Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing virus's


  • This topic is locked This topic is locked
11 replies to this topic

#1 bkn0x

bkn0x

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 25 November 2017 - 06:29 PM

I tried to download a few different anti-virus ive seen online and forums but it never lets me install any saying the resource is in use. I ran AVAST and picks up them but says its "access denied" when I click remove. Here is the logs from Farbar?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-11-2017 01
Ran by Brandon (administrator) on BRANDON-PC (25-11-2017 16:22:40)
Running from C:\Users\Brandon\Downloads
Loaded Profiles: Brandon &  (Available Profiles: Brandon)
Platform: Windows 10 Pro Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\Temp\mssasmasrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel® Corporation) C:\Program Files\Intel\Intel® Online Connect Access\IntelTechnologyAccessService.exe
(Intel® Corporation) C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(f.lux Software LLC) C:\Users\Brandon\AppData\Local\FluxSoftware\Flux\flux.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(hxxp://www.ruby-lang.org/) C:\Users\Brandon\AppData\Local\Temp\ocr51D9.tmp\bin\rubyw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Online Connect\ioc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9198592 2017-02-10] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [3411400 2017-10-21] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-25] (AVAST Software)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1203488 2016-10-20] (Intel Corporation)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112427\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15842280 2017-11-06] (Plex, Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116308\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15842280 2017-11-06] (Plex, Inc.)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15842280 2017-11-06] (Plex, Inc.)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\Run: [f.lux] => C:\Users\Brandon\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\Run: [GoogleChromeAutoLaunch_E39CDFEA4A38A6B3C5F413D26810AFC3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\Run: [Google Update] => C:\Users\Brandon\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\Run: [MusicManager] => C:\Users\Brandon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-01] (Google Inc.)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15842280 2017-11-06] (Plex, Inc.)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\Run: [f.lux] => C:\Users\Brandon\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\Run: [GoogleChromeAutoLaunch_E39CDFEA4A38A6B3C5F413D26810AFC3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\Run: [Google Update] => C:\Users\Brandon\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\Run: [MusicManager] => C:\Users\Brandon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-01] (Google Inc.)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15842280 2017-11-06] (Plex, Inc.)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\Run: [f.lux] => C:\Users\Brandon\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\Run: [GoogleChromeAutoLaunch_E39CDFEA4A38A6B3C5F413D26810AFC3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\Run: [Google Update] => C:\Users\Brandon\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\Run: [MusicManager] => C:\Users\Brandon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-01] (Google Inc.)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15842280 2017-11-06] (Plex, Inc.)
Startup: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\incarcerated.lnk [2017-09-05]
ShortcutTarget: incarcerated.lnk -> C:\Program Files (x86)\Insecure\dielectric.exe (No File)
Startup: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\therapies.lnk [2017-09-07]
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2f742daf-2b40-48f3-8154-4063ad22e347}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{acc8624a-336c-423a-a619-bec4e661114d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{cab0ba83-6975-4622-92f3-fd3fd5f5cef8}: [DhcpNameServer] 192.168.0.1 205.171.3.25
 
