\colin\Downloads\iCloudSetup.exe
2017-09-11 17:21 - 2017-09-11 17:21 - 000001198 _____ C:\Users\Public\Desktop\MP3 Rocket 7.4.1 PRO.lnk
2017-09-11 17:21 - 2017-09-11 17:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
2017-09-11 17:20 - 2017-09-11 17:35 - 000000000 ____D C:\Users\colin\AppData\Roaming\MP3Rocket
2017-09-11 17:20 - 2017-09-11 17:28 - 000000000 ____D C:\Program Files (x86)\MP3 Rocket
2017-09-11 17:20 - 2017-09-11 17:24 - 000000000 ____D C:\Users\colin\AppData\Roaming\Apple Computer
2017-09-11 17:20 - 2017-09-11 17:20 - 000001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-09-11 17:20 - 2017-09-11 17:20 - 000000000 ____D C:\Users\colin\AppData\Local\Apple Computer
2017-09-11 17:20 - 2017-09-11 17:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-09-11 17:19 - 2017-09-11 17:20 - 000000000 ____D C:\Program Files\iTunes
2017-09-11 17:19 - 2017-09-11 17:19 - 000000000 ____D C:\ProgramData\Apple Computer
2017-09-11 17:19 - 2017-09-11 17:19 - 000000000 ____D C:\Program Files\iPod
2017-09-11 17:18 - 2017-09-11 17:20 - 018243504 _____ C:\Users\colin\Downloads\mp3rocket-pro.exe
2017-09-11 17:18 - 2017-09-11 17:18 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-09-11 17:18 - 2017-09-11 17:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-09-11 17:18 - 2017-09-11 17:18 - 000000000 ____D C:\Users\colin\AppData\Local\Apple
2017-09-11 17:18 - 2017-09-11 17:18 - 000000000 ____D C:\Program Files\Bonjour
2017-09-11 17:18 - 2017-09-11 17:18 - 000000000 ____D C:\Program Files (x86)\Bonjour
2017-09-11 17:18 - 2017-09-11 17:18 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-09-11 17:17 - 2017-09-11 17:18 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-09-11 17:16 - 2017-09-11 17:18 - 000000000 ____D C:\ProgramData\Apple
2017-09-11 17:14 - 2017-09-11 17:15 - 261024072 _____ (Apple Inc.) C:\Users\colin\Downloads\iTunes64Setup.exe
2017-09-11 15:04 - 2017-09-11 15:04 - 001770392 _____ C:\Users\colin\Documents\bag nameplate.ai
2017-09-11 12:18 - 2017-09-11 12:18 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign9dc522165efdb6b1
2017-09-11 10:58 - 2017-09-11 10:58 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign8cf4660f51b9b3d0
2017-09-11 09:38 - 2017-09-11 09:38 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign4502b9a6bbbf8dbb
2017-09-11 09:10 - 2017-09-11 09:31 - 000000000 ____D C:\Users\colin\Downloads\Thirsty
2017-09-10 19:34 - 2017-09-10 20:43 - 000000000 ____D C:\Users\colin\Documents\Harry Potter II
2017-09-10 19:33 - 2017-09-10 19:33 - 000002316 _____ C:\Users\Public\Desktop\Harry Potter and the Chamber of Secrets.lnk
2017-09-10 19:33 - 2017-09-10 19:33 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-10 19:33 - 2017-09-10 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2017-09-10 19:33 - 2017-09-10 19:33 - 000000000 ____D C:\Program Files (x86)\EA Games
2017-09-10 19:24 - 2017-09-10 19:31 - 000000000 ____D C:\Users\colin\Downloads\Harry Potter And The Chamber Of Secrets [PC-Game]
2017-09-10 19:24 - 2017-09-10 19:24 - 000000000 ____D C:\Users\colin\Downloads\All Eyez on Me 2017
2017-09-10 19:20 - 2017-09-10 19:29 - 209715200 _____ C:\Users\colin\Downloads\HP-CoS.part1.rar
2017-09-08 14:21 - 2017-09-08 14:21 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignc654ec3e4d4e6dda
2017-09-08 14:20 - 2017-09-08 14:20 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignce8cdba312051838
2017-09-08 14:20 - 2017-09-08 14:20 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignb43d6eaaf8f5cd35
2017-09-07 13:50 - 2017-09-07 13:53 - 000649926 _____ C:\Users\colin\Documents\meridian high school warriors logo.ai
2017-09-07 11:28 - 2017-09-07 11:28 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsigne7e750f936aecb3c
2017-09-07 09:58 - 2017-09-07 09:58 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignb7b65f4972f3a59c
2017-09-07 09:58 - 2017-09-07 09:58 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign3f74fa7a2b2801aa
2017-09-07 09:56 - 2017-09-07 09:56 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign22ec2aebaae3d07f
2017-09-05 13:41 - 2017-09-05 13:41 - 002380603 _____ C:\Users\colin\Downloads\17_Cal_BrandGuidelines.pdf
2017-09-05 12:20 - 2017-09-05 12:20 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsigne43822662760b8a9
2017-09-05 12:20 - 2017-09-05 12:20 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign399f3121c42b83ab
2017-09-05 12:20 - 2017-09-05 12:20 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign0115bafa2b84aa67
2017-09-05 12:18 - 2017-09-05 12:18 - 011191765 _____ C:\Users\colin\Downloads\352653166-UCLA-Under-Armour-Style-Guide.pdf
2017-09-05 10:40 - 2017-09-05 10:40 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign4ce8e837e2e53f86
2017-09-05 09:59 - 2017-09-05 09:59 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsigna127f81055b4c5fd
2017-09-05 09:11 - 2017-09-05 09:11 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignf410b7b6d790723d
2017-09-05 09:11 - 2017-09-05 09:11 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign8a08706208103699
2017-09-04 12:12 - 2017-09-04 12:12 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign3af5ee41f814a1e6
2017-09-04 12:11 - 2017-09-04 12:11 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignb3c3de1425c46669
2017-09-04 12:11 - 2017-09-04 12:11 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign623c460f86eebb6f
2017-09-03 16:54 - 2017-09-03 16:54 - 000000000 ___HD C:\$WINDOWS.~BT
2017-09-01 14:21 - 2017-09-01 14:21 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignfe13836c7e3545e4
2017-09-01 14:21 - 2017-09-01 14:21 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignb4862ae249c90ce9
2017-09-01 12:41 - 2017-09-01 12:41 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignfbc165b406489036
2017-09-01 12:36 - 2017-09-01 12:36 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsigne914a2509da62412
2017-09-01 12:36 - 2017-09-01 12:36 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignd5c991e4d794621b
2017-08-31 17:37 - 2017-08-31 17:37 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-08-31 09:16 - 2017-08-31 09:16 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignbaa4f295014c2862
2017-08-31 09:09 - 2017-08-31 09:09 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign366a6bf55022304c
2017-08-30 16:44 - 2017-08-30 16:44 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignf4493439e14f3372
2017-08-30 16:43 - 2017-08-30 16:43 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignef133459581e5063
2017-08-30 16:43 - 2017-08-30 16:43 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign3d41a44ac720857e
2017-08-30 13:51 - 2017-08-30 13:51 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignf63e072353efd771
2017-08-30 13:51 - 2017-08-30 13:51 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignd857caa48310e589
2017-08-30 13:51 - 2017-08-30 13:51 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign42ed02f705dbb9b8
2017-08-30 13:33 - 2017-08-30 13:33 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign302609d78668e8d9
2017-08-29 11:53 - 2017-08-29 11:54 - 000097898 _____ C:\Users\colin\Downloads\Baskerville-Normal.zip
2017-08-29 11:47 - 2011-08-11 15:02 - 000030764 _____ C:\Users\colin\Downloads\baskvl.ttf
2017-08-29 11:46 - 2017-08-29 11:46 - 000016199 _____ C:\Users\colin\Downloads\baskerville.zip
2017-08-29 10:51 - 2017-08-29 10:51 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign35717429d9a4f020
2017-08-29 09:54 - 2017-08-29 09:54 - 000398525 _____ C:\Users\colin\Documents\Bauer Team Unity.pdf
2017-08-29 09:48 - 2017-08-29 09:48 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignd59df8a12c53c394
2017-08-29 09:35 - 2017-08-29 09:35 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsigna906d28232b679ca
2017-08-29 09:35 - 2017-08-29 09:35 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign1abdb92515e18af4
2017-08-28 16:43 - 2017-08-28 16:43 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign37a6b2c50b6e934c
2017-08-28 16:37 - 2017-08-28 16:37 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign1f3171892e1db7ff
2017-08-28 15:18 - 2017-08-28 15:18 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign3bc36d43a5bf254d
2017-08-28 15:18 - 2017-08-28 15:18 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign3601932d7ec7a0e2
2017-08-28 15:18 - 2017-08-28 15:18 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign0566968a7b9443e9
2017-08-28 12:21 - 2017-08-28 12:21 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign86959097146a96ff
2017-08-28 11:48 - 2017-08-28 11:48 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignc0f512af3d82ca22
2017-08-28 11:48 - 2017-08-28 11:48 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignbdbcc6b7ab27209e
2017-08-28 09:52 - 2017-08-28 09:52 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsigna3edee25e659e9e8
2017-08-28 09:51 - 2017-08-28 09:51 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignd1e65fc3f5a5beed
2017-08-28 09:51 - 2017-08-28 09:51 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign8a39044f46428bfb
2017-08-28 09:51 - 2017-08-28 09:51 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign4e4396c343d1042c
2017-08-28 09:48 - 2017-08-28 09:48 - 000021055 _____ C:\Users\colin\Downloads\western.zip
2017-08-25 14:28 - 2017-08-25 14:28 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignc4f163c1693ef967
2017-08-25 14:27 - 2017-08-25 14:27 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignd3589c16106e2fa1
2017-08-25 14:27 - 2017-08-25 14:27 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign738cefd826b560cb
2017-08-25 14:25 - 2017-08-25 14:25 - 000714867 _____ C:\Users\colin\Downloads\tt_octas_font_family.zip
2017-08-25 14:16 - 2017-08-25 14:16 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign3eac7f368d140320
2017-08-25 14:10 - 2017-08-25 14:10 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignbe1de92aa6610b37
2017-08-24 09:30 - 2017-08-24 09:30 - 000043287 _____ C:\Users\colin\Downloads\SkywalkerFF.zip
2017-08-24 09:17 - 2017-08-24 09:17 - 000280525 _____ C:\Users\colin\Downloads\FountainFF.zip
2017-08-23 14:11 - 2017-09-06 12:15 - 000000000 ____D C:\Users\colin\Documents\BSU 2017-2018
2017-08-23 14:11 - 2017-08-23 14:11 - 000000000 ____D C:\Users\colin\Documents\Custom Office Templates
2017-08-23 12:04 - 2017-08-23 12:04 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign2660840d78f1becd
2017-08-23 12:03 - 2017-08-23 12:03 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsigndbb798d2981fdc5f
2017-08-23 12:03 - 2017-08-23 12:03 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignc99fd88ff417559c
2017-08-22 09:19 - 2017-08-22 09:19 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignc478816a95bc8395