Internet Explorer:
==================
 
FireFox:
========
FF DefaultProfile: 6v7gcwiv.default
FF ProfilePath: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\6v7gcwiv.default [2017-11-25]
FF Extension: (Avast Online Security) - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\6v7gcwiv.default\Extensions\wrc@avast.com.xpi [2017-11-25]
FF Extension: (Adblock Plus) - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\6v7gcwiv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-09] [Lagacy]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4210733415-1393997643-687266019-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-4210733415-1393997643-687266019-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475: @tools.google.com/Google Update;version=3 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475: @tools.google.com/Google Update;version=9 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384: @tools.google.com/Google Update;version=3 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384: @tools.google.com/Google Update;version=9 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default [2017-11-25]
CHR Extension: (Slides) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-02]
CHR Extension: (Docs) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02]
CHR Extension: (Google Drive) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-02]
CHR Extension: (YouTube) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-02]
CHR Extension: (uBlock Origin) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-16]
CHR Extension: (Sheets) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-02]
CHR Extension: (Gmail) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-02]
CHR Extension: (Chrome Media Router) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-25] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-25] (AVAST Software)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [71512 2017-11-02] (Google Inc.)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
R3 Intel® Online Connect; C:\Program Files\Intel\Intel® Online Connect\ioc.exe [25824 2016-10-04] (Intel Corporation)
S2 Intel® Online Connect Helper; C:\Program Files\Intel\Intel® Online Connect\iocHelperService.exe [22752 2016-10-04] (Intel Corporation)
S3 Intel® Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-09-29] (Intel Corporation)
R2 Intel® TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-05] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel\Intel® Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-05] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-10-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-17] (NVIDIA Corporation)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2100200 2017-11-06] (Plex, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-11-25] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-11-25] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-11-25] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-11-25] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-11-25] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-11-25] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-11-25] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-11-25] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-11-25] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-11-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-11-25] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-11-25] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-11-25] (AVAST Software)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-11-23] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-11-23] (Disc Soft Ltd)
R1 ESEADriver2; C:\Users\Brandon\AppData\Local\Temp\ESEADriver2.sys [326792 2017-07-12] () <==== ATTENTION
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-05-29] (Intel Corporation)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [74920 2016-04-18] (Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [64176 2016-04-18] (Logitech Inc.)
S3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-04-05] (Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R4 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-25] (Malwarebytes)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-17] (NVIDIA Corporation)
U5 NvStUSB; C:\Windows\System32\Drivers\NvStUSB.sys [486968 2016-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-17] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-08-21] (NVIDIA Corporation)
S3 SaiH8000; C:\WINDOWS\System32\drivers\SaiH8000.sys [178560 2008-04-04] (Saitek)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-11-23] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 MBAMProtection; \??\C:\WINDOWS\system32\drivers\mbam.sys [X]
S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-25 16:22 - 2017-11-25 16:22 - 000024289 _____ C:\Users\Brandon\Downloads\FRST.txt
2017-11-25 16:22 - 2017-11-25 16:22 - 000000000 ____D C:\FRST
2017-11-25 16:21 - 2017-11-25 16:21 - 002393088 _____ (Farbar) C:\Users\Brandon\Downloads\FRST64.exe
2017-11-25 16:20 - 2017-11-25 16:20 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-25 16:19 - 2017-11-25 16:19 - 000252232 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-25 16:19 - 2017-11-25 16:19 - 000115024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volbehko.sys
2017-11-25 16:19 - 2017-11-25 16:19 - 000000000 _____ C:\WINDOWS\cd_127
2017-11-25 16:16 - 2017-11-25 16:16 - 005659763 _____ (Swearware) C:\Users\Brandon\Desktop\notComboFix.exe
2017-11-25 15:13 - 2017-11-25 15:14 - 000003792 _____ C:\Users\Brandon\Desktop\Rkill.txt
2017-11-25 15:11 - 2017-11-25 15:11 - 009322390 _____ C:\Users\Brandon\Downloads\RevoUninstaller_Portable.zip
2017-11-25 15:08 - 2017-11-25 15:08 - 000000218 _____ C:\Users\Brandon\AppData\Local\recently-used.xbel
2017-11-25 12:54 - 2017-11-25 12:54 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-11-25 12:54 - 2017-11-25 12:54 - 000001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-11-25 12:54 - 2017-11-25 12:49 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-25 12:50 - 2017-11-25 12:50 - 000000000 ____D C:\Users\Brandon\AppData\Roaming\AVAST Software
2017-11-25 12:49 - 2017-11-25 12:54 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-11-25 12:49 - 2017-11-25 12:49 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-11-25 12:49 - 2017-11-25 12:49 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-11-25 12:49 - 2017-11-25 12:49 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-11-25 12:49 - 2017-11-25 12:49 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-11-25 12:49 - 2017-11-25 12:49 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-11-25 12:49 - 2017-11-25 12:49 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-11-25 12:49 - 2017-11-25 12:49 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-11-25 12:49 - 2017-11-25 12:49 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-11-25 12:49 - 2017-11-25 12:49 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-11-25 12:49 - 2017-11-25 12:49 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-11-25 12:49 - 2017-11-25 12:49 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-11-25 12:49 - 2017-11-25 12:49 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-11-25 12:49 - 2017-11-25 12:49 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-11-25 12:47 - 2017-11-25 12:47 - 252506960 _____ (AVAST Software) C:\Users\Brandon\Downloads\avast_premier_antivirus_setup_offline.exe
2017-11-25 12:44 - 2017-11-25 12:44 - 000000000 ____D C:\Users\Brandon\Desktop\Keys
2017-11-25 12:33 - 2017-11-25 12:33 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-11-25 12:33 - 2017-11-25 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-25 12:33 - 2017-11-25 12:33 - 000000000 ____D C:\Program Files\iPod
2017-11-25 12:32 - 2017-11-25 12:33 - 000000000 ____D C:\Program Files\iTunes
2017-11-25 12:31 - 2017-11-25 12:31 - 000000000 ____D C:\Program Files\Bonjour
2017-11-25 12:31 - 2017-11-25 12:31 - 000000000 ____D C:\Program Files (x86)\Bonjour
2017-11-25 12:24 - 2017-11-25 12:24 - 000000000 ____N C:\Users\Brandon\Documents\rescuedisk.iso
2017-11-25 12:24 - 2017-11-25 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-11-25 12:24 - 2017-11-25 12:24 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2017-11-25 08:57 - 2017-11-25 12:54 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-25 08:56 - 2017-11-25 12:49 - 000000000 ____D C:\Program Files\AVAST Software
2017-11-25 00:26 - 2017-11-25 00:41 - 000000000 ____D C:\Users\Brandon\Downloads\Billions.S01.720p.BluRay.x264-DEMAND[rartv]
2017-11-23 14:02 - 2017-11-23 14:02 - 000000000 ____D C:\Users\Brandon\AppData\Local\Disc_Soft_Ltd
2017-11-23 13:58 - 2017-11-23 14:01 - 000000000 ____D C:\Users\Brandon\AppData\Roaming\DAEMON Tools Lite
2017-11-23 13:58 - 2017-11-23 13:58 - 000047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2017-11-23 13:58 - 2017-11-23 13:58 - 000030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2017-11-23 13:58 - 2017-11-23 13:58 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-11-23 13:58 - 2017-11-23 13:58 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-11-23 13:57 - 2017-11-23 14:01 - 334127104 _____ C:\Users\Brandon\Downloads\kav_rescue_10.iso
2017-11-23 13:57 - 2017-11-23 13:57 - 000791712 _____ (Disc Soft Ltd.) C:\Users\Brandon\Downloads\DTLiteInstaller.exe
2017-11-23 13:55 - 2017-11-23 13:55 - 000000000 ____D C:\ProgramData\TEMP
2017-11-23 13:54 - 2017-11-23 13:54 - 000000000 ____D C:\ProgramData\Simply Super Software
2017-11-23 13:37 - 2017-11-23 13:37 - 000000000 ___HD C:\$WINDOWS.~BT
2017-11-23 13:30 - 2017-11-23 13:33 - 026838600 _____ (Adlice Software) C:\Users\Brandon\Downloads\RogueKiller_portable64 (1).exe
2017-11-23 13:27 - 2017-11-23 13:27 - 011303496 _____ C:\Users\Brandon\Downloads\RogueKillerCMD_portable64.exe
2017-11-23 13:25 - 2017-11-23 13:25 - 000000000 ___HD C:\$Windows.~WS
2017-11-23 13:25 - 2017-11-23 13:25 - 000000000 ____D C:\Windows.old
2017-11-23 13:15 - 2017-11-23 13:16 - 010849904 _____ (Piriform Ltd) C:\Users\Brandon\Downloads\ccsetup537.exe
2017-11-23 12:54 - 2017-11-23 12:54 - 000000000 ____D C:\ESD
2017-11-23 12:51 - 2017-11-23 12:51 - 018617536 _____ (Microsoft Corporation) C:\Users\Brandon\Downloads\MediaCreationTool.exe
2017-11-22 21:47 - 2017-11-22 21:53 - 000000000 ____D C:\Users\Brandon\Downloads\Birth.Of.The.Dragon.2016.1080p.BluRay.H264.AAC-RARBG
2017-11-22 20:32 - 2017-11-22 21:26 - 000000000 ____D C:\Users\Brandon\Downloads\American.Assassin.2017.1080p.BluRay.H264.AAC-RARBG
2017-11-21 22:45 - 2017-11-21 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2017-11-21 22:44 - 2017-11-21 22:44 - 000000000 ____D C:\Program Files (x86)\Plex
2017-11-21 19:55 - 2017-11-21 20:08 - 123944402 _____ C:\Users\Brandon\Downloads\Unconfirmed 388341.crdownload
2017-11-18 06:59 - 2017-11-18 07:10 - 000000000 ____D C:\Users\Brandon\Downloads\Beverly.Hills.Cop.III.1994.1080p.BluRay.H264.AAC-RARBG
2017-11-17 14:47 - 2017-11-17 14:47 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-17 14:47 - 2017-10-27 09:06 - 000136312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-11-17 14:47 - 2017-09-13 16:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-11-17 14:47 - 2017-09-13 16:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-11-17 14:47 - 2017-09-13 16:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-11-17 14:47 - 2017-09-13 16:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-11-16 20:10 - 2017-11-17 12:34 - 000000000 ____D C:\Users\Brandon\Downloads\Beverly.Hills.Cop.II.1987.1080p.BluRay.H264.AAC-RARBG
2017-11-16 20:10 - 2017-11-17 07:22 - 000000000 ____D C:\Users\Brandon\Downloads\Beveryly Hills Cop (1984) [1080p]
2017-11-14 19:24 - 2017-11-14 19:24 - 000000440 _____ C:\Users\Brandon\Downloads\url.html