2017-08-21 19:29 - 2017-08-23 11:12 - 000000000 ____D C:\Users\colin\Downloads\Adobe Fonts
2017-08-21 15:53 - 2017-08-21 15:53 - 000000000 ____D C:\Users\colin\AppData\LocalLow\Sun
2017-08-21 15:52 - 2017-08-21 15:53 - 000000000 ____D C:\ProgramData\Oracle
2017-08-21 15:52 - 2017-08-21 15:52 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-08-21 15:52 - 2017-08-21 15:52 - 000000000 ____D C:\Users\colin\AppData\Roaming\Sun
2017-08-21 15:52 - 2017-08-21 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-21 15:52 - 2017-08-21 15:52 - 000000000 ____D C:\Program Files (x86)\Java
2017-08-21 15:51 - 2017-08-21 15:51 - 000738880 _____ (Oracle Corporation) C:\Users\colin\Downloads\JavaSetup8u144.exe
2017-08-21 15:51 - 2017-08-21 15:51 - 000652419 _____ C:\Users\colin\Downloads\Bulk Extension Changer 1.2 Setup.exe
2017-08-21 15:51 - 2017-08-21 15:51 - 000002098 _____ C:\Users\Public\Desktop\Bulk Extension Changer 1.2.lnk
2017-08-21 15:51 - 2017-08-21 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chamberlain
2017-08-21 15:51 - 2017-08-21 15:51 - 000000000 ____D C:\Program Files (x86)\Bulk Extension Changer 1.2
2017-08-21 15:19 - 2017-08-21 15:23 - 000000000 ____D C:\Users\colin\Downloads\Antenna
2017-08-21 15:19 - 2017-08-21 15:19 - 000000000 ____D C:\Users\colin\Documents\New folder
2017-08-21 14:59 - 2017-08-21 14:59 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-08-21 12:50 - 2017-08-21 12:50 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign04e32c3ce897d4ae
2017-08-21 10:23 - 2017-08-21 10:23 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignbf5ddbab4bd01bc8
2017-08-20 19:36 - 2017-08-20 19:36 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign3e1e97d211ebc77e
2017-08-19 11:28 - 2017-08-19 11:28 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign16b73be547fabe04
2017-08-18 14:13 - 2017-08-18 14:13 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign3e3b296d826a2058
2017-08-18 11:26 - 2017-08-18 11:26 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign3954500b88950ac1
2017-08-18 10:05 - 2017-08-18 10:05 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign650bfbafdc9d015b
2017-08-17 14:58 - 2017-08-17 14:58 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign5f9ac463f15bcdb1
2017-08-17 13:43 - 2017-08-17 13:43 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignf807ea27c6335ad8
2017-08-17 13:43 - 2017-08-17 13:43 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign49a685175957c278
2017-08-17 10:38 - 2017-08-17 10:38 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignfb3ba3b59ea6573a
2017-08-17 10:38 - 2017-08-17 10:38 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsigne98f7585596c5800
2017-08-17 10:38 - 2017-08-17 10:38 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignb7bc059c95605ba9
2017-08-17 10:38 - 2017-08-17 10:38 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign1af57d28e79cdc50
2017-08-17 10:25 - 2017-08-17 10:25 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign99a91fc8603b112c
2017-08-17 10:24 - 2017-08-17 10:24 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignac606d6202229e20
2017-08-17 10:24 - 2017-08-17 10:24 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign1509ea22c8f0df71
2017-08-17 10:12 - 2017-08-17 10:12 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign0ac7b3c1f06c2693
2017-08-17 10:11 - 2017-08-17 10:11 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign8d58006711c411fa
2017-08-17 10:10 - 2017-08-17 10:10 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignd8ca65e1484022bc
2017-08-17 10:10 - 2017-08-17 10:10 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign145cc23c508572f9
2017-08-17 10:10 - 2017-08-17 10:10 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign0a41f2647bc52cb9
2017-08-17 10:09 - 2017-08-17 10:09 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign833873fd61d28d3b
2017-08-17 10:09 - 2017-08-17 10:09 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign2dfd583cacdfb99c
2017-08-16 19:54 - 2017-08-16 19:54 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignba3a4b60f6d32b93
2017-08-16 19:54 - 2017-08-16 19:54 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign9e450f14a89ea023
2017-08-16 19:54 - 2017-08-16 19:54 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign5c47d66b5c0fcd6b
2017-08-16 19:51 - 2017-08-16 19:51 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsigned51a5506675c1e7
2017-08-16 19:44 - 2017-08-16 19:44 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign1be323d8198fb5c4
2017-08-16 19:40 - 2017-08-16 19:40 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsigna14c4bc31b265873
2017-08-16 19:40 - 2017-08-16 19:40 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign2fd72a815fdd437e
2017-08-16 19:38 - 2017-08-16 19:38 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignbaf2499b15cddf16
2017-08-16 19:37 - 2017-08-16 19:37 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign791c62024e1f4d7d
2017-08-16 19:37 - 2017-08-16 19:37 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign10be5e5d1577c79f
2017-08-16 19:36 - 2017-08-16 19:36 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-08-16 19:36 - 2017-08-16 19:36 - 000000000 ____D C:\Users\colin\Documents\Adobe
2017-08-16 19:14 - 2017-08-16 19:14 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignd3250d6a10b786f7
2017-08-16 13:47 - 2017-08-16 13:47 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignb7ee19291fad4cc1
2017-08-16 13:44 - 2017-08-16 13:44 - 000000000 ____D C:\Users\colin\AppData\Roaming\ZSmsWin
2017-08-16 13:43 - 2017-08-16 13:48 - 000000000 ___HD C:\Users\colin\AppData\Local\SysHashTable
2017-08-16 13:40 - 2017-08-16 13:40 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign6495ad9fbe8418b3
2017-08-16 13:40 - 2017-08-16 13:40 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign43a60749da00c241
2017-08-16 13:38 - 2017-08-16 13:38 - 000033020 _____ C:\Users\colin\Downloads\All Eyez on Me 2017.torrent
2017-08-16 09:27 - 2017-08-16 09:29 - 889402646 _____ C:\Users\colin\Downloads\windows10.0-kb4032188-x64_6ad9a3a45bf7c74c8b397b358ce21dd7a45f19b5.msu
2017-08-16 09:25 - 2017-08-16 09:25 - 003683420 _____ C:\Users\colin\Documents\bronco hockey.ai
2017-08-15 12:11 - 2017-08-15 12:11 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign237ce4c76068103a
2017-08-15 12:10 - 2017-08-15 12:10 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignee3b8eb37a72f25a
2017-08-14 19:23 - 2017-08-14 19:23 - 000036887 _____ C:\Users\colin\Downloads\running-shoe-print.svg
2017-08-14 19:13 - 2017-09-12 11:11 - 000000000 ___RD C:\Users\colin\Creative Cloud Files
2017-08-14 18:31 - 2017-08-14 18:30 - 001821805 _____ C:\Users\colin\Documents\EuropaType_Specimen_Mono45_Headline_Regular_200dpi.pdf
2017-08-14 18:18 - 2017-08-14 18:18 - 000002649 _____ C:\Users\colin\Downloads\131-ribbon633e0da.zip
2017-08-14 18:00 - 2017-08-14 18:00 - 000005139 _____ C:\Users\colin\Downloads\idaho-map-black-silhouette.svg
2017-08-14 17:59 - 2017-08-14 17:59 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsign9776308c0687f79e
2017-08-14 15:03 - 2017-08-14 15:03 - 000000000 ____D C:\Users\colin\AppData\Local\Tempzxpsignbfd7a28919875b28
2017-08-14 10:41 - 2017-08-14 10:41 - 000000000 ____D C:\Users\colin\AppData\LocalLow\Temp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-12 11:29 - 2017-03-18 14:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-12 11:28 - 2017-07-16 22:09 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-12 11:20 - 2017-07-14 16:23 - 000000033 _____ C:\Users\colin\AppData\Roaming\AdobeWLCMCache.dat
2017-09-12 11:11 - 2017-07-14 16:19 - 000000000 ____D C:\Users\colin\AppData\Local\Adobe
2017-09-12 11:10 - 2017-07-16 22:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-12 10:52 - 2017-07-16 22:50 - 001427762 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-12 10:48 - 2017-07-16 22:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-12 10:48 - 2017-07-16 22:39 - 007204616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-12 10:48 - 2017-03-18 05:40 - 022544384 _____ C:\WINDOWS\system32\config\HARDWARE
2017-09-12 10:48 - 2017-03-18 05:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-09-12 10:28 - 2017-07-14 16:11 - 000000000 ____D C:\Users\colin\AppData\Local\Packages
2017-09-12 10:28 - 2017-03-18 15:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-12 10:28 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-12 10:16 - 2017-07-16 22:40 - 000000000 ____D C:\Users\colin
2017-09-12 10:16 - 2016-07-16 05:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-12 09:56 - 2017-02-15 17:28 - 000000000 ____D C:\Windows10Upgrade
2017-09-12 09:07 - 2017-07-14 21:30 - 000000000 ____D C:\Users\colin\AppData\Roaming\uTorrent
2017-09-10 19:21 - 2017-08-10 08:58 - 000000000 ____D C:\ProgramData\KMSAutoS
2017-09-03 17:42 - 2017-07-20 12:27 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1363144225-3694055549-4064340856-1001
2017-09-03 17:42 - 2017-07-14 16:13 - 000002374 _____ C:\Users\colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-03 17:42 - 2017-07-14 16:13 - 000000000 ___RD C:\Users\colin\OneDrive
2017-09-03 16:42 - 2017-07-14 19:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-01 15:59 - 2017-03-18 15:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-31 17:37 - 2017-03-18 15:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-31 10:47 - 2017-08-10 09:31 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-08-31 10:47 - 2017-08-10 09:31 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-08-30 12:02 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-29 12:52 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-29 10:50 - 2017-07-21 12:11 - 000000000 ____D C:\Users\colin\AppData\Roaming\FontForge
2017-08-29 09:23 - 2017-07-14 16:22 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-08-29 09:19 - 2017-07-14 16:23 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-08-29 09:18 - 2017-07-14 16:21 - 000000000 ____D C:\Program Files\Adobe
2017-08-29 09:18 - 2017-07-14 16:11 - 000000000 ____D C:\Users\colin\AppData\Roaming\Adobe
2017-08-28 15:05 - 2017-07-16 22:39 - 000000000 ____D C:\WINDOWS\Firmware
2017-08-21 15:27 - 2017-08-06 13:19 - 000000000 ____D C:\Users\colin\Downloads\Cars 3 2017 1080P HDTC-x264-AAC-Zi$t
2017-08-18 09:06 - 2017-07-14 18:14 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-16 19:30 - 2017-07-14 16:20 - 000000000 ____D C:\ProgramData\Adobe
2017-08-15 13:39 - 2017-07-14 16:13 - 000000000 ____D C:\Users\colin\AppData\Local\Comms
2017-08-14 19:11 - 2017-07-14 16:19 - 000000000 ____D C:\Program Files (x86)\Adobe
 