2017-11-14 14:40 - 2017-11-01 22:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-14 14:40 - 2017-11-01 22:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-14 14:40 - 2017-11-01 22:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-14 14:40 - 2017-11-01 22:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-14 14:40 - 2017-11-01 21:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-14 14:40 - 2017-11-01 21:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-14 14:40 - 2017-11-01 21:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-14 14:40 - 2017-11-01 21:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-14 14:40 - 2017-11-01 21:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-14 14:40 - 2017-11-01 21:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-14 14:40 - 2017-11-01 21:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-14 14:40 - 2017-11-01 21:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-14 14:40 - 2017-11-01 21:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-14 14:40 - 2017-11-01 21:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-14 14:40 - 2017-11-01 21:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-14 14:40 - 2017-11-01 21:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-14 14:40 - 2017-11-01 21:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-14 14:40 - 2017-11-01 21:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-14 14:40 - 2017-11-01 21:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-14 14:40 - 2017-11-01 21:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-14 14:40 - 2017-11-01 21:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-14 14:40 - 2017-11-01 21:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-14 14:40 - 2017-11-01 21:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-14 14:40 - 2017-11-01 21:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-14 14:40 - 2017-11-01 21:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-14 14:40 - 2017-11-01 21:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-14 14:40 - 2017-11-01 21:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-14 14:40 - 2017-11-01 21:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-14 14:40 - 2017-11-01 21:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-14 14:40 - 2017-11-01 21:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-14 14:40 - 2017-11-01 21:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-14 14:40 - 2017-11-01 21:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-14 14:40 - 2017-11-01 21:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-14 14:40 - 2017-11-01 21:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-14 14:40 - 2017-11-01 21:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-14 14:40 - 2017-11-01 21:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-14 14:40 - 2017-11-01 21:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-14 14:40 - 2017-11-01 21:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-14 14:40 - 2017-11-01 21:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-14 14:40 - 2017-11-01 21:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-14 14:40 - 2017-11-01 21:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-14 14:40 - 2017-11-01 21:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-14 14:40 - 2017-11-01 21:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-14 14:40 - 2017-11-01 21:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-14 14:40 - 2017-11-01 21:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-14 14:40 - 2017-11-01 21:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-14 14:40 - 2017-11-01 21:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-14 14:40 - 2017-11-01 21:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-14 14:40 - 2017-11-01 21:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-14 14:40 - 2017-11-01 21:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-14 14:40 - 2017-11-01 21:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-14 14:40 - 2017-11-01 21:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-14 14:40 - 2017-11-01 21:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-14 14:40 - 2017-10-25 00:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-14 14:40 - 2017-10-15 08:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-14 14:40 - 2017-10-15 08:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-14 14:40 - 2017-10-15 08:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-14 14:40 - 2017-10-15 07:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-14 14:40 - 2017-10-15 07:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-14 14:40 - 2017-10-15 07:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-14 14:40 - 2017-10-15 07:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-14 14:40 - 2017-10-15 07:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-14 14:40 - 2017-10-15 07:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-14 14:40 - 2017-10-15 07:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-14 14:40 - 2017-10-15 07:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-14 14:40 - 2017-10-15 07:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-14 14:40 - 2017-10-15 07:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-14 14:39 - 2017-11-01 22:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-14 14:39 - 2017-11-01 22:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-14 14:39 - 2017-11-01 22:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-14 14:39 - 2017-11-01 22:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-14 14:39 - 2017-11-01 22:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-14 14:39 - 2017-11-01 22:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-14 14:39 - 2017-11-01 22:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-14 14:39 - 2017-11-01 22:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-14 14:39 - 2017-11-01 22:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-14 14:39 - 2017-11-01 22:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-14 14:39 - 2017-11-01 22:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-14 14:39 - 2017-11-01 22:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-14 14:39 - 2017-11-01 22:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-14 14:39 - 2017-11-01 21:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-14 14:39 - 2017-11-01 21:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-14 14:39 - 2017-11-01 21:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-14 14:39 - 2017-11-01 21:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-14 14:39 - 2017-11-01 21:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-14 14:39 - 2017-11-01 21:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-14 14:39 - 2017-11-01 21:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-14 14:39 - 2017-11-01 21:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-14 14:39 - 2017-11-01 21:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-14 14:39 - 2017-11-01 21:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-14 14:39 - 2017-11-01 21:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-14 14:39 - 2017-11-01 21:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-14 14:39 - 2017-11-01 21:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-14 14:39 - 2017-11-01 21:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-14 14:39 - 2017-11-01 21:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-14 14:39 - 2017-11-01 21:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-14 14:39 - 2017-11-01 21:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-14 14:39 - 2017-11-01 21:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-14 14:39 - 2017-11-01 21:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-14 14:39 - 2017-11-01 21:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-14 14:39 - 2017-11-01 21:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-14 14:39 - 2017-11-01 21:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-14 14:39 - 2017-11-01 21:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-14 14:39 - 2017-11-01 21:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-14 14:39 - 2017-11-01 21:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-14 14:39 - 2017-11-01 21:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-14 14:39 - 2017-11-01 21:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-14 14:39 - 2017-11-01 21:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-14 14:39 - 2017-11-01 21:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-14 14:39 - 2017-10-15 07:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-14 14:39 - 2017-10-15 07:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-14 14:39 - 2017-10-15 07:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-14 14:39 - 2017-10-15 07:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-14 14:39 - 2017-10-15 07:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-14 14:39 - 2017-10-15 07:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-14 14:39 - 2017-10-15 07:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-14 14:39 - 2017-10-15 07:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-14 14:39 - 2017-10-15 07:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-14 14:39 - 2017-10-15 07:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-14 14:39 - 2017-10-15 07:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-14 14:39 - 2017-10-15 07:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-14 14:38 - 2017-11-01 22:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-14 14:38 - 2017-11-01 22:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-14 14:38 - 2017-11-01 22:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-14 14:38 - 2017-11-01 22:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-14 14:38 - 2017-11-01 22:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-14 14:38 - 2017-11-01 22:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-14 14:38 - 2017-11-01 22:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-14 14:38 - 2017-11-01 22:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-14 14:38 - 2017-11-01 22:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-14 14:38 - 2017-11-01 22:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-14 14:38 - 2017-11-01 22:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-14 14:38 - 2017-11-01 22:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-14 14:38 - 2017-11-01 22:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-14 14:38 - 2017-11-01 22:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-14 14:38 - 2017-11-01 22:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-14 14:38 - 2017-11-01 22:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-14 14:38 - 2017-11-01 22:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-14 14:38 - 2017-11-01 22:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-14 14:38 - 2017-11-01 22:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-14 14:38 - 2017-11-01 22:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-14 14:38 - 2017-11-01 22:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-14 14:38 - 2017-11-01 22:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-14 14:38 - 2017-11-01 22:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-14 14:38 - 2017-11-01 22:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-14 14:38 - 2017-11-01 22:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-14 14:38 - 2017-11-01 22:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-14 14:38 - 2017-11-01 22:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-14 14:38 - 2017-11-01 22:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-14 14:38 - 2017-11-01 22:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-14 14:38 - 2017-11-01 21:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-14 14:38 - 2017-11-01 21:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-14 14:38 - 2017-11-01 21:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-14 14:38 - 2017-11-01 21:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-14 14:38 - 2017-11-01 21:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-14 14:38 - 2017-11-01 21:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-14 14:38 - 2017-11-01 21:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-14 14:38 - 2017-11-01 21:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-14 14:38 - 2017-11-01 21:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-14 14:38 - 2017-11-01 21:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-14 14:38 - 2017-11-01 21:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-14 14:38 - 2017-11-01 21:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-14 14:38 - 2017-11-01 21:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-14 14:38 - 2017-11-01 21:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-14 14:38 - 2017-11-01 21:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-14 14:38 - 2017-11-01 21:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-14 14:38 - 2017-11-01 21:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-14 14:38 - 2017-11-01 21:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-14 14:38 - 2017-11-01 21:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-14 14:38 - 2017-11-01 21:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-14 14:38 - 2017-11-01 21:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-14 14:38 - 2017-11-01 21:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-14 14:38 - 2017-11-01 21:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-14 14:38 - 2017-11-01 21:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-14 14:38 - 2017-11-01 21:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-14 14:38 - 2017-11-01 21:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-14 14:38 - 2017-11-01 21:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-14 14:38 - 2017-11-01 21:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-14 14:38 - 2017-11-01 21:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-14 14:38 - 2017-11-01 21:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-14 14:38 - 2017-11-01 21:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-14 14:38 - 2017-11-01 21:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-14 14:38 - 2017-11-01 21:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-14 14:38 - 2017-11-01 21:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-14 14:38 - 2017-11-01 21:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-14 14:38 - 2017-11-01 21:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-14 14:38 - 2017-11-01 21:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-14 14:38 - 2017-11-01 21:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-14 14:38 - 2017-11-01 21:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-14 14:38 - 2017-11-01 21:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-14 14:38 - 2017-11-01 21:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-14 14:38 - 2017-11-01 21:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-14 14:38 - 2017-11-01 21:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-14 14:38 - 2017-11-01 21:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-14 14:38 - 2017-11-01 21:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-14 14:38 - 2017-11-01 21:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-14 14:38 - 2017-10-15 07:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-14 14:38 - 2017-10-15 07:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-14 14:38 - 2017-10-15 07:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-14 14:38 - 2017-10-15 07:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-14 14:38 - 2017-10-15 07:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-14 14:38 - 2017-10-15 07:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-14 14:38 - 2017-10-15 07:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-14 14:38 - 2017-10-15 07:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-14 14:38 - 2017-10-15 07:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-14 14:38 - 2017-10-15 07:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-14 14:38 - 2017-10-15 07:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-09 04:40 - 2017-11-09 04:40 - 036248176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-11-09 04:40 - 2017-11-09 04:40 - 029279672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-11-09 04:40 - 2017-11-09 04:40 - 000624240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000989808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000940984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000514672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000054192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001997752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438813.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001682544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438813.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001108408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001039800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 000748144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 000607160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 040246384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 035165624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 004210288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 003623024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 023474480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 019212720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 013379352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 010986768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 000633256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-11-09 04:26 - 2017-11-09 04:26 - 001154296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-11-09 04:26 - 2017-11-09 04:26 - 000902312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-11-09 04:26 - 2017-11-09 04:26 - 000810304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 013994136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 011891200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001351792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001342008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001062920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001056720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 000648728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-11-09 03:57 - 2017-11-09 03:57 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-11-09 03:57 - 2017-11-09 03:57 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-11-07 19:30 - 2017-11-07 19:30 - 000003826 _____ C:\Users\Brandon\Downloads\stats.html
2017-11-03 07:22 - 2017-11-03 07:23 - 026813512 _____ (Adlice Software) C:\Users\Brandon\Downloads\RogueKiller_portable64.exe
2017-11-02 16:55 - 2017-11-02 16:55 - 000089869 _____ C:\Users\Brandon\Downloads\Addition.txt
2017-11-02 16:52 - 2017-11-02 16:52 - 009932672 _____ C:\Users\Brandon\Downloads\bitdefender_online.exe
2017-11-02 16:39 - 2017-11-02 16:39 - 005766464 _____ (Zemana Ltd. ) C:\Users\Brandon\Downloads\eXplorer.exe
2017-11-02 16:36 - 2017-11-02 16:36 - 000001600 _____ C:\EsgInstallerResumeAction_5618b9ca69eec88e719112da87672fda
2017-11-02 16:31 - 2017-11-02 16:31 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\Brandon\Downloads\rkill-unsigned.exe
2017-11-02 15:50 - 2017-11-02 15:52 - 164496560 _____ (Kaspersky Lab) C:\Users\Brandon\Downloads\kts18.0.0.405aben_es_fr_12636.exe
2017-11-02 15:50 - 2017-11-02 15:50 - 000000000 _____ C:\autoexec.bat
2017-11-02 15:45 - 2017-11-23 13:16 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-11-02 12:04 - 2017-11-02 12:04 - 000000000 ____D C:\Users\Brandon\AppData\Roaming\Obsidium
2017-11-02 11:53 - 2017-11-02 11:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-02 11:53 - 2017-11-02 11:55 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-11-02 11:12 - 2017-11-02 11:12 - 000000000 ____D C:\Users\Brandon\Downloads\Malwarebytes Premium 3.0  FINAL + Crack [TechTools.ME]
2017-11-02 10:08 - 2017-11-02 10:19 - 000000000 ____D C:\Users\Brandon\Downloads\Sam Smith - In The Lonely Hour (Drowning Shadows Edition) [2015] [MP3-320KBPS] [H4CKUS] [GloDLS]
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-25 16:19 - 2017-10-21 15:14 - 000081696 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\msidntfs.sys
2017-11-25 16:19 - 2017-09-05 18:19 - 000000000 ____D C:\AdwCleaner
2017-11-25 16:19 - 2017-05-22 14:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-25 16:19 - 2017-05-22 14:45 - 000000000 ____D C:\Users\Brandon
2017-11-25 16:19 - 2017-05-22 14:44 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-25 16:19 - 2017-03-18 04:40 - 028573696 _____ C:\WINDOWS\system32\config\HARDWARE
2017-11-25 16:19 - 2017-03-18 04:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-11-25 15:12 - 2017-10-21 13:39 - 000000000 ____D C:\Users\Brandon\AppData\Local\imedftj
2017-11-25 15:12 - 2017-03-28 19:17 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-25 14:41 - 2017-05-22 14:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-25 13:01 - 2017-05-22 14:53 - 002401610 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-25 13:00 - 2017-03-28 20:29 - 000000000 ____D C:\Users\Brandon\AppData\Roaming\deluge
2017-11-25 12:57 - 2017-03-28 19:05 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-25 12:57 - 2017-03-28 19:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-25 12:49 - 2017-09-23 07:18 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-25 12:48 - 2017-03-28 19:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-25 12:42 - 2016-12-27 09:41 - 000000000 ____D C:\Users\Brandon\AppData\LocalLow\Mozilla
2017-11-25 12:33 - 2017-03-28 20:43 - 000000539 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-11-25 12:25 - 2017-03-28 19:38 - 000000000 ____D C:\Users\Brandon\AppData\Local\Battle.net
2017-11-25 09:50 - 2017-09-09 16:00 - 000000000 ____D C:\ProgramData\Skype
2017-11-24 18:04 - 2017-03-28 19:46 - 000000000 ____D C:\Users\Brandon\AppData\Local\NVIDIA
2017-11-24 17:56 - 2017-04-02 14:42 - 000000000 ____D C:\Users\Brandon\AppData\Roaming\vlc
2017-11-24 16:08 - 2017-05-21 08:12 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-23 13:58 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-23 13:34 - 2017-10-21 13:50 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-11-23 13:17 - 2017-03-28 19:38 - 000000000 ____D C:\Users\Brandon\AppData\Local\CrashDumps
2017-11-23 13:16 - 2017-09-07 09:27 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-23 07:36 - 2016-05-28 12:11 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2017-11-23 03:16 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-23 03:16 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-21 22:45 - 2017-03-28 19:11 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-21 21:23 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-21 20:57 - 2017-05-22 14:41 - 000217000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-21 20:57 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-21 20:57 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-21 20:57 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-21 20:57 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-21 20:57 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-21 20:57 - 2016-02-13 06:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-18 19:32 - 2017-03-29 17:46 - 000000000 ____D C:\Users\Brandon\AppData\Roaming\Mumble
2017-11-17 14:47 - 2017-09-22 22:48 - 000000000 ____D C:\temp
2017-11-17 14:47 - 2017-05-22 14:44 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-17 14:47 - 2017-03-28 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-11-17 14:46 - 2017-05-22 14:43 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-17 14:46 - 2017-05-22 14:43 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-11-16 10:26 - 2016-05-28 12:11 - 000000000 ____D C:\Program Files (x86)\Diablo III
2017-11-15 14:22 - 2017-05-22 14:50 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 14:22 - 2017-05-22 14:50 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 23:30 - 2017-10-21 13:24 - 000003680 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4210733415-1393997643-687266019-1001UA
2017-11-14 23:30 - 2017-10-21 13:24 - 000003412 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4210733415-1393997643-687266019-1001Core
2017-11-14 14:43 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-14 03:26 - 2017-05-22 14:50 - 000004594 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-14 03:26 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-14 03:26 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-13 17:22 - 2017-03-28 19:04 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-13 17:22 - 2017-03-28 19:04 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-09 04:38 - 2017-05-05 17:07 - 001624168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-11-09 04:38 - 2017-05-05 17:07 - 000233904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-11-09 04:25 - 2017-05-05 17:07 - 004533184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-11-09 04:25 - 2017-05-05 17:07 - 003859848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-11-09 03:57 - 2017-05-05 17:07 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-11-07 03:22 - 2017-03-28 19:04 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-07 00:26 - 2017-07-26 23:10 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4210733415-1393997643-687266019-1001
2017-11-07 00:26 - 2017-03-28 18:59 - 000002409 _____ C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 00:26 - 2016-05-28 10:41 - 000000000 ___RD C:\Users\Brandon\OneDrive
2017-11-04 18:40 - 2017-03-18 14:06 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 18:40 - 2017-03-18 14:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-03 07:23 - 2017-10-21 13:50 - 000000000 ____D C:\ProgramData\RogueKiller
2017-11-02 16:42 - 2017-04-30 18:28 - 000002206 _____ C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-11-02 15:45 - 2017-09-07 09:27 - 000000000 ____D C:\Program Files\CCleaner
2017-11-02 13:16 - 2017-03-28 19:04 - 000000000 ____D C:\Users\Brandon\AppData\Local\Google
2017-11-02 11:55 - 2017-09-05 17:14 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-02 11:55 - 2017-09-05 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-01 10:08 - 2017-09-05 17:18 - 000000000 ____D C:\Users\Brandon\AppData\Local\vgacdne
2017-10-27 09:36 - 2017-05-22 14:44 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-10-27 09:12 - 2017-05-22 14:44 - 005960824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-10-27 09:12 - 2017-05-22 14:44 - 002587768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-10-27 09:12 - 2017-05-22 14:44 - 001766520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-10-27 09:12 - 2017-05-22 14:44 - 000607168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-10-27 09:12 - 2017-05-22 14:44 - 000449656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-10-27 09:12 - 2017-05-22 14:44 - 000123000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-10-27 09:12 - 2017-05-22 14:44 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
 