==================== Files in the root of some directories =======
 
2017-07-14 22:55 - 2017-07-14 22:56 - 007649280 _____ () C:\Program Files (x86)\GUT49B0.tmp
2017-07-14 22:26 - 2017-07-14 22:27 - 007649280 _____ () C:\Program Files (x86)\GUT8BE.tmp
2017-07-26 12:58 - 2017-07-26 12:58 - 007649280 _____ () C:\Program Files (x86)\GUTCD38.tmp
2017-07-15 09:40 - 2017-07-15 09:40 - 000000016 ____H () C:\Program Files (x86)\Common Files\asv2-astg
2017-07-15 09:40 - 2017-07-15 09:40 - 000000016 ____H () C:\Program Files (x86)\Common Files\cld2-astg
2017-07-15 09:40 - 2017-07-15 09:40 - 000000016 ____H () C:\Program Files (x86)\Common Files\ins1-astg
2017-07-15 09:40 - 2017-07-15 09:40 - 000000016 ____H () C:\Program Files (x86)\Common Files\mir1-astg
2017-07-15 09:40 - 2017-07-15 09:40 - 000000016 ____H () C:\Program Files (x86)\Common Files\vs3-astg
2017-07-14 16:23 - 2017-09-12 11:20 - 000000033 _____ () C:\Users\colin\AppData\Roaming\AdobeWLCMCache.dat
2017-05-17 11:32 - 2017-05-17 11:32 - 000125952 _____ () C:\Users\colin\AppData\Local\report
2017-07-21 14:32 - 2017-07-21 14:32 - 000003072 _____ () C:\Users\colin\AppData\Local\uninstallce.exe
2017-07-15 09:40 - 2017-07-15 09:40 - 000000011 ____H () C:\ProgramData\.asv2sfi
2017-07-15 09:40 - 2017-07-15 09:40 - 000000011 ____H () C:\ProgramData\.cld2sfi
2017-07-15 09:40 - 2017-07-15 09:40 - 000000011 ____H () C:\ProgramData\.ins1sfi
2017-07-15 09:40 - 2017-07-15 09:40 - 000000011 ____H () C:\ProgramData\.mir1sfi
2017-07-15 09:40 - 2017-07-15 09:40 - 000000011 ____H () C:\ProgramData\.vs3sfi
2017-07-20 11:42 - 2017-07-20 11:42 - 000000027 _____ () C:\ProgramData\serverclasscache.ini
 
Some files in TEMP:
====================
2017-08-04 09:27 - 2017-08-04 09:27 - 007469104 _____ (Gold Click Ltd                                              ) C:\Users\colin\AppData\Local\Temp\offer17pg.exe
2017-08-14 12:15 - 2017-08-14 12:15 - 000045056 _____ () C:\Users\colin\AppData\Local\Temp\Sicilians.dll
2017-08-04 09:25 - 2017-08-04 09:25 - 000701952 _____ (SQLite Development Team) C:\Users\colin\AppData\Local\Temp\sqlite3.exe
2017-08-03 12:37 - 2017-08-03 12:37 - 170074320 _____ (2017 Celartem, Inc. d.b.a Extensis All rights reserved) C:\Users\colin\AppData\Local\Temp\Suitcase Fusion v18.2.4.exe
2017-08-16 09:25 - 2017-08-16 09:25 - 006457520 _____ (Microsoft Corporation) C:\Users\colin\AppData\Local\Temp\Windows10Upgrade.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-06 14:39
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 12 September 2017 - 12:46 PM

Hi ctspeedy95 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-DATE-(TIME).txt" log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 ctspeedy95

ctspeedy95
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 14 September 2017 - 11:33 AM

Hi ctspeedy95 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-DATE-(TIME).txt" log that is located in the MBAR folder here after.