==================== Files in the root of some directories =======
 
2017-11-25 15:08 - 2017-11-25 15:08 - 000000218 _____ () C:\Users\Brandon\AppData\Local\recently-used.xbel
2017-09-05 17:02 - 2017-09-05 17:02 - 001812402 _____ () C:\Users\Brandon\AppData\Local\Temphop.exe
 
Some files in TEMP:
====================
2017-11-23 13:26 - 2017-09-04 22:26 - 001930840 _____ (Microsoft Corporation) C:\Users\Brandon\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-25 13:26
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2017 01
Ran by Brandon (25-11-2017 16:23:08)
Running from C:\Users\Brandon\Downloads
Windows 10 Pro Version 1703 15063.726 (X64) (2017-05-22 21:55:10)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4210733415-1393997643-687266019-500 - Administrator - Disabled)
Brandon (S-1-5-21-4210733415-1393997643-687266019-1001 - Administrator - Enabled) => C:\Users\Brandon
DefaultAccount (S-1-5-21-4210733415-1393997643-687266019-503 - Limited - Disabled)
Guest (S-1-5-21-4210733415-1393997643-687266019-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4210733415-1393997643-687266019-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 6.0.0.0 - iMobie Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{D61C8E6E-A4F3-4CD8-8568-51CEB5660C89}) (Version: 63.0.3239.32 - Google Inc.)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Discord (HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\Discord) (Version: 0.0.298 - Discord Inc.)
Discord (HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\Discord) (Version: 0.0.298 - Discord Inc.)
ESEA Client (HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
ESEA Client (HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
ESEA Client (HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
f.lux (HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\Flux) (Version:  - f.lux Software LLC)
f.lux (HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\Flux) (Version:  - f.lux Software LLC)
f.lux (HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\Flux) (Version:  - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1036 - Intel Corporation)
Intel® Online Connect Software Asset Manager (HKLM-x32\...\{AE956AB9-CD98-4F1E-8B9E-C3C66E290D64}) (Version: 3.4.2072 - Intel Corporation) Hidden
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Malwarebytes version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 57.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 57.0 (x86 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
Mumble 1.2.19 (HKLM-x32\...\{F62A874F-2354-49B1-87BE-CAAD7C8FA084}) (Version: 1.2.19 - Thorvald Natvig)
Music Manager (HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\MusicManager) (Version:  - Google, Inc.)
Music Manager (HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\MusicManager) (Version:  - Google, Inc.)
Music Manager (HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\MusicManager) (Version:  - Google, Inc.)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Plex Media Server (HKLM-x32\...\{34B11343-9146-43DE-B621-B971E854087D}) (Version: 1.9.6429 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{f3d9eae6-b717-4e4e-884e-227227518530}) (Version: 1.9.6.4429 - Plex, Inc.)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8059 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.20.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.20.0 - Adlice Software)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{992AD614-FFE5-4258-BB56-9E7513E21221}) (Version: 1.9.6429 - Plex, Inc.) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4210733415-1393997643-687266019-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4210733415-1393997643-687266019-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4210733415-1393997643-687266019-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-25] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-25] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-25] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-25] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-25] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {081E0819-EEFA-40F5-A01F-125E59C663BF} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-09-29] (Intel Corporation)
Task: {0C7F68C4-1382-4BB8-A43D-A2A0230FA72C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {11663D0C-9B6C-4C26-87BB-19352ED4C16E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4210733415-1393997643-687266019-1001Core => C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2017-10-21] (Google Inc.)
Task: {11EB2CC5-FD73-457A-A07F-FC295AE3C088} - System32\Tasks\ZVHEZAIHEC => C:\Users\Brandon\AppData\Local\Temp\979f786e4d94469394f7c2f975e8a514\SilentCMD.exe <==== ATTENTION
Task: {146C1244-530C-4352-B7D8-07E5020F9C3A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-17] (NVIDIA Corporation)
Task: {1EAFF5DA-BA8B-42C9-9D95-C6F8B77B8C6E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {1EBD4174-5D78-4668-91C4-C1A5BD2247B8} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2017-03-28] ()
Task: {201E9BCE-E3D0-46FC-AE43-B4B65B25086B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation)
Task: {2ADBC77B-3AB0-463B-B8D4-B3BF22A99BA4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-02] (Google Inc.)
Task: {31ED3647-C238-4B42-8319-4F9CF72FC6AF} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-09-29] (Intel Corporation)
Task: {410BA9C0-513A-4D4F-9BFB-6D4A5931E0DB} - System32\Tasks\MOTILEFXGW => C:\Users\Brandon\AppData\Local\350e3983010049e8ba603249db66cfe3\SilentCMD.exe [2017-09-05] (Stephan Brenner)
Task: {4D63AACA-A171-4F60-B7D6-74BC9E76317F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-17] (NVIDIA Corporation)
Task: {53F2EEB3-2879-4E86-BA3E-EB623672AEAF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation)
Task: {564C206A-7929-4FE2-97F1-B27825885D30} - System32\Tasks\QHPPDZHAQH => C:\Users\Brandon\AppData\Roaming\297145ddfb7742a3a31f228f0e70d538\SilentCMD.exe
Task: {58F90252-7317-42CD-8DE8-A3A96D1869EE} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {6DCD77B4-E0CD-4B2A-873E-85AAB6EA5694} - System32\Tasks\BBQRNAMTHH => C:\Users\Brandon\AppData\Local\20aac6d2b36a458fa019085f9f440fbc\SilentCMD.exe [2017-09-05] (Stephan Brenner)
Task: {A84CAFF7-49F2-48A3-BE6A-FFDDD7CE488E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {AE154E01-61C1-4E5D-81CE-5B47D494157B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4210733415-1393997643-687266019-1001UA => C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2017-10-21] (Google Inc.)
Task: {B9DE4413-24B2-4581-85C1-E5054E73760F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {C19593D8-A56A-4C72-902C-993F21DBD0F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-02] (Google Inc.)
Task: {C8C069C4-E8A3-4EC5-ADF0-1C7EAFDC018C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-25] (AVAST Software)
Task: {D5A07198-5047-4646-9005-EFA2BE9727BC} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation)
Task: {E26A8F94-8D05-47D2-9960-66A7E68D188C} - System32\Tasks\SafeZone scheduled Autoupdate 1506176379 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {E3D68B94-A5D0-400A-AA4F-9FD1640152BD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-17] (NVIDIA Corporation)
Task: {F3280661-3A6D-4DE6-B4FC-48A00E0CD53C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation)
Task: {F7DC9EFC-1E06-49D9-82A7-497FFDF366CD} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-17] (NVIDIA Corporation)
Task: {FC509BA3-57E4-4F00-BA86-098AB4883254} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-02-15 21:01 - 2016-02-15 21:01 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-28 19:46 - 2017-08-17 21:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-05 12:15 - 2016-10-05 12:15 - 000107752 _____ () C:\Program Files\Intel\Intel® Online Connect Access\libglog.dll
2016-10-05 12:15 - 2016-10-05 12:15 - 000412904 _____ () C:\Program Files\Intel\Intel® Online Connect Access\JsonCpp.dll
2017-09-05 17:14 - 2017-10-21 13:44 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-28 19:14 - 2017-03-28 19:14 - 008451115 _____ () C:\Program Files\pia_manager\pia_manager.exe
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-12 02:45 - 2017-11-12 02:45 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-12 02:45 - 2017-11-12 02:45 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-12 02:45 - 2017-11-12 02:45 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-06 14:47 - 2017-11-06 14:48 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-12 02:45 - 2017-11-12 02:45 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-11-13 17:22 - 2017-11-10 02:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-13 17:22 - 2017-11-10 02:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-03-28 19:14 - 2017-03-28 19:14 - 000694272 _____ () C:\Program Files\pia_manager\openvpn.exe
2017-03-28 19:14 - 2017-03-28 19:14 - 000190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2017-03-28 19:14 - 2017-03-28 19:14 - 000108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2017-03-28 19:14 - 2017-03-28 19:14 - 000144896 _____ () C:\Program Files\pia_manager\pia-openvpn.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000253664 _____ () C:\Program Files\Intel\Intel® Online Connect\CSLibWrapper.dll
2016-02-15 21:01 - 2016-02-15 21:01 - 001730400 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\us008du.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 001083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 001741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 001962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 001549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2017-11-25 12:49 - 2017-11-25 12:49 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-25 12:49 - 2017-11-25 12:49 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-25 12:49 - 2017-11-25 12:49 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-25 12:49 - 2017-11-25 12:49 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-25 12:49 - 2017-11-25 12:49 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-25 12:49 - 2017-11-25 12:49 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-03-28 19:46 - 2017-08-17 21:36 - 069807552 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-03-28 19:46 - 2017-08-17 21:36 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000064488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\TeVii.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000012800 _____ () C:\Users\Brandon\AppData\Local\Temp\ocr51D9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000009728 _____ () C:\Users\Brandon\AppData\Local\Temp\ocr51D9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000014848 _____ () C:\Users\Brandon\AppData\Local\Temp\ocr51D9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-11-25 16:19 - 2017-11-25 16:20 - 000094208 _____ () C:\Users\Brandon\AppData\Local\Temp\ocr51D9.tmp\src\rgloader\rgloader193.mswin.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000009216 _____ () C:\Users\Brandon\AppData\Local\Temp\ocr51D9.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000094208 _____ () C:\Users\Brandon\AppData\Local\Temp\ocr51D9.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000126976 _____ () C:\Users\Brandon\AppData\Local\Temp\ocr51D9.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000087552 _____ () C:\Users\Brandon\AppData\Local\Temp\ocr51D9.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000016384 _____ () C:\Users\Brandon\AppData\Local\Temp\ocr51D9.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000127316 _____ () C:\Users\Brandon\AppData\Local\Temp\ocr51D9.tmp\bin\libffi-6.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000008704 _____ () C:\Users\Brandon\AppData\Local\Temp\ocr51D9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000013312 _____ () C:\Users\Brandon\AppData\Local\Temp\ocr51D9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000095744 _____ () C:\Users\Brandon\AppData\Local\Temp\ocr51D9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000026624 _____ () C:\Users\Brandon\AppData\Local\Temp\ocr51D9.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000012800 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000009728 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000014848 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000094208 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\src\rgloader\rgloader193.mswin.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000094208 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000118784 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000069120 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000083968 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\bin\zlib1.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000026624 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000275968 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000015360 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000008192 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000009216 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000023552 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000008704 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000008704 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000008704 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000008704 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000036352 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000126976 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000087552 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000016384 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000127316 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\bin\libffi-6.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000013312 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000095744 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-11-25 16:20 - 2017-11-25 16:20 - 000026624 _____ () C:\Users\Brandon\AppData\Local\Temp\ocrB769.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2017-03-28 19:14 - 2017-03-28 19:14 - 000939520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2017-03-28 19:14 - 2017-03-28 19:14 - 003115520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll
2016-10-20 01:28 - 2016-10-20 01:28 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-28 19:07 - 2017-11-02 15:49 - 000001940 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com
127.0.0.1 lapapahoster.com
127.0.0.1 bratitlamio.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.wizzuniquify.com
127.0.0.1 wizzmonetize.com
127.0.0.1 laserveradedomaina.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4210733415-1393997643-687266019-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brandon\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{809e050b-c45f-405f-b4da-eba8a9171fff}.png
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\Control Panel\Desktop\\Wallpaper -> C:\Users\Brandon\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{809e050b-c45f-405f-b4da-eba8a9171fff}.png
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\Control Panel\Desktop\\Wallpaper -> C:\Users\Brandon\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{809e050b-c45f-405f-b4da-eba8a9171fff}.png
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4210733415-1393997643-687266019-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162112475\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4210733415-1393997643-687266019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11252017162116384\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{A59D5A05-14BC-475A-BF14-91A83F5A16E9}D:\client\bin\pc\quakechampions.exe] => (Allow) D:\client\bin\pc\quakechampions.exe
FirewallRules: [TCP Query User{E9F9F992-D55E-40BF-B45E-AFC762149B70}D:\client\bin\pc\quakechampions.exe] => (Allow) D:\client\bin\pc\quakechampions.exe
FirewallRules: [{6CF0E888-663B-4E85-94A4-F27CFB571759}] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{146D0E24-40D1-4ECC-8C86-7636F522910E}] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{A91F7FAE-835F-438E-9E77-A51C9FDC8707}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{E72463D1-8380-4289-982E-DECB348ECAF2}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{965AC8C2-EBA5-4BF8-A425-44483864A758}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{154B007A-F522-403E-A4FF-92C98E327E57}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{46F8FDD9-8AE5-4DC2-90D8-08DCDAF08B98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3C884CAB-242C-4511-BD95-D19586179BCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DD1A4573-0EEA-401F-9E40-0B841B3C5BE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D49D4765-753C-4983-A3A0-0A3B2B537534}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D57F390F-F660-4D07-850B-C7D5772A714A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7CA953AB-FAA1-4837-91E7-5459EAFE9424}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3D48B9AF-C451-4D8C-8EE7-815166BDA393}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{CF274E9E-F1B3-45B9-92FA-BDEDF71E2626}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BD3EE7AB-E577-4351-9B4D-033C9F381142}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F2CB1BDC-058D-4A4F-955B-6C356DBA48FD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75B430FA-25B9-470D-BDA7-6827674A3886}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{845E12F8-CF84-4045-BDA1-496BB3834CD6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2500368A-90DC-4019-AD67-D00F8565AFAC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{51B3DEFF-5F4F-4253-B106-35FD1D6F5FEB}C:\users\brandon\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\brandon\downloads\downloader_diablo2_enus.exe
FirewallRules: [UDP Query User{3E600173-E153-43A2-96D3-4F422C8A6497}C:\users\brandon\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\brandon\downloads\downloader_diablo2_enus.exe
FirewallRules: [{85A7C1EB-4ACA-455B-ABAE-AF2BE1217E25}] => (Block) C:\users\brandon\downloads\downloader_diablo2_enus.exe
FirewallRules: [{6315723B-D04F-43F7-8BA2-264652D02EE5}] => (Block) C:\users\brandon\downloads\downloader_diablo2_enus.exe
FirewallRules: [TCP Query User{17E746B7-A5EE-4D6C-B0DF-0A55134996B9}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{47F48C90-B93D-4A09-A952-202B164CA255}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{7280E32D-42C2-4D60-8815-F45587874051}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{9277DAAA-8A93-4425-A61D-41F898DE7889}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{9D6B8F08-2D27-4D59-902E-C68439EC3C49}C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe
FirewallRules: [UDP Query User{F758B90A-A305-4631-8BB3-907C2CF1F7F0}C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe
FirewallRules: [{A17A4B77-9BEA-4127-91D1-11E2F42CF688}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{9F06B916-D0A9-449B-AD03-EAB231C95D66}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{078263FD-9F11-47B5-8005-7276B68E3461}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{604AA633-E85F-4A0D-9C72-4953A3CF6970}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A4029CEF-3376-41DE-A930-DE0BC5FD2194}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A0522612-B0CB-4435-88C6-EB2A2EBE9BA3}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{4741F49D-3B47-45D9-85B7-32E425E235E0}] => (Allow) C:\Program Files (x86)\Insecure\dielectric.exe
FirewallRules: [{BFCF33F4-E274-4F7C-A39F-450BF1804D65}] => (Allow) C:\Program Files (x86)\Alignment\dielectric.exe
FirewallRules: [{54FF227B-2B9D-43F8-B7F6-B92BC6B5921F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A0A60986-F18C-4049-B709-C0599AB12005}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{5CB110F5-F486-4B25-972C-BA1BE4FB8405}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
FirewallRules: [{43145239-5B4F-4367-917C-07445D415681}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F09B431D-3BCA-445F-A273-3DF53D1713C9}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{76DF61F0-BD6F-4369-8D1C-1C3CE603612C}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{F55BD1CE-9A3B-471B-9A4E-4DD471AEB799}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{C600C4D4-A532-4F0F-847D-34D9DB6709E7}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{F31229EE-86D3-419A-AAFE-03E098978598}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D54FF3B4-14E3-4BFA-A7D9-7D4977C864E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{764923F4-B59C-41DF-895D-8A96D35358FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6E188A31-FE2F-47F7-AC92-DB6B1C722BDA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{63988E29-2496-4D7B-B8EE-C430C1F4008B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
24-11-2017 16:08:23 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/25/2017 04:19:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRANDON-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/25/2017 12:54:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRANDON-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/25/2017 12:52:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRANDON-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/25/2017 12:48:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRANDON-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/25/2017 12:23:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LegacyCsLoaderService.exe, version: 1.9.5.68, time stamp: 0x57f5510a
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x1a9bbe0b
Exception code: 0x40000015
Fault offset: 0x0000000000069d98
Faulting process id: 0x2c78
Faulting application start time: 0x01d36612201a4942
Faulting application path: C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: f9442a77-1edd-46ad-a0a9-cdde8bb9a80a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/25/2017 10:23:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LegacyCsLoaderService.exe, version: 1.9.5.68, time stamp: 0x57f5510a
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x1a9bbe0b
Exception code: 0x40000015
Fault offset: 0x0000000000069d98
Faulting process id: 0x3138
Faulting application start time: 0x01d366014f1e6a34
Faulting application path: C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 51452784-40a1-45d0-a0ad-844df9213e3d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/25/2017 09:03:23 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (11/25/2017 09:03:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (11/25/2017 09:00:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AvastUI.exe version 17.1.3394.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1ca0
 
Start Time: 01d3660634e0bd3e
 
Termination Time: 60000
 
Application Path: C:\Program Files\AVAST Software\Avast\AvastUI.exe
 
Report Id: 3cd10c82-0bd3-430a-a876-0abfb37918ca
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (11/25/2017 08:23:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LegacyCsLoaderService.exe, version: 1.9.5.68, time stamp: 0x57f5510a
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x1a9bbe0b
Exception code: 0x40000015
Fault offset: 0x0000000000069d98
Faulting process id: 0x33d8
Faulting application start time: 0x01d365f07d9c0942
Faulting application path: C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 808caef1-29e1-4859-b115-da50e8500a97
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (11/25/2017 04:20:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Intel® Online Connect Helper service.
 
Error: (11/25/2017 04:19:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SysMain service terminated with the following error: 
The request is not supported.
 
Error: (11/25/2017 04:19:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (11/25/2017 04:19:05 PM) (Source: DCOM) (EventID: 10010) (User: BRANDON-PC)
Description: The server Microsoft.Windows.ShellExperienceHost_10.0.15063.675_neutral_neutral_cw5n1h2txyewy!App did not register with DCOM within the required timeout.
 
Error: (11/25/2017 04:19:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Online Connect Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (11/25/2017 04:19:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Online Connect service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (11/25/2017 04:19:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/25/2017 04:19:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/25/2017 04:19:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
Error: (11/25/2017 04:19:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-20 10:14:42.245
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-06 12:15:50.313
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-04 19:28:25.423
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-01 11:52:03.779
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-01 11:52:03.417
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-05-22 17:02:24.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 37%
Total physical RAM: 8128.85 MB
Available physical RAM: 5085.29 MB
Total Virtual: 16320.85 MB
Available Virtual: 13401.15 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:222.62 GB) (Free:30.79 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:746.52 GB) (Free:664.83 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:2047.98 GB) (Free:1714.33 GB) NTFS
Drive g: (Nov 23 2017) (CDROM) (Total:4.38 GB) (Free:4.06 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: 6B8C495A)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Here is a screen shot to what AVAST found 
 
 
 
 
 
 


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:19 PM

Posted 25 November 2017 - 07:13 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)
 

 

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds]Upon completion of the scan or after the reboot, two files named  mbar-log.txt and system-log.txt will be created. Both files can be found in the extracted MBAR folder on your Desktop.
Please attach both files in your next reply.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 bkn0x

bkn0x
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 25 November 2017 - 07:57 PM

Working on that now I downloaded it then had to rename it to be able to run it which worked whew log shortly



#4 bkn0x

bkn0x
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 25 November 2017 - 08:07 PM

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.11.25.05
  rootkit: v2017.10.14.01
 
Windows 10 x64 NTFS
Internet Explorer 11.726.15063.0
Brandon :: BRANDON-PC [administrator]
 