 

So I've tried to run Malware Bytes and it gets to a certain spot and then becomes unresponsive and I can't get a scan to finish. 



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 14 September 2017 - 11:35 AM

Did you make sure that Drivers was the only option checked (and unchecked the 2 others)?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 ctspeedy95

ctspeedy95
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 14 September 2017 - 12:29 PM

Did you make sure that Drivers was the only option checked (and unchecked the 2 others)?

I did and it came back and said no malware found 



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 14 September 2017 - 12:36 PM

Can you provide me the "mbar-log-DATE-(TIME).txt" log that should be in the MBAR folder so I can review it?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 ctspeedy95

ctspeedy95
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 14 September 2017 - 12:54 PM

Can you provide me the "mbar-log-DATE-(TIME).txt" log that should be in the MBAR folder so I can review it?

 

Malwarebytes Anti-Rootkit BETA 1.9.4.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.09.14.07
  rootkit: v2017.09.13.01
 
Windows 10 x64 NTFS
Internet Explorer 11.540.15063.0
colin :: DESKTOP-JSCGSU8 [administrator]
 
9/14/2017 11:27:18 AM
mbar-log-2017-09-14 (11-27-18).txt
 
Scan type: 
Scan options enabled: Anti-Rootkit | Drivers | MBR
Scan options disabled: Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Objects scanned: 455
Time elapsed: 1 minute(s), 6 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 14 September 2017 - 01:22 PM

Now, are you able to install and run a scan with Malwarebytes?

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 ctspeedy95

ctspeedy95
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 14 September 2017 - 01:24 PM

Now, are you able to install and run a scan with Malwarebytes?

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

 

No. It tells me the requested resource is in use and goes away. 



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 14 September 2017 - 01:27 PM

Delete your current copy and folder of MBAR, and download this one instead. Then update the database, run a scan (with only Drivers enabled), and provide me the "mbar-log-DATE-(TIME).txt" log afterwards.

https://malwarebytes.app.box.com/s/flmkkcawxhohv6jf6wlkentlvycq0f3z

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 ctspeedy95

ctspeedy95
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 14 September 2017 - 01:34 PM

Malwarebytes Anti-Rootkit BETA 1.10.1.1002
www.malwarebytes.org
 
Database version:
  main:    v2017.09.14.07
  rootkit: v2017.09.13.01
 
Windows 10 x64 NTFS
Internet Explorer 11.540.15063.0
colin :: DESKTOP-JSCGSU8 [administrator]
 
9/14/2017 12:29:41 PM
mbar-log-2017-09-14 (12-29-41).txt
 
Scan type: 
Scan options enabled: Anti-Rootkit | Drivers | MBR
Scan options disabled: Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Objects scanned: 456
Time elapsed: 29 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)

 

Delete your current copy and folder of MBAR, and download this one instead. Then update the database, run a scan (with only Drivers enabled), and provide me the "mbar-log-DATE-(TIME).txt" log afterwards.

https://malwarebytes.app.box.com/s/flmkkcawxhohv6jf6wlkentlvycq0f3z

 



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 14 September 2017 - 01:37 PM

That's weird. Follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • A file called fixlog.txt will be on your desktop. Attach it here so I can review it

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 ctspeedy95

ctspeedy95
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 14 September 2017 - 06:34 PM

That's weird. Follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • A file called fixlog.txt will be on your desktop. Attach it here so I can review it

 

Sorry I was in class and wasn't able to get to my computer. 

 

Here's the fixlog results:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-09-2017 01
Ran by colin (14-09-2017 17:32:45) Run:1
Running from C:\Users\colin\Downloads
Loaded Profiles: colin (Available Profiles: defaultuser0 & colin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: dir C:\Windows
CMD: dir C:\Windows\system32\drivers
*****************
 
 
========= bcdedit.exe /set {default} recoveryenabled yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= dir C:\Windows =========
 
 Volume in drive C is Windows
 Volume Serial Number is CA5B-5BBB
 
 Directory of C:\Windows
 
09/13/2017  10:51 PM    <DIR>          .
09/13/2017  10:51 PM    <DIR>          ..
03/18/2017  03:03 PM    <DIR>          addins
07/17/2017  06:00 AM    <DIR>          appcompat
08/10/2017  09:05 AM    <DIR>          AppPatch
09/14/2017  11:31 AM    <DIR>          AppReadiness
07/16/2017  10:41 PM    <DIR>          assembly
03/18/2017  03:03 PM    <DIR>          bcastdvr
06/08/2017  02:15 AM            64,512 bfsvc.exe
03/18/2017  03:03 PM    <DIR>          Boot
03/18/2017  03:03 PM    <DIR>          Branding
09/13/2017  04:13 PM    <DIR>          CbsTemp
07/16/2017  10:46 PM             6,647 comsetup.log
07/14/2017  06:00 PM    <DIR>          CSC
03/18/2017  03:03 PM    <DIR>          Cursors
08/08/2017  02:08 PM    <DIR>          debug
07/16/2017  10:47 PM            11,433 diagerr.xml
03/18/2017  03:03 PM    <DIR>          diagnostics
07/16/2017  10:47 PM            11,433 diagwrn.xml
03/18/2017  08:28 PM    <DIR>          DigitalLocker
07/16/2017  10:43 PM             4,176 DtcInstall.log
03/18/2017  08:28 PM    <DIR>          en-US
07/17/2017  12:36 AM         4,847,424 explorer.exe
08/28/2017  03:05 PM    <DIR>          Firmware
03/18/2017  03:03 PM    <DIR>          GameBarPresenceWriter
03/18/2017  03:03 PM    <DIR>          Globalization
03/18/2017  08:28 PM    <DIR>          Help
06/08/2017  02:15 AM           975,360 HelpPane.exe
03/18/2017  02:57 PM            18,432 hh.exe
07/16/2017  10:45 PM    <DIR>          HoloShell
03/18/2017  08:28 PM    <DIR>          IME
08/10/2017  09:05 AM    <DIR>          ImmersiveControlPanel
09/12/2017  03:56 PM    <DIR>          INF
03/18/2017  03:03 PM    <DIR>          InfusedApps
03/18/2017  03:03 PM    <DIR>          InputMethod
03/18/2017  03:03 PM    <DIR>          L2Schemas
07/15/2017  09:29 AM            10,009 LDPINST.LOG
08/29/2017  12:52 PM    <DIR>          LiveKernelReports
07/20/2017  01:04 PM             2,176 LkmdfCoInst.log
08/28/2017  11:47 AM    <DIR>          Logs
08/04/2017  09:28 AM     1,039,822,646 MEMORY.DMP
03/18/2017  02:57 PM            43,131 mib.bin
09/13/2017  10:51 PM    <DIR>          Microsoft Antimalware
09/01/2017  03:58 PM    <DIR>          Microsoft.NET
03/18/2017  03:03 PM    <DIR>          Migration
08/04/2017  09:28 AM    <DIR>          Minidump
03/18/2017  08:28 PM    <DIR>          MiracastView
03/18/2017  03:03 PM    <DIR>          ModemLogs
03/18/2017  02:58 PM           246,784 notepad.exe
03/18/2017  08:30 PM    <DIR>          OCR
03/18/2017  03:03 PM    <DIR>          Offline Web Pages
09/13/2017  09:01 PM    <DIR>          Panther
03/18/2017  03:03 PM    <DIR>          Performance
09/13/2017  08:54 PM         1,429,218 PFRO.log
03/18/2017  03:03 PM    <DIR>          PLA
06/08/2017  02:16 AM    <DIR>          PolicyDefinitions
09/14/2017  12:29 PM    <DIR>          Prefetch
03/18/2017  08:28 PM    <DIR>          PrintDialog
03/18/2017  02:59 PM            34,774 Professional.xml
07/16/2017  10:09 PM                36 progress.ini
06/08/2017  02:16 AM    <DIR>          Provisioning
03/18/2017  02:57 PM           321,024 regedit.exe
07/16/2017  10:47 PM    <DIR>          Registration
03/18/2017  08:31 PM    <DIR>          RemotePackages
07/16/2017  10:48 PM    <DIR>          rescache
03/18/2017  03:03 PM    <DIR>          Resources
03/18/2017  03:03 PM    <DIR>          SchCache
03/18/2017  08:31 PM    <DIR>          schemas
03/18/2017  08:31 PM    <DIR>          security
07/16/2017  10:39 PM    <DIR>          ServiceProfiles
03/18/2017  08:28 PM    <DIR>          servicing
07/17/2017  12:38 AM    <DIR>          Setup
09/11/2017  05:22 PM            23,233 setupact.log
07/20/2017  01:04 PM               388 setuperr.log
08/10/2017  09:05 AM    <DIR>          ShellExperiences
03/18/2017  08:29 PM    <DIR>          SKB
08/16/2017  09:29 AM    <DIR>          SoftwareDistribution
03/18/2017  03:03 PM    <DIR>          Speech
03/18/2017  03:03 PM    <DIR>          Speech_OneCore
03/18/2017  02:58 PM           130,560 splwow64.exe
03/18/2017  03:03 PM    <DIR>          System
07/16/2016  05:45 AM               219 system.ini
09/13/2017  08:59 PM    <DIR>          System32
03/18/2017  08:31 PM    <DIR>          SystemApps
03/18/2017  08:31 PM    <DIR>          SystemResources
09/12/2017  11:35 AM    <DIR>          SysWOW64
03/18/2017  03:03 PM    <DIR>          TAPI
09/12/2017  01:57 PM    <DIR>          Tasks
09/14/2017  05:31 PM    <DIR>          Temp
03/18/2017  03:03 PM    <DIR>          tracing
03/18/2017  03:03 PM    <DIR>          twain_32
03/18/2017  02:58 PM            65,536 twain_32.dll
07/21/2017  04:22 AM            35,759 uninstaller.dat
03/18/2017  03:03 PM    <DIR>          Vss
03/18/2017  03:03 PM    <DIR>          Web
07/16/2016  05:45 AM                92 win.ini
09/14/2017  12:42 PM               275 WindowsUpdate.log
03/18/2017  02:58 PM            10,240 winhlp32.exe
09/13/2017  04:57 PM    <DIR>          WinSxS
03/18/2017  02:56 PM           316,640 WMSysPr9.prx
03/18/2017  02:58 PM            11,264 write.exe
              28 File(s)  1,048,443,421 bytes
              73 Dir(s)  170,379,845,632 bytes free
 