11/25/2017 5:56:57 PM
mbar-log-2017-11-25 (17-56-57).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 279832
Time elapsed: 5 minute(s), 12 second(s)
 
Memory Processes Detected: 6
C:\Users\Brandon\AppData\Local\imedftj\imedftj.exe (Trojan.Agent) -> 11292 -> Delete on reboot. [9d1c54b2aefc87afa5b053ca0002b44c]
C:\Users\Brandon\AppData\Local\imedftj\utccehx.exe (Adware.Yelloader) -> 2288 -> Delete on reboot. [3d7ca660c6e4dd59332e95d843beac54]
C:\Users\Brandon\AppData\Local\imedftj\utccehx.exe (Adware.Yelloader) -> 13080 -> Delete on reboot. [3d7ca660c6e4dd59332e95d843beac54]
C:\Users\Brandon\AppData\Local\imedftj\utccehx.exe (Adware.Yelloader) -> 1992 -> Delete on reboot. [3d7ca660c6e4dd59332e95d843beac54]
C:\Users\Brandon\AppData\Local\imedftj\utccehx.exe (Adware.Yelloader) -> 4116 -> Delete on reboot. [3d7ca660c6e4dd59332e95d843beac54]
C:\Users\Brandon\AppData\Local\imedftj\utccehx.exe (Adware.Yelloader) -> 3228 -> Delete on reboot. [3d7ca660c6e4dd59332e95d843beac54]
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 4
C:\WINDOWS\SYSTEM32\drivers\msidntfs.sys (Rootkit.Agent.PUA) -> Delete on reboot. [2e5a88d8f70f711724c62e2d3af6aba1]
C:\WINDOWS\SYSTEM32\drivers\volybehl.sys (Rootkit.Agent.PUA) -> Delete on reboot. [b1d5567c67c5772157c159eb801fb772]
C:\Users\Brandon\AppData\Local\imedftj\imedftj.exe (Trojan.Agent) -> Delete on reboot. [9d1c54b2aefc87afa5b053ca0002b44c]
C:\Users\Brandon\AppData\Local\imedftj\utccehx.exe (Adware.Yelloader) -> Delete on reboot. [3d7ca660c6e4dd59332e95d843beac54]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.15063 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.726.15063.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 8523714560, free: 5231808512
 
Downloaded database version: v2017.11.25.05
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     11/25/2017 16:45:20
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\system32\drivers\volbehko.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\drivers\aswVmm.sys
\SystemRoot\system32\drivers\aswRvrt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\aswbuniva.sys
\SystemRoot\system32\drivers\aswbloga.sys
\SystemRoot\system32\drivers\aswbidsha.sys
\SystemRoot\system32\drivers\msidntfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Users\Brandon\AppData\Local\Temp\ESEADriver2.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\ndisrfl.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\aswbidsdrivera.sys
\SystemRoot\system32\drivers\aswArPot.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\tap0901.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\iaLPSS2i_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\asmtxhci.sys
\SystemRoot\System32\drivers\iaLPSS2_UART2.sys
\SystemRoot\system32\drivers\SerCx2.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\parport.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\e1i63x64.sys
\SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys
\SystemRoot\System32\Drivers\msgpioclx.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\asmthub3.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\??\C:\WINDOWS\system32\drivers\3177F507.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.11.25.05
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffce0b1002b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffce0b0ff6c9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffce0b1002b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffce0b0dda1a40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffce0b0dda28a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffce0b0dda6060, DeviceName: \Device\0000003a\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File C:\WINDOWS\SYSTEM32\drivers\msidntfs.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\msidntfs.sys --> [Rootkit.Agent.PUA]
File C:\WINDOWS\SYSTEM32\drivers\volbehko.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\volbehko.sys --> [Rootkit.Agent.PUA]
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2884794802
    GPT Header CurrentLba = 1 BackupLba 468862127
    GPT Header FirstUsableLba 34  LastUsableLba 468862094
    GPT Header Guid 978ba28d-86d7-4362-9a5a-7084f6b44d5
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2884794802
    Backup GPT header CurrentLba = 468862127 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 468862094
    Backup GPT header Guid 978ba28d-86d7-4362-9a5a-7084f6b44d5
    Backup GPT header Contains 128 partition entries starting at LBA 468862095
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 7ab73961-ea2e-4c69-aba9-2e87698cacc8
    FirstLBA 2048  Last LBA 616447
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID bcf427a5-6aae-4607-a482-8d3ae424f9f4
    FirstLBA 616448  Last LBA 819199
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID bfe730fc-ee-49f2-ad58-21465cd49dee
    FirstLBA 819200  Last LBA 1081343
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 5d62e05d-2d8a-418d-8068-489ff7c5b46
    FirstLBA 1081344  Last LBA 467939327
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID b808cf4c-4dad-447f-a0f-3ba0f21b8eb2
    FirstLBA 467939328  Last LBA 468860927
    Attributes 1
    Partition Name                                     
 
Disk Size: 240057409536 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffce0b1002a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffce0b0ff709f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffce0b1002a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffce0b0dd9e040, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffce0b0dda1e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffce0b0dda4060, DeviceName: \Device\0000003b\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 6B8C495A
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 608933481
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid e3f70ec2-5e81-4b69-b73a-bac1d4c9da9c
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 608933481
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid e3f70ec2-5e81-4b69-b73a-bac1d4c9da9c
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 2ae0df02-c4dd-4df6-86b8-c39d358c1d20
    FirstLBA 2048  Last LBA 1565564927
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID a3222015-f252-4264-893e-2234d7f7a7ee
    FirstLBA 1565564928  Last LBA 1565597695
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 5c52c394-841a-4bf6-9a5e-f01060deb19a
    FirstLBA 1565597696  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 3000592982016 bytes
Sector size: 512 bytes
 
Done!
File "C:\Users\Brandon\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
Infected: C:\Users\Brandon\AppData\Local\imedftj\imedftj.exe --> [Trojan.Clicker]
Infected: C:\Users\Brandon\AppData\Local\imedftj\utccehx.exe --> [Adware.Yelloader]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.726.15063.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 8523714560, free: 5010706432
 
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     11/25/2017 16:56:35
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\system32\drivers\volbehko.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\drivers\aswVmm.sys
\SystemRoot\system32\drivers\aswRvrt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\aswbuniva.sys
\SystemRoot\system32\drivers\aswbloga.sys
\SystemRoot\system32\drivers\aswbidsha.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Users\Brandon\AppData\Local\Temp\ESEADriver2.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\ndisrfl.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\aswbidsdrivera.sys
\SystemRoot\system32\drivers\aswArPot.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\tap0901.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\iaLPSS2i_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\asmtxhci.sys
\SystemRoot\System32\drivers\iaLPSS2_UART2.sys
\SystemRoot\system32\drivers\SerCx2.sys
\SystemRoot\System32\drivers\parport.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\e1i63x64.sys
\SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys
\SystemRoot\System32\Drivers\msgpioclx.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\asmthub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\3177F507.sys
----------- End -----------
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\msidntfs.sys-k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\msidntfs.sys-u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\msidntfs.sys-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\msidntfs.sys-(1)-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\volbehko.sys-k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\volbehko.sys-u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\volbehko.sys-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\volbehko.sys-(1)-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\WINDOWS\SYSTEM32\drivers\msidntfs.sys...
Removing C:\WINDOWS\SYSTEM32\drivers\volbehko.sys...
Removing C:\Users\Brandon\AppData\Local\imedftj\imedftj.exe...
Removing C:\Users\Brandon\AppData\Local\imedftj\utccehx.exe...
Removal finished
Done!
 
Scan started
Database versions:
  main:    v2017.11.25.05
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffd50000d4c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffd50000c669f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffd50000d4c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffd50000325040, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffd50000326c40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffd5000032b060, DeviceName: \Device\0000003a\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2884794802
    GPT Header CurrentLba = 1 BackupLba 468862127
    GPT Header FirstUsableLba 34  LastUsableLba 468862094
    GPT Header Guid 978ba28d-86d7-4362-9a5a-7084f6b44d5
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2884794802
    Backup GPT header CurrentLba = 468862127 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 468862094
    Backup GPT header Guid 978ba28d-86d7-4362-9a5a-7084f6b44d5
    Backup GPT header Contains 128 partition entries starting at LBA 468862095
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 7ab73961-ea2e-4c69-aba9-2e87698cacc8
    FirstLBA 2048  Last LBA 616447
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID bcf427a5-6aae-4607-a482-8d3ae424f9f4
    FirstLBA 616448  Last LBA 819199
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID bfe730fc-ee-49f2-ad58-21465cd49dee
    FirstLBA 819200  Last LBA 1081343
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 5d62e05d-2d8a-418d-8068-489ff7c5b46
    FirstLBA 1081344  Last LBA 467939327
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID b808cf4c-4dad-447f-a0f-3ba0f21b8eb2
    FirstLBA 467939328  Last LBA 468860927
    Attributes 1
    Partition Name                                     
 
Disk Size: 240057409536 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffd50000d4b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffd50000ca69f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffd50000d4b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffd50000325e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffd50000326a40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffd50000329060, DeviceName: \Device\0000003b\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 6B8C495A
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 608933481
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid e3f70ec2-5e81-4b69-b73a-bac1d4c9da9c
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 608933481
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid e3f70ec2-5e81-4b69-b73a-bac1d4c9da9c
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 2ae0df02-c4dd-4df6-86b8-c39d358c1d20
    FirstLBA 2048  Last LBA 1565564927
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID a3222015-f252-4264-893e-2234d7f7a7ee
    FirstLBA 1565564928  Last LBA 1565597695
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 5c52c394-841a-4bf6-9a5e-f01060deb19a
    FirstLBA 1565597696  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 3000592982016 bytes
Sector size: 512 bytes
 
Done!
File "C:\Users\Brandon\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.15063 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.726.15063.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 8523681792, free: 4100308992
 
Downloaded database version: v2017.11.25.05
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     11/25/2017 17:56:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\system32\drivers\volybehl.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\msidntfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Users\Brandon\AppData\Local\Temp\ESEADriver2.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\ndisrfl.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\tap0901.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\iaLPSS2i_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\asmtxhci.sys
\SystemRoot\System32\drivers\iaLPSS2_UART2.sys
\SystemRoot\system32\drivers\SerCx2.sys
\SystemRoot\System32\drivers\parport.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\e1i63x64.sys
\SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys
\SystemRoot\System32\Drivers\msgpioclx.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\asmthub3.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\??\C:\WINDOWS\system32\drivers\3177F507.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.11.25.05
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff948be2e48060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffff948be2d588b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff948be2e48060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffff948be0b96040, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff948be0b8a230, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff948be0b8f060, DeviceName: \Device\0000003a\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File C:\WINDOWS\SYSTEM32\drivers\msidntfs.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\msidntfs.sys --> [Rootkit.Agent.PUA]
File C:\WINDOWS\SYSTEM32\drivers\volybehl.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\volybehl.sys --> [Rootkit.Agent.PUA]
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2884794802
    GPT Header CurrentLba = 1 BackupLba 468862127
    GPT Header FirstUsableLba 34  LastUsableLba 468862094
    GPT Header Guid 978ba28d-86d7-4362-9a5a-7084f6b44d5
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2884794802
    Backup GPT header CurrentLba = 468862127 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 468862094
    Backup GPT header Guid 978ba28d-86d7-4362-9a5a-7084f6b44d5
    Backup GPT header Contains 128 partition entries starting at LBA 468862095
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 7ab73961-ea2e-4c69-aba9-2e87698cacc8
    FirstLBA 2048  Last LBA 616447
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID bcf427a5-6aae-4607-a482-8d3ae424f9f4
    FirstLBA 616448  Last LBA 819199
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID bfe730fc-ee-49f2-ad58-21465cd49dee
    FirstLBA 819200  Last LBA 1081343
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 5d62e05d-2d8a-418d-8068-489ff7c5b46
    FirstLBA 1081344  Last LBA 467939327
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID b808cf4c-4dad-447f-a0f-3ba0f21b8eb2
    FirstLBA 467939328  Last LBA 468860927
    Attributes 1
    Partition Name                                     
 
Disk Size: 240057409536 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffff948be2e47060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffff948be2d5b9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff948be2e47060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffff948be0b96e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff948be0b89dd0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff948be0b8d060, DeviceName: \Device\0000003b\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 6B8C495A
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 608933481
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid e3f70ec2-5e81-4b69-b73a-bac1d4c9da9c
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 608933481
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid e3f70ec2-5e81-4b69-b73a-bac1d4c9da9c
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 2ae0df02-c4dd-4df6-86b8-c39d358c1d20
    FirstLBA 2048  Last LBA 1565564927
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID a3222015-f252-4264-893e-2234d7f7a7ee
    FirstLBA 1565564928  Last LBA 1565597695
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 5c52c394-841a-4bf6-9a5e-f01060deb19a
    FirstLBA 1565597696  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 3000592982016 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\Users\Brandon\AppData\Local\imedftj\imedftj.exe --> [Trojan.Agent]
Infected: C:\Users\Brandon\AppData\Local\imedftj\imedftj.exe --> [Trojan.Agent]
Infected: C:\Users\Brandon\AppData\Local\imedftj\utccehx.exe --> [Adware.Yelloader]
Infected: C:\Users\Brandon\AppData\Local\imedftj\utccehx.exe --> [Adware.Yelloader]
Infected: C:\Users\Brandon\AppData\Local\imedftj\utccehx.exe --> [Adware.Yelloader]
Infected: C:\Users\Brandon\AppData\Local\imedftj\utccehx.exe --> [Adware.Yelloader]
Infected: C:\Users\Brandon\AppData\Local\imedftj\utccehx.exe --> [Adware.Yelloader]
Infected: C:\Users\Brandon\AppData\Local\imedftj\utccehx.exe --> [Adware.Yelloader]
File "C:\Users\Brandon\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:19 PM

Posted 25 November 2017 - 08:19 PM

Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
Please download Zemana AntiMalware and save it to your Desktop.
  • Right-click on the icon and select Run as administrator to install the program.
  • Click Yes to accept the security warning.
  • Once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
  • Click on the Back button.
  • On the top right corner click on Reports icon (the one with three bars) and double click on the latest report.
  • Now click File > Save As, then choose your Desktop and click the Save button.
  • Please attach the saved report in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:19 PM

Posted 25 November 2017 - 08:21 PM

I will check on you tomorrow. Time to turn the Electrical Plant Off for the day.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 bkn0x

bkn0x
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 25 November 2017 - 09:27 PM

RogueKiller V12.11.25.0 (x64) [Nov 20 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Brandon [Administrator]
Started from : C:\Users\Brandon\Desktop\RogueKiller_portable64 (2).exe
Mode : Delete -- Date : 11/25/2017 18:31:53 (Duration : 00:36:54)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 1 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ESEADriver2 (\??\C:\Users\Brandon\AppData\Local\Temp\ESEADriver2.sys) -> Not selected
 
¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \QHPPDZHAQH -- C:\Users\Brandon\AppData\Roaming\297145ddfb7742a3a31f228f0e70d538\SilentCMD.exe NBZCJPBGOI.bat -> Not selected
[Suspicious.Path] \ZVHEZAIHEC -- C:\Users\Brandon\AppData\Local\Temp\979f786e4d94469394f7c2f975e8a514\SilentCMD.exe WSIVLBHMOE.bat -> Not selected
 
¤¤¤ Files : 2 ¤¤¤
[PUP.IPNinja][Folder] C:\Users\Brandon\AppData\Local\IPNinja -> Deleted
[PUP.IPNinja][File] C:\Users\Brandon\AppData\Local\IPNinja\ExitNode\exitnode.vbs -> Deleted
[PUP.IPNinja][Folder] C:\Users\Brandon\AppData\Local\IPNinja\ExitNode -> Deleted
[Adw.Wizzcaster][File] C:\Users\Brandon\Desktop\Rkill.txt -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ADATA SP550 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 819200 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1081344 | Size: 227958 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 467939328 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WDC WD30EZRX-00D8PB0 +++++
--- User ---
[MBR] b207a6eb67134b71edfed61bc42162f5
[BSP] 00b644fb2f9e92d912a4de1610699e59 : Empty MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 764435 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1565564928 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 1565597696 | Size: 2097136 MB
User = LL1 ... OK
User = LL2 ... OK


#8 bkn0x

bkn0x
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 25 November 2017 - 09:30 PM

Zemana AntiMalware 2.74.2.150 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/11/25
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i5-6500 CPU @ 3.20GHz
BIOS Mode              : UEFI
CUID                   : 121EFE8E1511245276FD82
Scan Type              : System Scan
Duration               : 1m 24s
Scanned Objects        : 221208
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : 4577F3DB98048F1FFD6A8CCA682C781F
Publisher          : -
Size               : 1940
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Related Objects    :
                Hosts file - Too many empty lines in Hosts file
                File - %systemroot%\system32\drivers\etc\hosts
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:19 PM

Posted 26 November 2017 - 12:26 PM

How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 bkn0x

bkn0x
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 26 November 2017 - 12:30 PM

doing well I think everything is out?



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:19 PM

Posted 26 November 2017 - 12:33 PM

Congratulations. :)

Use this application to remove some of the tools we use and their quarantine.

Please download DelFix by Xplode and save to your Desktop.
  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)
Always keep your antivirus active and updated.

Best regards, :)

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:19 PM

Posted 14 December 2017 - 03:53 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users