========= End of CMD: =========
 
 
========= dir C:\Windows\system32\drivers =========
 
 Volume in drive C is Windows
 Volume Serial Number is CA5B-5BBB
 
 Directory of C:\Windows\system32\drivers
 
09/14/2017  12:29 PM    <DIR>          .
09/14/2017  12:29 PM    <DIR>          ..
03/18/2017  02:56 PM           238,080 1394ohci.sys
03/18/2017  02:56 PM           107,424 3ware.sys
09/14/2017  12:29 PM           253,888 576417C9.sys
07/27/2017  11:23 PM           723,360 acpi.sys
03/18/2017  02:56 PM            20,480 AcpiDev.sys
03/18/2017  02:56 PM           127,392 acpiex.sys
03/18/2017  02:56 PM            12,800 acpipagr.sys
03/18/2017  02:56 PM            14,848 acpipmi.sys
03/18/2017  02:56 PM            14,336 acpitime.sys
03/18/2017  02:56 PM         1,135,512 adp80xx.sys
03/18/2017  02:57 PM           610,712 afd.sys
03/18/2017  02:58 PM           108,544 agilevpn.sys
03/18/2017  02:57 PM           239,616 ahcache.sys
03/18/2017  02:56 PM           176,640 amdk8.sys
03/18/2017  02:56 PM           172,544 amdppm.sys
03/18/2017  02:56 PM            83,352 amdsata.sys
03/18/2017  02:56 PM           259,488 amdsbs.sys
03/18/2017  02:56 PM            27,040 amdxata.sys
03/18/2017  02:58 PM           184,736 appid.sys
03/18/2017  02:58 PM            17,920 applockerfltr.sys
03/18/2017  08:30 PM           127,904 AppVStrm.sys
03/18/2017  08:30 PM           161,696 AppvVemgr.sys
03/18/2017  08:30 PM           143,776 AppvVfs.sys
03/18/2017  02:56 PM           132,000 arcsas.sys
03/18/2017  02:57 PM            28,672 asyncmac.sys
03/18/2017  02:56 PM            29,088 atapi.sys
03/18/2017  02:56 PM           194,464 ataport.sys
03/18/2017  02:56 PM            57,344 BasicDisplay.sys
06/08/2017  02:15 AM            35,840 BasicRender.sys
03/18/2017  02:56 PM            36,256 battc.sys
03/18/2017  02:56 PM             9,728 bcmfn2.sys
03/18/2017  02:57 PM            10,240 beep.sys
03/18/2017  02:56 PM           101,888 bowser.sys
07/27/2017  10:25 PM           115,712 bridge.sys
03/18/2017  02:56 PM            23,552 BtaMPM.sys
03/18/2017  02:56 PM            43,520 BthAvrcpTg.sys
07/27/2017  10:25 PM           105,472 bthenum.sys
07/27/2017  10:08 PM            97,792 bthhfenum.sys
03/18/2017  02:56 PM            32,256 BthhfHid.sys
03/18/2017  02:56 PM            66,560 bthmodem.sys
07/17/2017  12:36 AM           130,048 bthpan.sys
07/27/2017  10:20 PM           982,016 bthport.sys
03/18/2017  02:56 PM            85,504 BTHUSB.SYS
03/18/2017  02:56 PM            39,424 buttonconverter.sys
03/18/2017  02:56 PM           533,920 bxvbda.sys
03/18/2017  02:56 PM            53,664 CAD.sys
03/18/2017  02:56 PM           122,880 capimg.sys
03/18/2017  02:57 PM            93,184 cdfs.sys
03/18/2017  02:56 PM           160,256 cdrom.sys
03/18/2017  02:57 PM            77,216 CEA.sys
03/18/2017  02:56 PM           102,816 cht4dx64.sys
03/18/2017  02:56 PM           347,032 cht4sx64.sys
03/18/2017  02:56 PM         2,104,224 cht4vx64.sys
03/18/2017  02:56 PM            49,152 circlass.sys
03/18/2017  02:57 PM           391,584 Classpnp.sys
03/18/2017  02:58 PM            12,288 cldflt.sys
07/31/2017  08:38 PM           382,368 clfs.sys
03/18/2017  02:58 PM           877,472 ClipSp.sys
03/18/2017  02:56 PM            30,208 CmBatt.sys
03/18/2017  02:56 PM            28,064 cmimcext.sys
03/18/2017  02:58 PM           642,688 cng.sys
03/18/2017  02:57 PM            39,840 cnghwassist.sys
03/18/2017  02:57 PM            56,224 condrv.sys
03/18/2017  02:57 PM            86,432 crashdmp.sys
03/18/2017  08:30 PM           559,104 csc.sys
07/13/2017  02:46 AM           116,120 CSI2HostControllerDriver.sys
06/28/2017  05:49 PM         1,213,432 css_fw.bin
06/08/2017  02:15 AM           112,544 dam.sys
03/18/2017  02:56 PM            45,568 devauthe.sys
03/18/2017  02:57 PM           150,528 dfsc.sys
03/18/2017  02:56 PM           102,816 disk.sys
03/18/2017  02:58 PM            38,816 Diskdump.sys
03/18/2017  02:57 PM            15,360 Dmpusbstor.sys
03/18/2017  02:56 PM            47,104 dmvsc.sys
03/18/2017  02:56 PM            97,280 drmk.sys
03/18/2017  02:56 PM            16,232 drmkaud.sys
04/03/2017  07:58 PM           238,920 dsp_fw_release.bin
04/03/2017  07:58 PM            12,288 dsp_fw_release_7CAD0808-AB10-CD23-EF45-12AB34CD56EF.bin
03/18/2017  02:57 PM            35,744 Dumpata.sys
03/18/2017  02:59 PM            91,152 dumpfve.sys
06/08/2017  02:15 AM           188,824 dumpsd.sys
03/18/2017  02:58 PM            32,256 dumpsdport.sys
03/18/2017  02:57 PM            25,600 Dumpstorport.sys
07/31/2017  08:32 PM         2,444,704 dxgkrnl.sys
06/08/2017  02:15 AM           409,504 dxgmms1.sys
07/31/2017  08:32 PM           712,600 dxgmms2.sys
03/18/2017  02:57 PM            88,992 EhStorClass.sys
03/18/2017  02:56 PM           119,200 EhStorTcgDrv.sys
03/18/2017  08:31 PM    <DIR>          en-US
03/18/2017  02:56 PM            13,824 errdev.sys
07/16/2017  10:45 PM    <DIR>          etc
03/18/2017  02:56 PM         3,419,040 evbda.sys
03/18/2017  02:57 PM           347,136 exfat.sys
06/08/2017  02:15 AM           363,424 fastfat.sys
03/18/2017  02:56 PM            32,768 fdc.sys
03/18/2017  02:56 PM            54,272 filecrypt.sys
03/18/2017  02:57 PM            86,432 fileinfo.sys
03/18/2017  02:57 PM            36,864 filetrace.sys
03/18/2017  02:56 PM            26,624 flpydisk.sys
03/18/2017  02:57 PM           386,464 fltMgr.sys
03/18/2017  02:56 PM            63,904 fsdepends.sys
03/18/2017  02:57 PM            33,688 fs_rec.sys
07/27/2017  11:15 PM           715,168 fvevol.sys
03/18/2017  02:57 PM           419,744 FWPKCLNT.SYS
03/18/2017  02:56 PM            21,504 genericusbfn.sys
03/18/2017  02:57 PM         3,440,660 gm.dls
03/18/2017  02:57 PM               646 gmreadme.txt
03/18/2017  02:58 PM             8,192 gpuenergydrv.sys
07/17/2017  12:36 AM            86,528 hdaudbus.sys
03/18/2017  02:56 PM            38,296 hidbatt.sys
03/18/2017  02:56 PM           106,496 hidbth.sys
03/18/2017  02:56 PM           180,736 hidclass.sys
03/18/2017  02:56 PM            52,224 hidi2c.sys
03/18/2017  02:56 PM            51,104 hidinterrupt.sys
03/18/2017  02:56 PM            46,592 hidir.sys
03/18/2017  02:56 PM            40,960 hidparse.sys
03/18/2017  02:56 PM            40,960 hidusb.sys
03/18/2017  02:56 PM            64,416 HpSAMD.sys
07/17/2017  12:36 AM         1,106,848 http.sys
03/18/2017  02:57 PM            74,648 hvservice.sys
03/18/2017  02:56 PM           118,688 hvsocket.sys
03/18/2017  02:57 PM            29,600 hwpolicy.sys
03/18/2017  02:56 PM            16,896 hyperkbd.sys
03/18/2017  02:56 PM           115,200 i8042prt.sys
07/13/2017  02:46 AM         2,404,760 iacamera64.sys
07/13/2017  02:46 AM           183,192 iactrllogic64.sys
03/18/2017  02:56 PM            33,280 iagpio.sys
03/18/2017  02:56 PM            81,408 iai2c.sys
07/13/2017  02:46 AM            47,000 iaisp64.sys
03/18/2017  02:56 PM            70,656 iaLPSS2i_GPIO2.sys
03/18/2017  02:56 PM            85,504 iaLPSS2i_GPIO2_BXT_P.sys
03/18/2017  02:56 PM           165,376 iaLPSS2i_I2C.sys
03/18/2017  02:56 PM           168,448 iaLPSS2i_I2C_BXT_P.sys
03/18/2017  02:56 PM            38,128 iaLPSSi_GPIO.sys
03/18/2017  02:56 PM           113,152 iaLPSSi_I2C.sys
04/05/2017  07:20 PM           769,072 iaPreciseTouch.sys
03/18/2017  02:56 PM           673,184 iaStorAV.sys
03/18/2017  02:56 PM           412,064 iaStorV.sys
03/18/2017  02:56 PM           526,240 ibbus.sys
03/18/2017  02:58 PM            36,864 IndirectKmd.sys
04/24/2017  11:46 PM           246,344 IntcAudioBus.sys
06/07/2017  05:57 PM           838,144 IntcDAud.sys
04/24/2017  11:46 PM           750,152 IntcOED.sys
03/18/2017  02:56 PM            19,360 intelide.sys
03/18/2017  02:56 PM            74,840 intelpep.sys
03/18/2017  02:56 PM           193,536 intelppm.sys
03/18/2017  02:57 PM            49,568 iorate.sys
03/18/2017  02:57 PM            87,040 ipfltdrv.sys
03/18/2017  02:56 PM            92,064 IPMIDrv.sys
03/18/2017  02:58 PM           214,528 ipnat.sys
03/18/2017  02:57 PM           120,320 irda.sys
03/18/2017  02:57 PM            19,968 irenum.sys
03/18/2017  02:56 PM            22,944 isapnp.sys
03/18/2017  02:56 PM            64,416 kbdclass.sys
03/18/2017  02:56 PM            40,448 kbdhid.sys
03/18/2017  02:56 PM            23,040 kdnic.sys
03/18/2017  02:58 PM           390,144 ks.sys
03/18/2017  02:57 PM           136,088 ksecdd.sys
03/18/2017  02:58 PM           170,912 ksecpkg.sys
06/08/2017  02:15 AM            27,136 ksthunk.sys
06/17/2015  08:25 PM            87,696 LEqdUsb.sys
06/17/2015  08:25 PM            23,184 LHidEqd.sys
06/17/2015  08:25 PM            86,672 LHidFilt.Sys
03/18/2017  02:58 PM            66,560 lltdio.sys
06/17/2015  08:25 PM            69,264 LMouFilt.Sys
07/20/2017  01:04 PM            18,960 LNonPnP.sys
03/18/2017  02:56 PM           108,960 lsi_sas.sys
03/18/2017  02:56 PM           123,808 lsi_sas2i.sys
03/18/2017  02:56 PM           103,328 lsi_sas3i.sys
03/18/2017  02:56 PM            82,848 lsi_sss.sys
03/18/2017  02:57 PM           124,928 luafv.sys
03/18/2017  02:56 PM           405,408 mausbhost.sys
03/18/2017  02:56 PM            51,104 mausbip.sys
09/14/2017  11:26 AM           194,776 MBAMSwissArmy.sys
03/18/2017  02:57 PM            23,552 mcd.sys
03/18/2017  02:56 PM            59,808 megasas.sys
03/18/2017  02:56 PM            64,416 MegaSas2i.sys
03/18/2017  02:56 PM           575,904 megasr.sys
07/27/2017  10:25 PM            97,280 Microsoft.Bluetooth.Legacy.LEEnumerator.sys
03/18/2017  02:56 PM           842,656 mlx4_bus.sys
03/18/2017  02:57 PM            50,688 mmcss.sys
03/18/2017  02:57 PM            42,496 modem.sys
03/18/2017  02:56 PM            39,424 monitor.sys
03/18/2017  02:56 PM            60,320 mouclass.sys
03/18/2017  02:56 PM            33,280 mouhid.sys
03/18/2017  02:57 PM           105,880 mountmgr.sys
03/18/2017  02:58 PM            76,800 mpsdrv.sys
06/07/2017  05:57 PM         1,062,920 mrvlpcie8897.sys
03/18/2017  02:57 PM           144,384 mrxdav.sys
03/18/2017  02:57 PM           467,352 mrxsmb.sys
07/17/2017  12:36 AM           285,696 mrxsmb10.sys
07/17/2017  12:36 AM           228,256 mrxsmb20.sys
03/18/2017  02:57 PM            31,744 msfs.sys
07/16/2016  05:42 AM                 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
03/18/2017  02:57 PM           169,888 msgpioclx.sys
03/18/2017  02:56 PM            49,056 msgpiowin32.sys
03/18/2017  02:57 PM             8,704 mshidkmdf.sys
03/18/2017  02:57 PM            12,288 mshidumdf.sys
07/06/2013  01:27 PM            81,696 msidntfs.sys
03/18/2017  02:56 PM            19,352 msisadrv.sys
07/27/2017  11:20 PM           279,968 msiscsi.sys
07/17/2017  12:36 AM            32,768 mskssrv.sys
03/18/2017  02:57 PM            83,456 mslldp.sys
03/18/2017  02:58 PM            10,752 mspclock.sys
03/18/2017  02:58 PM            10,752 mspqm.sys
03/18/2017  02:57 PM           367,000 msrpc.sys
03/18/2017  08:31 PM           230,816 mssecflt.sys
03/18/2017  02:56 PM            44,960 mssmbios.sys
03/18/2017  02:58 PM            12,800 mstee.sys
03/18/2017  02:56 PM            16,896 MTConfig.sys
03/18/2017  02:57 PM           123,808 mup.sys
07/13/2016  12:46 AM            14,454 mute.bmp
03/18/2017  02:56 PM            63,904 mvumis.sys
03/18/2017  02:56 PM           108,960 ndfltr.sys
07/17/2017  12:36 AM         1,242,528 ndis.sys
03/18/2017  02:57 PM            50,688 ndiscap.sys
03/18/2017  02:57 PM           128,512 NdisImPlatform.sys
03/18/2017  02:58 PM            27,136 ndistapi.sys
03/18/2017  02:58 PM            65,536 ndisuio.sys
03/18/2017  02:57 PM            20,992 NdisVirtualBus.sys
03/18/2017  02:58 PM           192,000 ndiswan.sys
03/18/2017  02:58 PM            62,464 ndproxy.sys
03/18/2017  02:58 PM           127,488 Ndu.sys
03/28/2016  12:41 PM            23,040 netaapl64.sys
03/18/2017  02:57 PM           122,368 NetAdapterCx.sys
03/18/2017  02:57 PM            57,760 netbios.sys
03/18/2017  02:57 PM           305,152 netbt.sys
07/17/2017  12:36 AM           519,584 netio.sys
06/08/2017  02:15 AM           118,784 netvsc.sys
03/18/2017  02:57 PM            69,120 npfs.sys
03/18/2017  02:56 PM            27,136 npsvctrig.sys
03/18/2017  02:57 PM            41,984 nsiproxy.sys
07/27/2017  11:24 PM         2,327,456 ntfs.sys
03/18/2017  02:57 PM            20,376 ntosext.sys
03/18/2017  02:57 PM             7,680 null.sys
03/18/2017  02:56 PM            80,896 nvdimmn.sys
03/18/2017  02:56 PM           150,432 nvraid.sys
03/18/2017  02:56 PM           166,304 nvstor.sys
03/18/2017  02:58 PM           549,888 nwifi.sys
07/13/2017  02:46 AM           167,320 ov5693.sys
06/28/2017  05:49 PM           236,208 OV5693_13P2BA540_SKY_pipeCfg.bin
07/13/2016  12:25 AM           173,232 OV5693_5BA505T2_SKY_pipeCfg.bin
07/13/2016  12:25 AM           173,232 OV5693_AM-5C012_SKY_pipeCfg.bin
07/13/2016  12:25 AM           173,232 OV5693_CJAF513_SKY_pipeCfg.bin
07/13/2016  12:25 AM           640,304 OV5693_MSHW0070_SKY_pipeCfg.bin
06/28/2017  05:49 PM           640,304 OV5693_MSHW0120_SKY_pipeCfg.bin
06/28/2017  05:49 PM           640,304 OV5693_MSHW0140_SKY_pipeCfg.bin
06/28/2017  05:49 PM           640,304 OV5693_MSHW0150_SKY_pipeCfg.bin
07/13/2017  02:46 AM           168,344 ov7251.sys
07/13/2016  12:25 AM            11,856 OV7251_5SF010T2_SKY_pipeCfg.bin
07/13/2016  12:25 AM            11,856 OV7251_6SF002T2_SKY_pipeCfg.bin
07/13/2016  12:25 AM             7,264 OV7251_MSHW0072_SKY_pipeCfg.bin
06/28/2017  05:49 PM             7,264 OV7251_MSHW0074_SKY_pipeCfg.bin
06/28/2017  05:49 PM             7,264 OV7251_MSHW0122_SKY_pipeCfg.bin
06/28/2017  05:49 PM             7,264 OV7251_MSHW0142_SKY_pipeCfg.bin
06/28/2017  05:49 PM             7,264 OV7251_MSHW0152_SKY_pipeCfg.bin
07/13/2017  02:46 AM           165,784 ov8865.sys
07/13/2016  12:25 AM           640,304 OV8865_MSHW0071_SKY_pipeCfg.bin
06/28/2017  05:49 PM           640,304 OV8865_MSHW0121_SKY_pipeCfg.bin
06/28/2017  05:49 PM           640,304 OV8865_MSHW0141_SKY_pipeCfg.bin
06/28/2017  05:49 PM           640,304 OV8865_MSHW0151_SKY_pipeCfg.bin
07/13/2016  12:25 AM           640,304 OV8865_MYCLAA4T_SKY_pipeCfg.bin
03/18/2017  02:57 PM           152,992 pacer.sys
03/18/2017  02:56 PM            97,792 parport.sys
03/18/2017  02:57 PM           159,648 partmgr.sys
03/18/2017  02:56 PM           353,696 pci.sys
03/18/2017  02:56 PM            16,800 pciide.sys
03/18/2017  02:56 PM            53,656 pciidex.sys
03/18/2017  02:56 PM           120,224 pcmcia.sys
03/18/2017  02:57 PM            52,640 pcw.sys
07/17/2017  12:36 AM           117,664 pdc.sys
03/18/2017  02:58 PM           741,376 PEAuth.sys
03/18/2017  02:56 PM            58,784 percsas2i.sys
03/18/2017  02:56 PM            61,848 percsas3i.sys
03/18/2017  02:56 PM           101,376 pmem.sys
03/18/2017  02:56 PM           373,248 portcls.sys
03/18/2017  02:56 PM           172,032 processr.sys
03/18/2017  02:57 PM            49,664 qwavedrv.sys
03/18/2017  02:57 PM            17,920 rasacd.sys
07/28/2013  01:24 PM           104,736 rasidfsv.sys
03/18/2017  02:58 PM           107,008 rasl2tp.sys
03/18/2017  02:57 PM            81,920 raspppoe.sys
03/18/2017  02:58 PM            97,792 raspptp.sys
03/18/2017  02:58 PM            79,872 rassstp.sys
03/18/2017  02:57 PM           434,080 rdbss.sys
03/18/2017  08:31 PM            27,136 rdpbus.sys
03/18/2017  08:30 PM           183,296 rdpdr.sys
03/18/2017  08:30 PM            30,624 rdpvideominiport.sys
03/18/2017  02:57 PM           282,528 rdyboost.sys
03/18/2017  02:57 PM         1,735,584 refs.sys
03/18/2017  02:57 PM           936,864 refsv1.sys
03/18/2017  02:57 PM            14,336 registry.sys
07/31/2017  07:41 PM           180,736 rfcomm.sys
03/18/2017  02:56 PM            40,960 RfxVmt.sys
03/18/2017  02:57 PM           150,016 rmcast.sys
03/18/2017  02:57 PM            34,816 RNDISMP.sys
06/08/2017  02:15 AM            13,312 rootmdm.sys
03/18/2017  02:58 PM            82,432 rspndr.sys
08/08/2016  07:58 AM             3,618 RTAIODAT.DAT
04/24/2017  11:46 PM         5,263,360 RTKVHD64.sys
03/18/2017  02:56 PM           110,496 sbp2port.sys
03/18/2017  02:57 PM            43,520 scfilter.sys
03/18/2017  02:56 PM            91,040 scmbus.sys
03/18/2017  02:57 PM           175,520 scsiport.sys
06/08/2017  02:15 AM           287,648 sdbus.sys
03/18/2017  02:56 PM            31,128 SDFRd.sys
03/18/2017  02:56 PM            98,208 sdport.sys
03/18/2017  02:56 PM            94,624 sdstor.sys
03/18/2017  02:57 PM            75,680 SerCx.sys
03/18/2017  02:57 PM           154,016 SerCx2.sys
03/18/2017  02:56 PM            26,112 serenum.sys
03/18/2017  02:56 PM            84,480 serial.sys
03/18/2017  02:56 PM            28,672 sermouse.sys
03/18/2017  02:56 PM            18,432 sfloppy.sys
03/18/2017  02:56 PM            44,960 sisraid2.sys
03/18/2017  02:56 PM            81,824 sisraid4.sys
07/16/2016  06:21 AM           170,496 SkcController.sys
03/18/2017  02:58 PM            32,672 SleepStudyHelper.sys
03/18/2017  02:57 PM            21,504 smclib.sys
03/18/2017  02:56 PM           167,328 spacedump.sys
03/18/2017  02:56 PM           587,168 spaceport.sys
03/18/2017  08:31 PM            40,352 SpatialGraphFilter.sys
03/18/2017  02:57 PM            80,288 SpbCx.sys
06/08/2017  02:15 AM           414,208 srv.sys
06/08/2017  02:15 AM           722,944 srv2.sys
03/18/2017  02:57 PM           255,488 srvnet.sys
03/18/2017  02:56 PM            31,136 stexstor.sys
06/08/2017  02:15 AM           144,288 storahci.sys
03/18/2017  02:56 PM            95,648 stornvme.sys
06/08/2017  02:15 AM           546,208 storport.sys
03/18/2017  02:58 PM            79,872 storqosflt.sys
03/18/2017  02:56 PM            36,760 storufs.sys
03/18/2017  02:56 PM            36,768 storvsc.sys
03/18/2017  02:57 PM            75,776 stream.sys
09/19/2015  03:32 AM            59,448 SurfaceBaseIntegration.sys
06/28/2016  10:55 PM           128,144 SurfaceButton.sys
09/19/2015  03:42 AM            58,504 SurfaceDigitizerIntegration.sys
11/21/2015  02:36 AM            51,344 SurfaceDisplayCalibration.sys
07/07/2017  06:39 PM            95,744 SurfaceIntegrationDriver.sys
07/14/2016  08:09 PM           115,592 SurfacePenDriver.sys
10/21/2015  06:52 PM         2,813,592 SurfaceStorageFwUpdate.sys
09/19/2015  03:42 AM            64,000 SurfaceSystemTelemetryDriver.sys
06/28/2016  10:56 PM            77,584 SurfaceTouchServicingML.sys
02/09/2017  08:39 PM            80,144 SurfaceUsbHubFwUpdate.sys
03/18/2017  02:56 PM            18,336 swenum.sys
03/18/2017  02:56 PM            64,512 Synth3dVsc.sys
03/18/2017  02:57 PM            31,232 tape.sys
03/18/2017  02:57 PM            28,064 tbs.sys
07/27/2017  11:10 PM         2,679,200 tcpip.sys
03/18/2017  02:57 PM            51,712 tcpipreg.sys
03/18/2017  02:57 PM            40,352 tdi.sys
07/31/2017  08:36 PM           119,712 tdx.sys
02/09/2017  10:28 PM           213,616 TeeDriverW8x64.sys
03/18/2017  08:31 PM            37,280 terminpt.sys
06/08/2017  02:15 AM           130,464 tm.sys
06/08/2017  02:15 AM           219,040 tpm.sys
07/05/2017  11:57 AM           442,848 Trufos.sys
03/18/2017  02:56 PM            61,440 TsUsbFlt.sys
03/18/2017  02:56 PM            35,328 TsUsbGD.sys
03/18/2017  08:30 PM           125,952 tsusbhub.sys
03/18/2017  02:58 PM           162,304 tunnel.sys
03/18/2017  02:56 PM            78,752 uaspstor.sys
03/18/2017  02:58 PM           104,448 UcmCx.sys
03/18/2017  02:58 PM           179,200 UcmTcpciCx.sys
07/27/2017  10:27 PM            51,712 UcmUcsi.sys
03/18/2017  02:56 PM           213,920 Ucx01000.sys
03/18/2017  02:56 PM            45,568 Udecx.sys
03/18/2017  02:57 PM           324,096 udfs.sys
03/18/2017  02:56 PM            29,600 uefi.sys
03/18/2017  08:31 PM            40,344 UevAgentDriver.sys
03/18/2017  02:58 PM           263,584 ufx01000.sys
03/18/2017  02:56 PM            98,712 UfxChipidea.sys
03/18/2017  02:56 PM           138,656 ufxsynopsys.sys
03/18/2017  02:56 PM            57,856 umbus.sys
08/21/2017  02:59 PM    <DIR>          UMDF
03/18/2017  02:56 PM            14,336 umpass.sys
03/18/2017  02:56 PM            29,600 urschipidea.sys
03/18/2017  02:58 PM            59,288 urscx01000.sys
03/18/2017  02:56 PM            28,064 urssynopsys.sys
03/18/2017  02:57 PM            23,040 usb8023.sys
03/28/2016  12:41 PM            54,784 usbaapl64.sys
03/18/2017  02:57 PM            37,888 USBCAMD2.sys
03/18/2017  02:56 PM           173,984 usbccgp.sys
03/18/2017  02:56 PM           103,424 usbcir.sys
03/18/2017  02:56 PM            32,160 usbd.sys
03/18/2017  02:56 PM            98,200 usbehci.sys
03/18/2017  02:56 PM           511,904 usbhub.sys
07/27/2017  11:15 PM           554,400 USBHUB3.SYS
03/18/2017  02:56 PM            30,720 usbohci.sys
03/18/2017  02:56 PM           466,336 usbport.sys
03/18/2017  02:56 PM            27,136 usbprint.sys
03/18/2017  02:56 PM            32,768 usbrpm.sys
03/18/2017  02:56 PM            71,680 usbser.sys
03/18/2017  02:56 PM           131,488 USBSTOR.SYS
03/18/2017  02:56 PM            35,328 usbuhci.sys
06/08/2017  02:15 AM           388,000 USBXHCI.SYS
03/18/2017  02:56 PM            54,176 vdrvroot.sys
03/18/2017  02:57 PM           215,456 VerifierExt.sys
06/08/2017  02:15 AM           730,016 vhdmp.sys
03/18/2017  02:56 PM            35,328 vhf.sys
03/18/2017  02:57 PM            49,664 videoprt.sys
07/31/2017  08:30 PM            82,336 vmbkmcl.sys
07/31/2017  07:44 PM            83,968 vmbkmclr.sys
03/18/2017  02:56 PM           107,424 vmbus.sys
03/18/2017  02:56 PM            25,088 VMBusHID.sys
03/18/2017  02:56 PM            13,824 vmgencounter.sys
03/18/2017  02:56 PM            10,240 vmgid.sys
03/18/2017  02:56 PM             9,216 vms3cap.sys
03/18/2017  02:56 PM            47,520 vmstorfl.sys
03/18/2017  02:56 PM            83,360 volmgr.sys
03/18/2017  02:57 PM           373,664 volmgrx.sys
03/18/2017  02:57 PM           397,216 volsnap.sys
03/18/2017  02:56 PM            16,288 volume.sys
03/18/2017  02:56 PM            74,656 vpci.sys
03/18/2017  02:56 PM           166,816 vsmraid.sys
03/18/2017  02:56 PM           305,568 VSTXRAID.SYS
03/18/2017  02:58 PM            27,136 vwifibus.sys
03/18/2017  02:58 PM            77,312 vwififlt.sys
03/18/2017  02:58 PM            41,472 vwifimp.sys
03/18/2017  02:56 PM            30,720 wacompen.sys
03/18/2017  02:58 PM            81,408 wanarp.sys
03/18/2017  02:57 PM            55,808 watchdog.sys
07/17/2017  12:36 AM           142,752 wcifs.sys
03/18/2017  02:57 PM            72,192 wcnfs.sys
03/18/2017  02:56 PM            44,632 WdBoot.sys
03/18/2017  02:57 PM           902,376 Wdf01000.sys
03/18/2017  02:56 PM           294,816 WdFilter.sys
03/18/2017  02:57 PM            61,672 WdfLdr.sys
07/17/2017  12:36 AM           757,248 WdiWiFi.sys
03/18/2017  02:56 PM           121,248 WdNisDrv.sys
03/18/2017  02:57 PM            46,488 werkernel.sys
03/18/2017  02:57 PM           164,768 wfplwfs.sys
03/18/2017  02:57 PM            35,744 wimmount.sys
03/18/2017  02:58 PM            70,232 WindowsTrustedRT.sys
03/18/2017  02:56 PM            18,520 WindowsTrustedRTProxy.sys
03/18/2017  02:56 PM            31,648 winhv.sys
03/18/2017  02:57 PM            55,296 winhvr.sys
03/18/2017  02:56 PM            32,160 winmad.sys
03/18/2017  02:58 PM           217,088 winnat.sys
03/18/2017  02:56 PM            90,112 winusb.sys
03/18/2017  02:56 PM            64,920 winverbs.sys
03/18/2017  02:56 PM            18,432 wmiacpi.sys
03/18/2017  02:57 PM            20,384 wmilib.sys
03/18/2017  02:57 PM           208,288 wof.sys
03/18/2017  02:59 PM            30,624 WpdUpFltr.sys
03/18/2017  02:57 PM            33,184 WppRecorder.sys
03/18/2017  02:57 PM            23,552 ws2ifsl.sys
03/18/2017  02:56 PM            22,528 WSDPrint.sys
03/18/2017  02:57 PM           100,864 WUDFPf.sys
03/18/2017  02:57 PM           220,672 WUDFRd.sys
06/08/2017  02:15 AM           277,504 xboxgip.sys
03/18/2017  02:56 PM            46,592 xinputhid.sys
             449 File(s)    100,153,917 bytes
               5 Dir(s)  170,379,812,864 bytes free
 
========= End of CMD: =========
 
 
==== End of Fixlog 17:32:46 ====


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 14 September 2017 - 06:41 PM

I can clearly see the 2 drivers from SmartService in the log you posted. MBAR should be able to detect and remove them. Please give me a few while I pass this information to Malwarebytes so they can investigate. Sorry for the delay.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 ctspeedy95

ctspeedy95
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 14 September 2017 - 06:47 PM

I can clearly see the 2 drivers from SmartService in the log you posted. MBAR should be able to detect and remove them. Please give me a few while I pass this information to Malwarebytes so they can investigate. Sorry for the delay.

No worries. What is my next step? 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users